An agency is a service that creates agents on your behalf. The Provider API gives developers their own agency that they can use to provide SSI capabilities to their stakeholders.

Sovrin Glossary definition


An agent is a software program that controls wallets, keys, credentials, and other information on your behalf. Trinsic develops different kinds of agents to help you achieve your goals, whether as an organization issuing credentials or a person storing credentials on your phone. Instead of using the term "agent" in our products, we use more accessible terminology like "wallet" or "organization." Your Trinsic account enables you to create as many agents as you'd like. We call institutional/enterprise agents (capable of issuing and verifying credentials) organizations.

Sovrin Glossary definition


Attributes are the building blocks of credentials. They are a claim, trait, or property of an entity. Attributes are signed by the issuer of the credential so that they are verifiable by the verifier.

Sovrin Glossary definition


A connection is a peer-to-peer relationship using a pairwise key exchange. It is the most secure way to offer, issue, and verify credentials. The process of establishing connections is described in Aries RFC 0023: DID Exchange Protocol 1.0

Sovrin Glossary definition


A credential is a set of attributes about someone or something. Typically, credentials are digital versions of physical licenses, cards, documents, or certificates, but they can represent all kinds of abstract data. They are based on the W3C VC Data Model.

Sovrin Glossary definition

Credential API

A Trinsic product that amounts to the easiest way to exchange credentials. It is authenticated to using the access token from a specific organization. It has three primary functions:

  1. Credential exchange: issuance and verification
  2. Secure communication: connections and messaging
  3. Admin functions: credential templates, verification policies, etc.

Credential Definition

The technical artifact upon which credentials are based. It is a machine-readable semantic structure and includes cryptographic primitives required to facilitate credential issuance. It's based on an existing schema (or, a new schema can be created simultaneously with the credential definition). A new credential definition is created for every credential template an issuer creates.

Sovrin Glossary definition

Credential Exchange

Credential exchange is the general term used for credential issuance and/or verification.

Sovrin Glossary definition

Credential Offer

A credential offer is a message sent from an issuer to a holder containing the values of the credential it intends to issue. The credential won't be issued unless the holder accepts the issuer's offer. See issuance for more technical details.

Sovrin Glossary definition

Credential Template

A credential template is the term (and data model) used by Trinsic to make issuing credentials simple. All credentials are issued from a template. Behind the scenes, each template has a unique credential definition and an associated schema.

Decentralized Identifiers (DIDs)

A kind of identifier that is controlled by its subject (or assigns) and doesn't depend on a centralized registry, identity provider, or certificate authority. Each organization created in the Trinsic platform has a public DID written to the network it's setup on. Connections leverage pairwise, private DIDs to facilitate message exchange. Learn more at the Decentralized Identifiers W3C Spec Abstract.

Sovrin Glossary definition


DIDComm is the technical protocol used when two agents or wallets communicate. Trinsic's pricing model is based on DIDComm usage; we measure both incoming and outgoing DIDComm messages from any agent we're hosting on your behalf and charge for that usage based on the plan you've subscribed to. See more on our plans and pricing here.

Sovrin Glossary definition


A person, legal entity, or device that possesses a wallet which holds credentials.

Sovrin Glossary definition


An issuer is an agent that is set up for credential issuance. Every organization created in the Trinsic platform is an issuer by default.

Sovrin Glossary definition


An issuance is the action of sending a credential from one party to another. Trinsic's products make the process simple. Under the hood, it uses Aries RFC 0036: Issue Credential Protocol 1.0, which can be summarized in the following steps:

  1. Propose credential (optional)
  2. Offer credential
  3. Request credential
  4. Issue credential
  5. Ack (optional)


An organization is a Trinsic-hosted agent controlled by a legal entity and provisioned with the capability to engage in credential issuance and verification. It is synonymous with tenant in the Trinsic platform.


A predicate is a setting that implements selective disclosure or zero-knowledge proof. A predicate policy is a kind of verification policy that specifies the requirement and a predicate proof is a proof presentation that has responded to the predicate policy verification request.


A proof is the verified information that is shared from a credential, from one agent to another. It is the result of a verification.

Sovrin Glossary definition

Proof Request

A proof request is a message sent from a verifier to a holder outlining the information that it would like to verify. Every verification must start with a proof request that contains a unique cryptographic challenge to avoid replay attacks. See verification for more technical details.

Sovrin Glossary definition

Proof Presentation

A proof presentation is a message sent from a holder to the verifier responding to its request for information and cryptographic challenge. Herein, the holder uses credentials in its wallet to construct a proof and sends it to the verifier. See verification for more technical details.

Provider API

A Trinsic product that gives you your own agency, enabling you to become an SSI provider to your stakeholders. It is authenticated to using a secret key accessible via the Trinsic Studio. Its primary functions are to create, delete, and manage organizations.


Revocation is the act of an issuer invalidating a credential they've issued. The holder of the credential isn't notified and the credential can still be used. However, when it's used, the holder will be unable to prove it hasn't been revoked. This is similar to when a driver's license is revoked due to driving under the influence; although the holder of the credential can't use it to drive a vehicle, they still might use it to prove that they are over 21, for example (as long as the verifier is OK that it's revoked!).

Sovrin Glossary definition


A schema is an outline for what a credential should look like. It defines what attributes will go in the credential. Ideally, schemas will be reused as much as possible to facilitate interoperability.

Sovrin Glossary definition

Self-sovereign Identity (SSI)

Self-sovereign identity (SSI) is a movement that claims digital identity should be just as legitimate and nuanced as a person’s human identity, while being accessible to all, privacy-preserving, and not reliant on a single government or corporation. We have a whole blog post on this subject.

Sovrin Glossary definition


A tenant is synonymous with organization. It is an agent provisioned with the capability to issue or verify credentials. For the sake of clarity, our core products (Wallet / Studio) will only refer to "organizations".

Trinsic Studio

The Trinsic Studio is a web application that performs several important functions in the Trinsic platform.

  1. Enables developers to access API keys
  2. Facilitates secure payment details submission
  3. Enables non developers to build proof of concepts and demos
  4. Gives developers a GUI to interact with to view credential templates, verification policies, etc.
  5. Enables teams to collaborate on a single organization (coming soon!)

Trinsic Wallet

The Trinsic Wallet is a cross-platform mobile application that enables individuals to acquire a free generic SSI wallet. It provisions an agent locally on the device and leverages the secure enclave on device for key management. It also provides backup, restore, import, and export functionality. It is available on the App Store and the Google Play Store.

Trust over IP

Trust over Internet Protocol, or ToIP, is a play on the "Voice over IP" or "VoIP" terminology; it is an architecture internet-scale digital trust defined by the Trust over IP Foundation and Aries Concept 0289: The Trust Over IP Stack. Self-sovereign identity is a subset of Trust over IP focused on the human identification use case.

Verifiable Credentials (VCs)

See credential.


A verification is the general term used by Trinsic to describe the act of verifying or checking the legitimacy of a credential (or a proof). Our products abstract away a lot of this complexity, but the protocol we use under the hood is described in the Aries RFC 0037: Present Proof Protocol 1.0 and is summarized as follows:

  1. Propose proof (optional)
  2. Proof request
  3. Proof presentation
  4. Ack (optional)

Verification Policy

A verification policy is an attempt to map a trust decision to a data model. It's the structure that a verifier uses to specify what information it will accept from what credentials to meet its risk tolerance. We wrote a blog post about verification policies when we introduced them.

Verification Template

A verification template is the term (and data model) used by Trinsic to make verifying credentials simple. All verifications are sent from a template. Behind the scenes, each template comprises one or more verification policies.


A verifier is an agent that is set up for verifications. Every organization created in the Trinsic platform is a verifier by default.

Sovrin Glossary definition


Software that securely stores credentials. It also stores identifiers, proofs, messages, and other information exchanged between two agents.

Sovrin Glossary definition

Wallet API

A Trinsic product that gives an organization the ability to act as a custodian of its users' wallets. This API lets you create cloud agents that can hold credentials and respond to incoming messages like proof requests.