Trust Governance for Digital Identity: Beyond PKI to Policy-Driven Trust Frameworks
Public Key Infrastructure (PKI) is the cryptographic backbone of digital credentials. When a credential is signed, PKI tells you who signed it — which certificate authority, which key, which algorithm. If the signature checks out, the credential is cryptographically authentic.
But authenticity isn’t authorization. A credential can be cryptographically valid and still unauthorized. The certificate authority that signed a health credential may be a legitimate CA — but was the issuing organization authorized to issue health credentials in this jurisdiction? PKI can’t answer that question. Trust governance can.
The trust gap in PKI-only systems
Consider a digital identity ecosystem with 50 organizations issuing credentials. Each organization has a valid signing key, issued by a recognized certificate authority. A verifier receives a credential signed by Organization #37. PKI confirms: yes, Organization #37 signed this credential, and their certificate is valid.
But should Organization #37 be issuing this type of credential? Is Organization #37 a licensed healthcare provider authorized to issue health certificates? Or are they a professional licensing board that somehow obtained a signing key for health credentials? PKI doesn’t know. PKI validates cryptography, not policy.
In small ecosystems (1–5 issuers), this gap is managed informally — everyone knows who issues what. In large ecosystems (50+ issuers across multiple credential types), the gap becomes a governance problem that can’t be solved with phone calls and email chains.
What trust governance adds
A trust governance framework is a policy layer on top of PKI. It answers: which organizations are authorized to issue which credential types, under what conditions, in which jurisdictions, and for how long.
The KeyShare Digital ID Platform implements trust governance through the Trust Governance Service — a dedicated component that:
Manages organization attestations. Before an organization can issue credentials, it obtains an attestation from the Trust Governance Service. The attestation specifies: which credential types the organization can issue, which attributes they can include, which verification policies apply, and the attestation’s validity period. The attestation is cryptographically signed and machine-readable — verifiers can check it programmatically.
Enforces governance policies. When an organization attempts to issue a credential, the platform validates the request against the organization’s attestation. If the organization tries to issue a credential type it’s not authorized for, the request is rejected — before the credential is signed. Policy enforcement is automated, not advisory.
Enables dynamic trust. Attestations have validity periods. They can be renewed, suspended, or revoked. If a healthcare provider loses its accreditation, its attestation is revoked, and it can no longer issue health credentials — even though its signing key remains valid. Trust governance is dynamic; PKI is mostly static.
Supports hierarchical trust. Trust frameworks can be multi-level: a national trust framework governs regional frameworks, which govern sectoral frameworks. A provincial health ministry is authorized by the national health authority, which is authorized by the national trust framework. The chain is explicit, auditable, and machine-verifiable.
Why this matters for governments
A government launching a digital identity ecosystem will eventually need to authorize hundreds of organizations across multiple sectors to issue credentials. Without trust governance:
- There’s no systematic way to authorize new issuers.
- There’s no automated way to prevent unauthorized issuance.
- There’s no efficient way to revoke an issuer’s authorization.
- There’s no auditable record of who authorized whom.
Trust governance provides the institutional infrastructure for a credential ecosystem — the rules of who can do what, enforced by the platform, auditable by the government, and transparent to verifiers.
Trust governance is the enabler that makes ecosystem extensibility safe — without it, extensibility is a security risk.
