Skip to main content

Glossary of Terms

Important Notice: Glossary Under Development

Please be advised that the glossary provided herein is a dynamic document subject to ongoing updates by the Steering Committee. As such, the definitions and terms contained within may undergo modifications and additions to ensure accuracy and relevance. Users are encouraged to refer periodically for the most current version.

Purpose

This document serves as a comprehensive reference tool, providing clarity and consistency in understanding key terms and concepts used as part of the Intergovernmental Collaboration on Digital Trust and Credentials, the CANdy Network Governance Framework and its ancillary documents.

It leverages the glossaries provided by the Digital Identification and Authentication Council of Canada (DIACC) as well as Trust over IP, Sovrin, and Hyperledger Foundations as authoritative sources for digital trust terminology.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A

Administering Authority

The entity tasked with operating the management of a particular Governance Framework. The administering authority may or may not be the Governing Authority. For example, a government may be the governing authority for a governance framework administered by an NGO as the administering authority.

Agents

Agents refer to software components or entities that autonomously execute actions on behalf of individuals, organizations, or devices within a decentralized network. These agents are responsible for managing digital identities, facilitating secure communication, and executing transactions on distributed ledgers. They enable participants to interact and transact in a peer-to-peer manner while maintaining control over their personal data and digital interactions.

AnonCreds

AnonCreds, short for anonymous credentials, is a cryptographic protocol and technology that enables individuals to prove the validity of certain attributes or claims about themselves without revealing their full identity. Developed in the field of privacy-enhancing cryptography, AnonCreds allows users to obtain digital credentials from issuers, such as educational institutions or government agencies, and share information from those digital credentials without disclosing unnecessary personal information.

Attribute

An identity trait, property, or quality of an entity. Attributes can encompass a wide range of information, including personal details such as name, date of birth, address, and contact information, as well as other characteristics such as educational qualifications, professional certifications, affiliations, roles, permissions, or preferences.

Auditor

An individual or organization that performs accreditation on behalf of a Governing Authority.

Authentication

Authentication is the process of verifying the identity of a user or entity attempting to access a system, network, or resource. It ensures that the user is who they claim to be before granting access to the desired service or information. Authentication typically involves presenting credentials such as usernames, passwords, cryptographic keys, biometric data, or other forms of identification. The goal is to establish trust and protect against unauthorized access, ensuring that only authorized individuals or entities can gain entry to the system or resource.

  • Français: Authentification

Author

An author refers to the entity or participant responsible for creating and submitting a transaction to the distributed ledger. See also Author (verb)

Author (verb)

To Author refers to the act of generating a new transaction to the distributed ledger.

B

Blockchain

A blockchain serves as a decentralized and tamper-resistant ledger that securely records and manages identity-related transactions and interactions.

Blockchain's key characteristics, such as immutability, transparency, and decentralization, ensure the integrity and security of identity data. Each identity transaction, such as the issuance of credentials or the sharing of verifiable credentials, is cryptographically signed and recorded on the blockchain, providing a transparent and auditable trail of interactions.

Board Member

A Board Member refers to an individual that has been appointed to serve on the Governing Board. This individual represents their jurisdiction and is responsible for overseeing the operations, development, and decision-making processes related to the Intergovernmental Collaboration on Digital Trust and Credentials. The Governing Board is comprised of one (1) Board Member per participating jurisdiction.

  • Français: Membre du Conseil de gouvernance

C

CANdy

CANdy is the Canadian instance of a Hyperledger Indy implementation.

  • Français: CANdy

Claim

An assertion about an attribute of an entity. Examples of a claim include date of birth, height, government ID number, or postal address—all of which are possible attributes of an individual. A credential is comprised of a set of claims.

Community of practice (CoP)

Communities of practice are groups of people who share a common interest, profession, or passion and come together to collaborate, share knowledge, and learn from one another. These communities are characterized by their informal nature, as they typically arise organically based on shared goals, interests, or challenges.

  • Français: Communautés de pratique

Consensus Protocol

A consensus protocol refers to the mechanism used to achieve agreement among participants in the network regarding the validity of identity-related transactions and data.

The CANdy Network utilizes Plenum, an implementation of a Byzantine Fault Tolerance (BFT) algorithm. BFT algorithms are designed to achieve consensus even when some of the nodes are not operable or accessible.

Contextual Evidence of Identity

Contextual evidence of identity refers to the primary documents or information that serve as the basis for establishing an individual's identity within a specific context and for a specific purpose. Examples include provincially issued driver’s licenses, health insurance cards, and federally issued passports.

Credential

A credential is a representation of an attestation or a set of claims made about an individual, entity or thing. See also Verifiable Credential.

Credential Catalogue

A credential catalogue is a repository or database that stores information about various types of credentials issued within a particular system or framework.

Credential Definition (CredDef)

A machine-readable definition of the semantic structure of a credential based on one or more schemas.

Credential Type

A credential type refers to a category or classification that states the specification of the contents, properties, constraints, etc. that credentials of this type must have/comply with.

  • Français: Type d’attestation
  • Source: Trust over IP Glossary

Cryptographic Signature

A cryptographic signature is a digital signature generated using cryptographic techniques that provides authentication, integrity, and non-repudiation for digital documents, transactions, or messages. Cryptographic signatures are used to verify the authenticity and origin of data, ensuring that it has not been altered or tampered with and that it comes from the claimed sender.

Cryptographic signatures typically use public-key cryptography, where the signer uses their private key to generate the signature, and the verifier uses the signer's public key to verify the signature. This ensures that the signature can only be generated by the holder of the private key, providing strong security guarantees. Synonym: Digital Signature.

Cryptographic Trust

Trust in the cryptographic techniques and protocols used to secure and verify digital credentials, ensuring their authenticity and integrity. Cryptographic mechanisms, such as digital signatures and hash functions, provide cryptographic proofs that attest to the validity of credentials without revealing sensitive information.

D

Decentralized identifier (DID)

A decentralized identifier (DID) refers globally unique identifiers developed specifically for decentralized systems as defined by the W3C DID specification. DIDs enable interoperable decentralized self-sovereign identity management.

DID

Acronym for Decentralized Identifier.

DID Chain

A set of DIDs linked in a hierarchical model where each DID (except the root) digitally sign the next DID in the chain. DID chains can be verified for cryptographic trust by “walking the chain” back to the root of trust.

DID Communication (DIDCOMM)

DID communication refers to the exchange of information or messages between decentralized identifiers in a self-sovereign identity system. DID communication typically involves protocols and technologies that enable secure, peer-to-peer interactions between DIDs, ensuring privacy, integrity, and authenticity of the exchanged data. These communications can encompass various actions such as authentication, authorization, data sharing, and other interactions related to identity management. Synonyms: Agent-to-Agent Protocol.

DID Document

The machine-readable document to which a DID points as defined by the W3C DID specification. A DID document describes the public keys, service endpoints, and other metadata associated with a DID.

DID Method

A specification that defines a particular type of DID conforming to the W3C DID specification. A DID Method specifies both the format of the DID as well as the set of operations for creating, reading, updating, and deleting (revoking) it.

Digital Credential

A digital credential is a verifiable piece of information attesting to a specific aspect of an entity’s identity, qualifications, attributes, or permissions. These credentials are represented digitally and cryptographically signed by issuers, such as educational institutions, government agencies, or employers, ensuring their integrity and authenticity. Individuals and entities have control over their digital credentials and can selectively disclose them to others as needed, enhancing privacy and autonomy in managing their information. These credentials are typically stored in a digital wallet or repository, and their verifiability relies on decentralized and standardized protocols, ensuring interoperability across different systems and platforms.

Digital Wallet

A digital wallet is a software application or service that allows individuals to securely store, manage, and control their digital credentials and personal data. Similar to a physical wallet that holds cards and identification documents, a digital wallet holds digital representations of credentials, such as verifiable claims and attestations. These credentials are cryptographically signed by issuers and can include personal attributes, qualifications, affiliations, and permissions.

The digital wallet provides individuals with the ability to selectively disclose their credentials to verifiers or relying parties as needed, without relying on intermediaries or centralized authorities.

Digital Wallet Transactions

Digital wallet transactions refer to the exchange of verifiable credentials or identity-related information between individuals, organizations, or entities using a digital wallet application.

Digital Trust Ecosystem

An ecosystem of governed parties that interoperate to achieve a set of trust objectives online.

Distributed Ledger

A distributed ledger is a decentralized database that records and maintains a tamper-resistant, immutable ledger of verifiable data. Unlike traditional centralized databases, which are owned and operated by a single entity, distributed ledgers are distributed across a network of nodes, where each node maintains a copy of the ledger and participates in the validation and consensus process.

A distributed ledger serves as the foundation for the issuance of digital credentials and published DIDs in a self-sovereign identity system. It provides a secure and transparent infrastructure for verification of credentials. See also Verifiable Data Registry.

  • Français: Registre distribué

E

Endorsement

Endorsement refers to the process by which designated members or nodes in the network validate or approve a transaction or a block of transactions.

Endorser

An endorser refers to an entity that vouches for the validity or authenticity of a transaction before it is written to the distributed ledger. Transactions must be digitally signed by endorsers to be accepted by a validator node.

Endorser DID

An endorser DID, within the context of the CANdy Network, refers to an organizational group that has the responsibility and authority for managing which transactions are endorsed for that organization's jurisdiction.

Entity

A resource of any kind that can be uniquely and independently identified.

Evidence of Identity

An information record consisting of identity information and attributes maintained by an authoritative source that supports the integrity and accuracy of identity claims made by a subject. There are two categories of evidence of identity: Foundational and Contextual.

F

Foundational Evidence of Identity

Foundational evidence of identity refers to the primary documents or information that serve as the basis for establishing an individual's identity. These documents or information are typically considered the most reliable and authoritative sources of identity verification. Examples include birth certificates, proof of citizenship, and confirmation of permanent residence.

G

Governance Framework

The set of business, legal, and technical definitions, policies, and specifications by which the members of a trust network agree to be governed to achieve their desired objectives and levels of assurance.

Governing Authority

The Entity responsible for governing a particular governance framework. The governing authority may or may not be the administering authority. For example, a government may be the governing authority for a governance framework administered by an NGO as the administering authority.

Governing Board

The official governing body of the CANdy Network. The Governing Board is comprised of one representative per member jurisdiction.

  • Français: Conseil de gouvernance

Governed Role

An entity whose actors perform in a role defined in the CANdy Network Governance Framework.

H

Holder

A holder refers to an individual or entity that possesses and controls digital credentials or verifiable claims within their digital wallet or repository. The holder has the authority to manage and selectively disclose these credentials to verifiers or relying parties as needed in various interactions and transactions.

Hyperledger

An initiative of the Linux Foundation to develop open-source distributed ledger and blockchain technology.

Hyperledger Aries

An open-source project under the Hyperledger umbrella providing a toolkit for creating, managing, and exchanging verifiable digital credentials in decentralized identity systems.

Hyperledger Indy

An open-source project under the Hyperledger umbrella for decentralized self-sovereign identity.

I

Identity

Identity refers to the collection of attributes, characteristics, and qualities that define an individual or entity and distinguish them from others. It encompasses various aspects, including personal identifiers (such as name, date of birth, and biometric data), affiliations (such as memberships or roles), relationships, preferences, behaviours, and more. In the digital realm, identity often extends beyond physical characteristics to include digital representations and online activities. Identity can be self-defined or attributed by others, and it plays a crucial role in establishing trust, facilitating interactions, and enabling access to resources and services in both physical and digital environments.

Individual

In the context of self-sovereign identity systems, an individual refers to a person who possesses and controls their own digital identity. The term individual encompasses any natural person, such as a human being, who interacts within digital environments and requires a means to represent and manage their identity online.

Intergovernmental Collaboration Agreement

The Intergovernmental Collaboration Agreement refers to a formal agreement established between Canadian jurisdictions to collaborate on specific issues or initiatives of mutual interest. The Intergovernmental Collaboration Agreement outlines the terms, responsibilities, and objectives for cooperation among the participating governmental entities to facilitate the interoperability of digital credential solutions across Canada.

  • Français: Entente de collaboration intergouvernementale

Intergovernmental Collaboration on Digital Trust and Credentials

The Intergovernmental Collaboration on Digital Trust and Credentials is a pancanadian initiative aimed at advancing the development and adoption of digital trust frameworks and verifiable credential technologies within Canada. The collaboration brings together governments to establish common standards, protocols, and best practices for digital credential management. Members share a verifiable data registry, otherwise known as the CANdy Network.

  • Français: Collaboration intergouvernementale en matière de confiance et d'attestations numériques

Interoperability

Interoperability refers to the ability of different solutions, platforms, and components to seamlessly exchange and work together, regardless of their specific implementations or underlying technologies. It ensures that digital credentials, verifiable claims, and identity-related data can be shared, verified, and utilized across diverse systems and environments, without requiring extensive modifications or manual interventions.

Interoperability is crucial for the widespread adoption and scalability of self-sovereign identity systems, as it enables individuals, organizations, and systems to interact and transact securely and efficiently across various contexts, applications, and domains.

Interoperability Guidelines

An iterative set of documents that establish common standards across member jurisdictions of the Intergovernmental Collaboration Agreement. These guidelines address a range of elements including credential formats, communication protocols, cryptographic algorithms, metadata schemas, and semantic models to ensure seamless collaboration.

These guidelines are applicable by any Canadian jurisdiction seeking to offer digital trust services that are interoperable with the services of other Canadian jurisdictions.

  • Français: Lignes directrices d’interopérabilité

Issuer

An issuer refers to an entity that creates and issues digital credentials or verifiable claims to individuals or other entities. These credentials typically attest to specific attributes, qualifications, affiliations, or permissions associated with the subject of the credential. Issuers can include a variety of entities such as government agencies, educational institutions, employers, certification bodies, or any other trusted party capable of verifying and asserting information about individuals or entities.

Issuer DID

An issuer DID, within the context of the CANdy Network, refers to an organizational group that has the responsibility and authority for issuing a given credential for that organization's jurisdiction.

J

Jurisdiction

A jurisdiction refers to the geographical area or legal framework within which a particular authority, such as a government or legal system, has the power to administer laws and regulations.

Canada is a federation composed of multiple jurisdictions, including the federal government, provincial governments, and territorial governments. Each level of government has its own set of powers and responsibilities delineated by the Canadian Constitution.

  • Français: Jurisdiction

K

L

Ledger Reader

A ledger reader refers to an entity that has access to the ledger and the ability to read and interpret the transactions recorded on it. A ledger reader can be any software application, system, or individual that interacts with the distributed ledger to access information, query transactions, or perform analyses.

Level of Assurance

Level of assurance refers to the degree of confidence or certainty that can be placed in the identity of an individual or entity in an online transaction or interaction. It is a measure of the strength of authentication and verification processes used to establish and confirm someone's identity in the digital space. Commonly, a level of assurance is categorized into multiple levels, often ranging from low to high assurance, each corresponding to the level of confidence in the identity proofing and authentication methods employed.

  1. Level of Assurance 1: At this level, minimal identity verification is required, often relying on self-assertion or simple username/password combinations.
  2. Level of Assurance 2: At this level, additional verification steps are taken to confirm the identity of the individual, such as requiring knowledge-based authentication questions or using a two-factor authentication method.
  3. Level of Assurance 3: At this level, in-person or remote identity proofing, biometric authentication, or stronger cryptographic methods is required to establish and confirm identity.
  • Français: Niveau d’assurance

M

Machine-readable

Machine-readable refers to data or information that can be easily interpreted and processed by computers or machines without requiring human intervention. This typically involves organizing data in a structured format using standardized conventions or encoding schemes that computers can understand and manipulate. Machine-readable data enables automated processing, analysis, and exchange of information, facilitating efficient data management and interoperability between different systems and applications.

  • Français: Lisible par machine

Member

A member refers to the Canadian jurisdictions and other entities that have joined the Intergovernmental Digital Trust Collaboration. Members must be signatories of the Intergovernmental Collaboration Agreement to join the CANdy Network.

  • Français: Membre

N

Network Monitor

Network monitors refer entities or software components that are responsible for observing and analyzing the state of the distributed ledger. Network monitors have privileged read-only access to other nodes on the network, which must be utilized to monitor network health and assist stewards to maintain high availability. Any entity can act as a network monitor if they have been authorized by the trustee of their jurisdiction and adhere to the CANdy Network Governance Framework.

  • Français: Surveillant de réseau

Network Monitor DID

A network monitor DID refers to an organizational entity, such as the IT/DevOps/DevSecOps team within the CANdy Network, tasked with analyzing the state of the distributed ledger. A jurisdiction should be assigned no more than one (1) network monitor DID. Moreover, no other DID should be used for the purposes of network monitoring.

  • Français: DID d’un Surveillant de réseau

Node

A computer network server running an instance of the code necessary to operate a distributed ledger or blockchain.

Non-member

Non-members refer to organizations, individuals, and entities who do not play an active role in the management or the operation of nodes. Examples of non-members include issuers and ledger readers.

  • Français: Non-membre

O

Observer node

An observer node refers to a node that maintains a read-only copy of the distributed ledger.

Open source

Open source refers to software or projects that are publicly accessible, allowing users to view, modify, and distribute the source code freely. This approach fosters collaboration, transparency, and innovation within the software development community, as it enables individuals and organizations to contribute improvements, fix bugs, and customize the software to suit their needs.

Organization

A legal entity that is not a natural person (i.e., not an individual). Examples of organizations include sole proprietorships, partnerships, corporations, LLCs, associations, NGOs, cooperatives, governments, etc.

P

Party

A party refers to an entity that sets its objectives, maintains its knowledge, and uses that knowledge to pursue its objectives in an autonomous (sovereign) manner.

Permissioned DID

The distinction between permissioned and un-permissioned DIDs lies in the level of control and governance over the creation and management of these identifiers within the distributed ledger system. A permissioned DID is one that is issued and managed within a controlled environment where access and participation are restricted to authorized entities or participants.

Personal Information

Any factual or subjective information recorded or not, about an identifiable individual.

Predicate

A predicate refers to a mathematical statement or function that the holder (or prover) wants to demonstrate as true to the verifier without revealing any additional information beyond the validity of the statement itself. A common example includes proving that an individual is older than 18, without sharing their date of birth.

  • Français: Prédicat

Private Key

A private key refers to the half of a cryptographic key pair designed to be kept secret and known only to the owner.

Proof

A proof refers to a cryptographic verification of a credential or a claim. Two types of proofs are used in the Intergovernmental Collaboration on Digital Trust and Credentials Digital Trust Collaboration.

  1. Cryptographic Signatures
  2. Zero-Knowledge Proofs
  • Français: Preuve

Proof Request

A (signed) digital message that a verifier component sends to a holder component asking for specific data from one or more verifiable credentials that are issued by specific parties.

Public Key

A public key refers to the half of a cryptographic key pair designed to be shared with other parties to decrypt or verify encrypted communications from an entity.

Q

QR Code

A QR code is a type of two-dimensional barcode that contains encoded information related to an individual's identity, credentials, or other relevant data. QR codes are commonly used to facilitate the exchange of digital credentials between individuals, organizations, or devices in a secure and efficient manner. Users can scan QR codes using a mobile device or QR code reader, allowing them to quickly access and import identity-related information into their digital wallet without the need for manual entry.

  • Français: Code QR

R

Revocation

The act of an issuer revoking the validity of a credential or a claim.

Revocation registry

A revocation registry refers to a privacy-respecting cryptographic data structure maintained on a distributed ledger by an issuer to support the revocation of a credential or a claim.

S

Schema

A schema refers to a standardized set of rules, definitions, and data formats that define the structure and content of digital credentials or verifiable claims. Schemas provide a framework for representing specific types of identity attributes, qualifications, affiliations, or permissions in a consistent and interoperable manner.

Self-Sovereign Identity (SSI)

Self-sovereign identity refers to the concept where individuals have full control over their own digital identities without relying on centralized authorities.

Service Endpoints

A service endpoint refers to an addressable network location offering a service operated on behalf of an entity. As defined in the DID specification, a service endpoint is expressed as a URI (Uniform Resource Identifier).

Steering Committee in support of the Governing Board

The Steering Committee in support of the Governing Board is responsible for executing the deliverables set out in the Intergovernmental Collaboration Agreement and submitting recommendations to the Governing Board with regards to digital trust and credentials.

  • Français: Comité directeur en appui au Conseil de gouvernance

Steward

Stewards are trusted entities responsible for operating and maintaining the infrastructure of the distributed ledger system. They operate nodes, participate in the consensus process, and ensure the integrity and security of distributed ledger. Once permissioned by a trustee, stewards are authorized to write specific transactions on the distributed ledger.

Steward DID

A steward DID refers to an organizational entity, such as the IT/DevOps/DevSecOps team within the CANdy Network, tasked with the management and oversight of a node's hosting and administration. Each node is associated with a singular steward DID, meaning that the team receives a unique steward DID for every node under their ownership.

  • Français: DID d’un intendant

Subject

The subject of a credential is what the credential's attributes describe. The subject is often an individual or entity but may also be a relationship (e.g., delegation, ownership), an authorization, or some other intangible. If the credential is an identity document, its holder will be its subject.

  • Français: TBD

T

Transaction

A record of any type written to the verifiable data registry.

Trust

Trust refers to the confidence or belief that one party has in the reliability, integrity, and competence of another party. It is the foundation of relationships, interactions, and transactions between individuals, organizations, and entities.

In self-sovereign identity systems, trust refers to the confidence and reliance that individuals, entities, and systems place in the authenticity, integrity, and reliability of digital credentials, verifiable claims, and the overall identity network.

Trustee

A trustee refers to an entity or individual that is entrusted with certain responsibilities related to the management or oversight of the distributed ledger. These responsibilities might include validating transactions, maintaining the integrity of the ledger, participating in consensus mechanisms, or enforcing rules and protocols.

Trust Network

A trust network refers to a decentralized network of entities, such as individuals, organizations, or devices, that establish and maintain trust relationships by relying on digital credentials and cryptographic mechanisms.

Key characteristics include:

  1. Decentralization: The trust network is decentralized, meaning there is no single central authority controlling identity information. Instead, trust is distributed among network participants through cryptographic means such as the verifiable data registry (see also distributed ledger).
  2. Interoperability: Trust networks support interoperability between different identity systems and technologies, allowing individuals to use their digital credentials across various platforms, services, and applications.
  3. Verifiability: Digital credentials issued within a trust network are cryptographically verifiable, enabling relying parties to independently verify the authenticity and integrity of identity information without relying on centralized authorities.
  4. Selective Disclosure: Participants in a trust network have control over which aspects of their identity information they disclose to others in different contexts. This enables privacy-preserving interactions while still establishing trust between parties.
  • Français: Réseau de confiance

Trust over IP

Trust over IP (ToIP) is an initiative led by the Trust over IP Foundation which aims to establish a secure, interoperable, and privacy-respecting framework for digital trust. It seeks to create a universal and open infrastructure for trustworthy interactions on the internet, enabling individuals, organizations, and entities to securely exchange information and transact with confidence.

Trust over IP focuses on developing technical standards, protocols, and governance models that support decentralized digital trust ecosystems. It aims to address key challenges related to identity, privacy, security, and data integrity in digital interactions.

  • Français: Cadre de confiance numérique
  • Source: Trust over IP Glossary

Trust over IP Stack (ToIP Stack)

The two-sided, four-layer architecture for decentralized digital trust infrastructure defined by the Trust over IP Foundation.

  • Français: Architecture de confiance numérique
  • Source: Trust over IP Glossary

Trust registry

A repository which contains a machine-readable listing of approved governed parties deemed compliant by a governing authority over its attributable criteria of its governance framework.

  • Français: Registre de confiance
  • Source: Trust over IP Glossary

U

Un-permissioned DID

The distinction between permissioned and un-permissioned DIDs lies in the level of control and governance over the creation and management of these identifiers within the distributed ledger system:

An un-permissioned DID is one that is generated and managed in a decentralized, permissionless manner, where anyone can create and control their own DIDs without requiring explicit authorization.

V

Validator node

A node that validates new transactions and writes valid transactions to the distributed ledger using a consensus protocol.

Verifier

An entity that requests, receives, and validates verifiable credentials from a holder. Verifiers play a crucial role in identity transactions by assessing the trustworthiness and reliability of the information provided in digital credentials to make informed decisions within their own context (e.g., in a service interaction).

Verifiable Credential (VC)

A verifiable credential is a digital representation of information that is issued by one entity (the issuer) and can be verified by another entity (the verifier) to establish trust and authenticity. Verifiable credentials include a proof from the issuer.

  • Français: Attestation vérifiable
  • Source: Trust over IP Glossary

Verifiable Data Registry (VDR)

A verifiable data registry (VDR) is a decentralized database or ledger system designed to securely store and manage data while ensuring its integrity, authenticity, and transparency. It employs cryptographic techniques such as digital signatures and zero-knowledge proofs to verify the origin and validity of data entries. Each entry in the registry is time-stamped and immutable, making it tamper-proof and auditable.

The verifiable data registry is replicated and maintained by a decentralized network of nodes (servers) that work together to validate and record transactions by consensus. Each node in the network has a copy of the VDR, guaranteeing the transparency, robustness, and security of the data.

The verifiable data registry ensures that the credentials shared among the actors of the digital trust network are accurate, authentic, and unrevoked.

The ICDTC verifiable data registry is called the CANdy Network.

  • Français: Registre distribué

Verification Key

A verification key refers to a cryptographic key pair, consisting of a public key and a corresponding private key, that is used to verify digital signatures associated with the DID. When an entity presents a verifiable credential or makes a claim, they sign the data using their private key. Verifiers can then use the corresponding public key to verify the authenticity and integrity of the digital signature.

Verkey

Verkey is an abbreviation of the term verification key.

W

Working groups

Working groups are formed at the direction of the Steering Committee and must report to their respective jurisdictional member representatives.

The working groups are comprised of dedicated professionals with specialized knowledge in relevant fields such as data management, cybersecurity, governance, and software engineering from each participating jurisdiction.

Through regular meetings, coordination, and adherence to established protocols, these working groups ensure that the different components inherent to digital credential solutions (i.e., verifiable data registry, digital wallets, communication protocols) remain up to date with evolving technological standards and maintain the highest levels of data integrity and security.

  • Français: Groupes de travail

Write

To write or writing refers to the process of adding new data or transactions to the distributed ledger. This action involves creating a new entry or record that reflects a change in the state of the ledger.

Once validated, the transaction is submitted to the network for consensus. Consensus mechanisms are used to reach agreement among network participants on the validity and order of transactions. This ensures that all nodes in the distributed network maintain a consistent and tamper-resistant view of the ledger.

X

Y

Z

Zero-knowledge Proof (ZKP)

A zero-knowledge proof (ZKP) is a cryptographic technique used to prove the validity of a statement or a claim without revealing any specific details about the information being proven.