{"id":47337211,"url":"https://github.com/universal-verify/trusted-issuer-registry","last_synced_at":"2026-03-17T22:02:25.216Z","repository":{"id":301372846,"uuid":"1008623371","full_name":"universal-verify/trusted-issuer-registry","owner":"universal-verify","description":"Registry of credential issuers sourced from various trust lists","archived":false,"fork":false,"pushed_at":"2026-02-19T09:36:05.000Z","size":828,"stargazers_count":1,"open_issues_count":1,"forks_count":1,"subscribers_count":0,"default_branch":"dev","last_synced_at":"2026-02-19T14:26:59.059Z","etag":null,"topics":["digital-credentials","digital-id","id-verification","identity-verification","mdoc","mobile-id","verifiable-credentials"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/universal-verify.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":"MAINTAINERS.md","copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"kalegd","patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"lfx_crowdfunding":null,"polar":null,"buy_me_a_coffee":null,"thanks_dev":null,"custom":null}},"created_at":"2025-06-25T20:48:17.000Z","updated_at":"2026-01-11T09:11:02.000Z","dependencies_parsed_at":null,"dependency_job_id":"5b146fd2-acf4-45cc-9a60-826e7ad332ff","html_url":"https://github.com/universal-verify/trusted-issuer-registry","commit_stats":null,"previous_names":["universal-verify/trusted-issuer-registry"],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/universal-verify/trusted-issuer-registry","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/universal-verify%2Ftrusted-issuer-registry","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/universal-verify%2Ftrusted-issuer-registry/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/universal-verify%2Ftrusted-issuer-registry/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/universal-verify%2Ftrusted-issuer-registry/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/universal-verify","download_url":"https://codeload.github.com/universal-verify/trusted-issuer-registry/tar.gz/refs/heads/dev","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/universal-verify%2Ftrusted-issuer-registry/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30633160,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-17T17:32:55.572Z","status":"ssl_error","status_checked_at":"2026-03-17T17:32:38.732Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["digital-credentials","digital-id","id-verification","identity-verification","mdoc","mobile-id","verifiable-credentials"],"created_at":"2026-03-17T22:02:09.932Z","updated_at":"2026-03-17T22:02:25.130Z","avatar_url":"https://github.com/universal-verify.png","language":"JavaScript","funding_links":["https://github.com/sponsors/kalegd"],"categories":[],"sub_categories":[],"readme":"# Trusted Issuer Registry\n\nA comprehensive registry of digital credential issuers sourced from authoritative trust lists. This registry provides cryptographically signed issuer metadata to enable secure digital credential verification across various platforms and applications.\n\n## Overview\n\nThe Trusted Issuer Registry aggregates and validates issuer information from multiple authoritative trust lists, including:\n\n- **[AAMVA DTS](https://www.aamva.org/identity/mobile-driver-license-digital-trust-service)** - American Association of Motor Vehicle Administrators' Digital Trust Service\n- **[UV](https://github.com/universal-verify/trust-list)** - Universal Verify's compilation of Apple recommended issuers for digital credential verification\n\nAll issuer data is cryptographically signed to ensure integrity and authenticity, providing a reliable foundation for digital credential verification systems.\n\n## Trust Model\n\nThis registry operates on a robust trust model designed for enterprise and financial applications:\n\n- **Cryptographic Verification**: All issuer metadata is signed using NIST P-256 (prime256v1) curve\n- **Immutable Audit Trail**: All changes are publicly auditable via GitHub's commit history\n- **Vetted Sources**: Only issuers from carefully vetted trust lists are included\n- **Transparent Governance**: Clear policies for inclusion, removal, and updates\n\nFor detailed information about our trust model and risk considerations, see:\n- [Trust Policy](TRUST_POLICY.md) - Criteria for upstream trust list inclusion\n- [Trust and Risk Model](TRUST_AND_RISK_MODEL.md) - Comprehensive threat model and mitigation strategies\n\n## Usage\n\n### NPM Module (Recommended)\n\nInstall the package:\n\n```bash\nnpm install trusted-issuer-registry\n```\n\nUse the JavaScript SDK:\n\n```javascript\nimport TrustedIssuerRegistry from 'trusted-issuer-registry';\n\nconst registry = new TrustedIssuerRegistry();\n\n// Get issuer by X.509 AKI\nconst issuer = await registry.getIssuerFromX509AKI('TprRzaFBJ1SLjJsO01tlLCQ4YF0');\nif (issuer) {\n    console.log('Issuer found:', issuer.display.name);\n    console.log('Entity type:', issuer.entity_type);\n    console.log('Certificates:', issuer.certificates.length);\n    //Verify signature of your digital credential against the issuer's certificates\n}\n\n// Check for deprecation notices\nconst endOfLifeDate = await registry.getEndOfLifeDate();\nif (endOfLifeDate) {\n    console.log('Registry will be deprecated on:', endOfLifeDate);\n}\n```\n\n### Direct HTTP Access\n\nYou can also access issuer data directly via HTTP requests to a CDN:\n\n```bash\n# Get issuer by X.509 AKI\ncurl https://cdn.jsdelivr.net/npm/trusted-issuer-registry@0.0/x509_aki/TprRzaFBJ1SLjJsO01tlLCQ4YF0.json\n\n# Check deprecation notice\ncurl https://cdn.jsdelivr.net/npm/trusted-issuer-registry@0.0/deprecation_notice.json\n```\n\nThe URL format is:\n```\nhttps://cdn.jsdelivr.net/npm/trusted-issuer-registry@{minor_version}/x509_aki/{x509aki}.json\n```\n\nReplace `{minor_version}` with the current minor version (e.g., `0.0`) and `{x509aki}` with the X.509 Authority Key Identifier.\n\n## Issuer Data Format\n\nEach issuer entry follows the schema defined in `trusted-issuer.schema.json`. Here's an example:\n\n```json\n{\n  \"issuer_id\": \"x509_aki:o6sbAJOdtI7_VxKIDCy1e7kIXaM\",\n  \"entity_type\": \"government\",\n  \"entity_metadata\": {\n    \"country\": \"US\",\n    \"region\": \"AZ\",\n    \"government_level\": \"state\",\n    \"official_name\": \"Arizona Department of Transportation\"\n  },\n  \"display\": {\n    \"name\": \"Arizona Department of Transportation\"\n  },\n  \"certificates\": [\n    {\n      \"data\": \"-----BEGIN CERTIFICATE-----\\n...\",\n      \"format\": \"pem\",\n      \"trust_lists\": [\"uv\", \"aamva_dts\"]\n    }\n  ],\n  \"signature\": \"...\"\n}\n```\n\n### Fields Explained\n\n- **`issuer_id`**: Unique identifier used by digital credentials to reference issuers/certificates\n- **`entity_type`**: Type of organization (government, commercial, educational, etc.)\n- **`entity_metadata`**: Additional metadata about the entity\n- **`display`**: Human-readable display information\n- **`certificates`**: Array of certificates using the given AKI\n- **`trust_lists`**: Source trust lists that vouch for this issuer\n\nFor the complete schema definition, see [trusted-issuer.schema.json](trusted-issuer.schema.json).\n\n## Versioning and Deprecation\n\nThe registry uses semantic versioning with the following approach:\n\n- **Minor version updates** indicate schema changes or breaking updates\n- **Deprecation notices** are published for old minor versions 90 days in advance of its end-of-life date\n- **Old minor versions** will continue to receive issuer updates until the end-of-life date\n\n### Checking for Deprecation\n\n```javascript\nconst registry = new TrustedIssuerRegistry();\nconst endOfLifeDate = await registry.getEndOfLifeDate();\n\nif (endOfLifeDate \u0026\u0026 endOfLifeDate \u003c new Date()) {\n    console.warn('This registry version has been deprecated');\n}\n```\n\nOr check directly:\n\n```bash\ncurl https://cdn.jsdelivr.net/npm/trusted-issuer-registry@0.0/deprecation_notice.json\n```\n\nThe deprecation notice format is:\n\n```json\n{\n  \"end_of_life\": 1761782400\n}\n```\n\nWhere `end_of_life` is a Unix timestamp in seconds indicating when the current version will be deprecated.\n\n## Future Support\n\nCurrently, the registry supports X.509 certificate-based issuers. Support for W3C Decentralized Identifiers (DIDs) will be added as trusted issuers begin adopting this standard.\n\n## Security Considerations\n\n- All issuer data is cryptographically signed\n- [Signing certificate](public_signing_cert.pem) for verification is included in the package\n- Transparent change control via GitHub pull requests\n\n## Contributing\n\nWe welcome contributions from the community. Please see our [Trust Policy](TRUST_POLICY.md) for information about requesting support for new trust lists.\n\nAre you a security expert or a company with a security team? We'd love to list you as a contributor in this README in exchange for a security review.\n\n## License\n\nThis project is licensed under the Mozilla Public License 2.0.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Funiversal-verify%2Ftrusted-issuer-registry","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Funiversal-verify%2Ftrusted-issuer-registry","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Funiversal-verify%2Ftrusted-issuer-registry/lists"}