TRAIN (Trust Management Infrastructure)

TRAIN provides components for a global trust infrastructure that can be used to verify the inclusion of an issuer (e.g. of Self-sovereign Identity Credentials) in a certain trust scheme.

The approach allows for the flexible definition, consideration and publication of trust lists as well as the verification of trust scheme compliance (e.g., eIDAS including LoAs or other Trust Schemes that can also be application/industry-specific) with different Levels of Assurance (LoA), using DNS as a root anchor. TRAIN aims to leverage this to support SSI infrastructures through a global trust infrastructure that can be used to verify the trustworthiness of issuers. The trust layer enables actors to verify the root of trust of credentials. It is not dependent on a hierarchical CA infrastructure.

The trust layer is flexible: individual parties can define their own trust policies, manage, and apply them. Individuals or groups (industry organizations, NGOs, etc.) of verifiers can define for themselves the trust standards they require, publish trust schemes and trust lists of issuers that adhere to their trust scheme. No central authority is established, everyone can issue certificates/credentials, but TRAIN facilitates individual trust decisions through the discovery of trust lists and automation of policies. Established Trust Schemes (eIDAS, Pan Canadian Trust Framework, but also self-defined schemes and policies) can be integrated.

TRAIN is fully in line with the open and decentral SSI approach and complements other methods that establish cryptographic trust. It is being developed in the NGI ESSIF-Lab Project ( and its components build on results of the EU project LIGHTest ( Results will be open sourced.


Please find the API at:

Additional Information and Contact

Additional material can be found at the project Gitlab:

michael.kubach [ at ]

isaac-henderson.johnson-jeyakumar [ at ]