TRAIN provides components for a flexible and cross-domain trust infrastructure that can be used to verify the inclusion of an entity (e.g. an Issuer of Self-sovereign Identity Credentials) in a certain trust framework (also known as Trust Scheme).
The approach allows for the flexible definition, consideration and publication of trust lists as well as the verification of trust framework compliance (e.g., eIDAS including LoAs or other trust framework/schemes that can also be application/industry-specific) with different Levels of Assurance (LoA), using DNS(SEC) as a root trust anchor. TRAIN aims to leverage this to support SSI/decentralized identity infrastructures through a global trust infrastructure that can be used to verify the trustworthiness of entities in the ecosystem. It is neither dependent on a hierarchical CA infrastructure nor on a specific distributed ledger.
The trust layer is flexible: individual entities can define their own trust policies, manage, and apply them. Individuals or groups (industry organizations, NGOs, etc.) of entities can define for themselves the trust standards they require, establish trust frameworks and publish trust lists of entities that adhere to their trust framework. Cross-referencing of trust frameworks is possible. No central authority is established, anyone can issue certificates/credentials and set up their own trust frameworks, but TRAIN facilitates individual trust decisions through the defined discovery of trust lists via the established and widely accepted mechanism of the DNS. Established trust frameworks (eIDAS, Pan Canadian Trust Framework, but also self-defined frameworks and policies) can be integrated.
TRAIN has demonstrated that it can be used to verify the trust in issuers of verifiable credentials (VCs) adhering to the W3C Data Model, to verify credential schemas, as well as verifiers. A concept leveraging TRAIN to verify wallet conformance has been presented.
TRAIN is fully in line with the open and decentral SSI approach and complements other methods that establish cryptographic trust. As this it has been mentioned in the implementation considerations of the OpenID Connect for Verifiable Presentations (OpenID4VP) specification. TRAIN builds on work in the EU-funded projects LIGHTest, NGI ESSIF-Lab TRAIN, NGI Atlantic "Next Generation SSI Standards" where it has been piloted with a number of partners. Its components are Open Source under Apache 2.0 license.
Additional material can be found at the ESSIF-Lab project Gitlab: https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer
The API at: https://app.swaggerhub.com/apis/train8/atv/1.0.0
michael.kubach [ at ] iao.fraunhofer.de
isaac-henderson.johnson-jeyakumar [ at ] iao.fraunhofer.de
https://www.hci.iao.fraunhofer.de/de/identity-management.html
Fraunhofer IAO (2023) | Publishing Notes