Trusted Issuers Registry

When to use

You want to add or remove issuers from your trust list.

Steps

1. Navigate to /verifier/trust/issuers. 2. Click Add issuer.
2. Enter the issuer DID, a label, and the schemas you accept from this issuer.
3. Save.

API

(verifier.go:188 / 244 / 292, router.go:170-175 guarded by RequireRoles("verifier").)

$
curl -X POST https://adid.dev/api/v1/verifier/trusted-issuers \
>
  -H "Authorization: Bearer $ACCESS_TOKEN" \
>
  -H "Content-Type: application/json" \
>
  -d '{
>
    "issuerDid":"did:adi:0xUniv...",
>
    "label":"Acme University",
>
    "acceptedSchemas":["schema-uuid-1","schema-uuid-2"]
>
  }'

Verify

The issuer appears in /verifier/trust/issuers. Future verifications against credentials from this issuer will set checks.trustedIssuer.ok: true.

Troubleshooting

5.5.2. Schema-to-Issuer Mapping ##### Concept

The mapping says: “I trust X to issue Y”. A VC is verified-and-trusted only when issuer + schema match the mapping. Without explicit mapping, the platform falls back to a permissive default (“any trusted issuer for any of their accepted schemas”).

API (read-only)

$
curl https://adid.dev/api/v1/verifier/schema-issuer-mapping \
>
  -H "Authorization: Bearer $ACCESS_TOKEN"

(verifier.go:476, router.go:167.)

Response:

1
[
2
  { "schemaId":"schema-uuid-1", "issuerDid":"did:adi:0xUniv...", "label":"Acme University → UniversityDegree" },
3
  { "schemaId":"schema-uuid-2", "issuerDid":"did:adi:0xGov...",  "label":"DMV → DriversLicense" }
4
]

Editing

Schema-issuer pairs are managed via the same trusted-issuers endpoints (the acceptedSchemas array on each row). To add a new pair, either:

1. POST a new trusted issuer with the schema in acceptedSchemas, or
2. Update an existing trusted issuer’s acceptedSchemas (PUT — implementation may vary; see verifier.go).

5.5.3. Compliance VCs ##### Concept

A Compliance VC is a verifiable credential held by an issuer, asserting their compliance with a regulatory regime (e.g., ISO 27001, SOC 2, eIDAS Qualified Trust Service Provider). Verifiers consume these to make policy decisions automatically.

API (read-only)

$
curl "https://adid.dev/api/v1/verifier/compliance-vcs?did=did:adi:0xUniv..." \
>
  -H "Authorization: Bearer $ACCESS_TOKEN"

(verifier.go:467, router.go:166.)

Response:

1
{
2
  "issuerDid":"did:adi:0xUniv...",
3
  "complianceVcs":[
4
    { "type":"ISO27001Compliance",      "issuedBy":"did:adi:0xAuditor1...", "validUntil":"2027-01-01T00:00:00Z" },
5
    { "type":"GDPRControllerStatement", "issuedBy":"did:adi:0xDPA...",      "validUntil":"2026-12-31T00:00:00Z" }
6
  ]
7
}

Using compliance VCs in policy

Configure your verifier policy to require a specific compliance VC type before accepting credentials from an issuer. The portal page /verifier/trust/compliance lets you set required compliance per schema.

💡 Tip — A common pattern: require eIDAS-QTSP for any VC type used in EU regulated flows; require KYC-Provider-Cert for any KYC credential. The Verification Engine reads these requirements and stamps checks.complianceMet: true|false on the result envelope.

Troubleshooting