Building a Trust Environment: The Role of VDSIC

A Visible Digital Seal is only as trustworthy as the system behind it. A cryptographic signature proves that data has not been tampered with — but who verifies the verifier? How do we know that the entity that signed the seal is legitimate? The answer lies in the VDS trust infrastructure (the hierarchical system of trust lists — TSL/LoTL — managed by VDSIC).

What Is the VDS Trust Infrastructure?

The VDS trust infrastructure is the governance and PKI framework that underpins VDS trust. Concretely, it is a hierarchical system of signed trust lists — the Governance List (root LoTL) maintained by VDSIC, Scheme Lists by accredited Scheme Operators, and Trust Service Lists (TSL) by Certificate Authorities — that together define:

Who can issue Visible Digital Seals (authorised signers).
How their keys are managed — generation, distribution, rotation, and revocation.
How verification applications obtain and update the public keys needed to validate signatures.

Think of the VDS trust infrastructure as the “phonebook” of trusted issuers. When a verification app like Otentik Codes Reader scans a VDS, it looks up the signer's certificate in its local copy of the CEV to determine whether the issuer is recognised and the certificate is still valid.

The Trust Chain

The VDS trust infrastructure operates on a four-level hierarchical model — distinct from classic TLS PKI in that trust is distributed through signed lists rather than certificates embedded in apps:

Level 1 — VDSIC Governance Board (Governance List / Root LoTL)

At the top sits the VDSIC Governance Board, which publishes and signs the Governance List (root LoTL). This list is the entry point for all trust: it identifies accredited Scheme Operators and points to their Scheme Lists. Verification apps download the Governance List to bootstrap the entire trust chain.

Level 2 — Scheme Operators (Scheme Lists) and Certificate Authorities (TSL)

Each accredited Scheme Operator (e.g. Otentik T.S.O.) publishes a Scheme List pointing to its Trust Service Lists (TSL). Each TSL is maintained by a CA and lists the signing certificates of VDS Issuers. This delegation allows the trust model to scale without embedding every issuer’s certificate in every verification app.

Level 3 — VDS Issuers

At the leaf level, VDS Issuers create and sign VDS seals. Their signing certificates are issued by accredited CAs and listed in the relevant TSL, creating a fully traceable chain back to the VDSIC Governance List.

When Otentik Codes Reader verifies a VDS, it walks this chain: VDS Issuer → CA (TSL) → Scheme Operator (Scheme List) → VDSIC (Governance List). If every link is valid and trusted, the seal is authentic.

Key Management: The Heart of Trust

The security of the entire system depends on proper key management:

Key Generation

Signing keys are generated in secure environments — typically hardware security modules (HSMs) — that prevent key extraction. The private key never leaves the secure boundary.

Key Distribution

Public keys and certificates are distributed through the VDS trust lists. VDSIC publishes the Governance List (root LoTL); each Scheme Operator independently hosts its own Scheme List and TSLs (e.g. Otentik T.S.O. at trust.otentik.codes). Verification apps periodically sync these lists locally so new issuers are recognised promptly.

Key Rotation

Certificates have defined validity periods. Before a certificate expires, the issuer generates a new key pair and obtains a new certificate. Old certificates remain valid for verifying previously issued seals until they expire naturally.

Key Revocation

If a key is compromised or an issuer is no longer trusted, their certificate is revoked. Verification apps check revocation status through Certificate Revocation Lists (CRLs) or the Online Certificate Status Protocol (OCSP) when connectivity allows, and through periodic trust store updates for offline scenarios.

Governance: Rules of the Trust Framework

Technical infrastructure alone is not enough. The VDS trust infrastructure includes a governance framework that defines:

Membership criteria — Who qualifies to become a trusted issuer? What security audits must they pass?
Compliance requirements — What operational standards must issuers maintain? How frequently are they audited?
Dispute resolution — What happens when a verification fails due to a system error? How are complaints from citizens or organisations handled?
Liability allocation — Who is responsible if a fraudulent seal bypasses the system?

VDSIC acts as the governance body for the global VDS trust framework, setting policies and ensuring compliance across participating organisations and nations.

Why a Global Trust Environment Matters

Cross-Border Verification

A travel document issued in Brazil must be verifiable at a German border checkpoint. A health certificate from India must be accepted in Australia. The CEV makes this possible by providing a shared trust anchor that transcends national boundaries.

Scalability

As more organisations adopt VDS — from governments to universities to pharmaceutical companies — the number of issuers grows rapidly. The hierarchical trust list model scales gracefully: new issuers are added under existing CAs within their Scheme Operator’s TSL, and verification apps update their cached trust lists automatically.

Resilience

A distributed trust model means that the compromise of a single issuer does not undermine the entire system. The affected certificate is revoked, and all other issuers continue to operate normally. This isolation of failure is a fundamental advantage over centralised database-dependent systems.

VDSIC's Role in CEV Administration

VDSIC serves as the central coordinator of the global VDS trust infrastructure:

Trust list management — VDSIC maintains and signs the Governance List (root LoTL), the entry point for the entire trust hierarchy, identifying all accredited Scheme Operators.
Onboarding — New Scheme Operators, CAs, and Issuers are vetted and integrated into the trust hierarchy following established accreditation procedures.
Monitoring — VDSIC monitors the health of the trust environment, detecting anomalies and responding to incidents.
Evolution — As technology advances (e.g., post-quantum cryptography), VDSIC coordinates the migration of the VDS trust infrastructure to new algorithms and protocols.

Getting Involved

Whether you represent a government agency, a standards body, a technology provider, or an industry association, you can participate in building and strengthening the VDS trust environment. VDSIC welcomes new members who share our commitment to open, interoperable, and secure document verification.