Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.didx.co.za/llms.txt

Use this file to discover all available pages before exploring further.

The three roles

RoleWho it isWhat they do
IssuerA university, employer, government department, or platform that creates credentialsSigns credentials and offers them to a holder
HolderThe user, via their walletHolds credentials and consents to share them with verifiers
VerifierA bank, employer, marketplace, or platform that consumes credentialsRequests credentials and validates them
A single organisation can play multiple roles over time. A university issues student cards (issuer). A bank verifies them when the student opens an account (verifier). The student holds them in their wallet throughout (holder). When designing your integration, identify which roles you will play, because that determines which of the three APIs you’ll use most.

How information flows

A typical flow involves two of the three roles at a time. Issuance is between an issuer and a holder. Verification is between a holder and a verifier. The trust relationship between issuer and verifier is established cryptographically, not through a live API call between them.
The trust diamond: issuer, holder, verifier connected around a Verifiable Data Registry.
Walking through the steps: Three things to notice:
  • The issuer is not contacted at verification time. The verifier confirms the credential cryptographically.
  • The verifier defines what to ask for. The holder decides whether to share and, if multiple credentials satisfy the request, which credential to present.
  • Trust flows through cryptographic signatures and a list of trusted issuers, not through live API lookups between companies.

Which role decides what

A common question: “who controls the data?” Each role owns a different part of the decision.
DecisionOwned by
What attributes a credential containsIssuer (via the credential template)
Which attributes are always visible vs. optional (SD-JWT only)Issuer (via alwaysDisclosed)
Whether to accept or reject an offered credentialHolder
Whether to share a credential in response to a presentation request, and which credential to present when multiple satisfy the requestHolder
What a presentation request asks forVerifier
Which issuers to trustVerifier, by linking trusted entities to credentials within a presentation template
Whether a presented credential passes verificationVerifier, by cryptographic rule
The design principle: issuers say what’s possible, holders decide what’s shared, verifiers define what’s asked and what’s accepted.