Core Feature

Decentralized Identity & Credentials

DRD gives every AI agent a cryptographically verifiable identity using W3C Decentralized Identifiers (DIDs) and Verifiable Credentials v2.0. This enables trust verification, selective disclosure, and portable reputation across platforms.

W3C Verifiable Credentials v2.0

DRD issues W3C Verifiable Credentials (VC) v2.0 to attest to an agent's identity, trust score, and compliance status. VCs are cryptographically signed, tamper-evident, and machine-verifiable without contacting the issuer.

Tamper-Evident

Ed25519 digital signatures ensure credentials cannot be modified after issuance.

Self-Sovereign

Agents hold their own credentials. No central authority controls access.

Revocable

Credentials can be revoked in real-time via W3C Status List 2021.

Verifiable Credential Structure

verifiable-credential.json

{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://drd.io/ns/credentials/v1"
  ],
  "id": "urn:uuid:019vc-a1b2-c3d4-e5f6-789012345678",
  "type": ["VerifiableCredential", "TrustBadge"],
  "issuer": "did:drd:platform",
  "validFrom": "2026-02-13T12:00:00Z",
  "validUntil": "2026-03-15T12:00:00Z",
  "credentialSubject": {
    "id": "did:drd:01956abc-def0-7890-abcd-1234567890ab",
    "trustScore": 87,
    "tier": "gold",
    "compliance": ["GDPR", "EU-AI-Act"],
    "capabilities": ["content-analysis", "image-classification"]
  },
  "credentialStatus": {
    "id": "https://api.drd.io/api/v1/vc/status/1#42",
    "type": "StatusList2021Entry",
    "statusListIndex": "42",
    "statusListCredential": "https://api.drd.io/api/v1/vc/status/1",
    "statusPurpose": "revocation"
  },
  "proof": {
    "type": "Ed25519Signature2020",
    "created": "2026-02-13T12:00:00Z",
    "verificationMethod": "did:drd:platform#key-1",
    "proofPurpose": "assertionMethod",
    "proofValue": "z3FXQjecWufY46yG7FQ8sK..."
  }
}

Decentralized Identifiers (DIDs)

Every agent in DRD is assigned a Decentralized Identifier (DID) using the did:drd: method. DIDs provide a globally unique, cryptographically verifiable identifier that is not tied to any centralized registry.

DID Document

did-document.json

{
  "@context": [
    "https://www.w3.org/ns/did/v1",
    "https://w3id.org/security/suites/ed25519-2020/v1"
  ],
  "id": "did:drd:01956abc-def0-7890-abcd-1234567890ab",
  "verificationMethod": [{
    "id": "did:drd:01956abc-...#key-1",
    "type": "Ed25519VerificationKey2020",
    "controller": "did:drd:01956abc-...",
    "publicKeyMultibase": "z6Mkf5rGMoatrSj1f4CyvuHBeXJELe9RPdzo2PKGNCKVtZxP"
  }],
  "authentication": ["did:drd:01956abc-...#key-1"],
  "assertionMethod": ["did:drd:01956abc-...#key-1"],
  "service": [{
    "id": "did:drd:01956abc-...#agent-api",
    "type": "AgentService",
    "serviceEndpoint": "https://api.drd.io/api/v1/agents/01956abc-..."
  }, {
    "id": "did:drd:01956abc-...#badge",
    "type": "TrustBadgeService",
    "serviceEndpoint": "https://api.drd.io/api/v1/badge/01956abc-..."
  }]
}

Key Rotation

DID documents support key rotation. Add new verification methods and deprecate old ones without changing the agent's identity.

Service Endpoints

DID documents include service endpoints for API access, badge verification, and credential presentation.

Credential Lifecycle

Verifiable Credentials follow a well-defined lifecycle from issuance to potential revocation. Each stage is recorded in the event sourcing audit trail.

Issue

The DRD platform issues a Verifiable Credential to an agent based on its trust score and compliance status.

Hold

The agent (holder) stores the credential in its DID-linked wallet. The credential is cryptographically bound to the agent's DID.

Present

When interacting with external services, the agent presents its credential as proof of verification and trust level.

Verify

Any party can verify the credential by checking the Ed25519 signature, issuer DID, expiration, and revocation status.

Revoke

If an agent violates policies or its trust score drops, the credential is revoked via a status list update.

Badge Tiers

DRD assigns trust badges based on an agent's verified trust score. Each tier represents a different level of verification and compliance, communicated through the "PROTECTED BY DRD" badge.

Bronze

60+

Basic verification. Agent meets minimum compliance requirements.

Silver

70+

Standard verification. Agent demonstrates consistent policy adherence.

Gold

85+

Premium verification. Agent has an excellent track record of compliance and transparency.

Government

95+

Highest tier. Reserved for agents meeting government-grade security and compliance standards.

Ed25519 Cryptographic Signatures

All DRD credentials are signed using Ed25519 (EdDSA over Curve25519). Ed25519 provides high-performance signatures with strong security guarantees, compact key sizes (32 bytes), and deterministic signature generation.

Property	Value
Algorithm	Ed25519 (EdDSA)
Curve	Curve25519
Public Key Size	32 bytes
Signature Size	64 bytes
Security Level	~128-bit equivalent
Suite	Ed25519Signature2020
Key Encoding	Multibase (base58-btc, prefix 'z')

Credential Schema & Claims

DRD credentials follow a defined schema that specifies the claims included in each credential type. This ensures interoperability and consistent verification across different platforms and verifiers.

TrustBadge Credential Schema

trust-badge-schema.json

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://drd.io/schemas/TrustBadge/v1",
  "type": "object",
  "required": ["trustScore", "tier"],
  "properties": {
    "trustScore": {
      "type": "integer",
      "minimum": 0,
      "maximum": 100,
      "description": "Agent trust score (0-100)"
    },
    "tier": {
      "type": "string",
      "enum": ["bronze", "silver", "gold", "government"],
      "description": "Badge tier based on trust score"
    },
    "compliance": {
      "type": "array",
      "items": { "type": "string" },
      "description": "List of compliance frameworks met"
    },
    "capabilities": {
      "type": "array",
      "items": { "type": "string" },
      "description": "Verified agent capabilities"
    },
    "evaluatedAt": {
      "type": "string",
      "format": "date-time",
      "description": "Timestamp of last trust evaluation"
    }
  }
}

Zero-Knowledge Proofs for Selective Disclosure

DRD supports zero-knowledge proofs (ZKPs) that allow agents to prove specific claims without revealing the full credential. For example, an agent can prove it has a Gold badge without disclosing its exact trust score.

What can be disclosed

Badge tier (without exact score)
Score above threshold (e.g., >85)
Compliance with specific frameworks
Credential validity (not expired/revoked)

What stays private

Exact trust score value
Score component breakdown
Full list of capabilities
Agent internal metadata

Selective Disclosure Request

selective-disclosure.json

{
  "type": "SelectiveDisclosureRequest",
  "requiredClaims": [
    {
      "claimType": "tier",
      "reason": "Verify agent meets minimum trust tier"
    },
    {
      "claimType": "trustScore",
      "predicate": ">=",
      "value": 85,
      "reason": "Verify agent exceeds score threshold"
    }
  ],
  "verifier": "did:web:partner-platform.example.com"
}

Credential Status Checks

DRD uses W3C Status List 2021 for efficient credential revocation checks. Instead of querying the issuer for each verification, verifiers download a compressed bitstring that encodes the revocation status of all credentials.

Status List Credential

status-list.json

{
  "@context": ["https://www.w3.org/ns/credentials/v2"],
  "id": "https://api.drd.io/api/v1/vc/status/1",
  "type": ["VerifiableCredential", "StatusList2021Credential"],
  "issuer": "did:drd:platform",
  "validFrom": "2026-02-13T00:00:00Z",
  "credentialSubject": {
    "id": "https://api.drd.io/api/v1/vc/status/1#list",
    "type": "StatusList2021",
    "statusPurpose": "revocation",
    "encodedList": "H4sIAAAAAAAAA-3BMQEAAAjAoMa..."
  }
}

Real-Time Updates

Status lists are updated within seconds of a revocation. Cached copies have a 5-minute TTL.

Privacy-Preserving

Bitstring encoding prevents verifiers from learning about other credentials in the list.

Offline-Capable

Verifiers can cache status lists and verify credentials without real-time network access.

Custom Cryptographic Layer

DRD's decentralized identity layer uses a custom W3C VC 2.0 implementation built on @noble/curves for Ed25519 signatures — zero dependency on heavy frameworks, with full control over key management and credential lifecycle.

DID Management

Create, update, and resolve DIDs using the did:drd: method. Custom key management with Ed25519 via @noble/curves.

Credential Operations

Issue, verify, and revoke W3C VCs using custom Ed25519 signatures via @noble/curves — lightweight and auditable.

Data Store

Credentials and DIDs are stored in DRD's event-sourced data store with full audit trail.

Extensible Architecture

Modular design allows adding new DID methods, credential types, and verification suites without framework lock-in.

Issuing a Credential

Use the DRD SDK to issue a Verifiable Credential to an agent. The platform signs the credential with its Ed25519 key and returns the full VC.

issue-credential.ts

import { DRDClient } from "@drd.io/sdk";

const drd = new DRDClient({
  apiKey: process.env.DRD_API_KEY!,
  workspaceId: "ws-019...",
});

// Issue a TrustBadge credential to an agent
const credential = await drd.vc.issue({
  subjectDid: "did:drd:01956abc-def0-7890-abcd-1234567890ab",
  type: "TrustBadge",
  claims: {
    trustScore: 87,
    tier: "gold",
    compliance: ["GDPR", "EU-AI-Act"],
    capabilities: ["content-analysis", "image-classification"],
  },
  validityDays: 30,
});

console.log(`Credential issued: ${credential.id}`);
console.log(`Type: ${credential.type.join(", ")}`);
console.log(`Valid until: ${credential.validUntil}`);
console.log(`Proof type: ${credential.proof.type}`);
// => "Credential issued: urn:uuid:019vc-a1b2-..."
// => "Type: VerifiableCredential, TrustBadge"
// => "Valid until: 2026-03-15T12:00:00Z"
// => "Proof type: Ed25519Signature2020"

Verifying a Badge

Verify a credential's signature, issuer, expiration, and revocation status. The SDK handles the full verification pipeline including status list checks.

verify-badge.ts

import { DRDClient } from "@drd.io/sdk";

const drd = new DRDClient({
  apiKey: process.env.DRD_API_KEY!,
  workspaceId: "ws-019...",
});

// Verify a Verifiable Credential
const result = await drd.vc.verify({
  credential: credentialJwt, // JWT-encoded credential
});

if (result.valid) {
  console.log("Credential is valid!");
  console.log(`  Issuer:  ${result.issuer}`);
  console.log(`  Subject: ${result.subject}`);
  console.log(`  Type:    ${result.type}`);
  console.log(`  Revoked: ${result.revoked}`);
  console.log(`  Expires: ${result.expiresAt}`);
} else {
  console.error("Credential verification failed");
  console.error(`  Reason: ${result.error}`);
}
// => "Credential is valid!"
// => "  Issuer:  did:drd:platform"
// => "  Subject: did:drd:01956abc-..."
// => "  Type:    TrustBadge"
// => "  Revoked: false"
// => "  Expires: 2026-03-15T12:00:00Z"

// You can also verify directly from an agent ID
const badge = await drd.badge.get("01956abc-def0-7890-abcd-1234567890ab");
console.log(`Trust score: ${badge.trustScore}, Tier: ${badge.tier}`);
// => "Trust score: 87, Tier: gold"

Decentralized Identity & Credentials

W3C Verifiable Credentials v2.0

Tamper-Evident

Ed25519 digital signatures ensure credentials cannot be modified after issuance.

Self-Sovereign

Agents hold their own credentials. No central authority controls access.

Revocable

Credentials can be revoked in real-time via W3C Status List 2021.

Verifiable Credential Structure

verifiable-credential.json

{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://drd.io/ns/credentials/v1"
  ],
  "id": "urn:uuid:019vc-a1b2-c3d4-e5f6-789012345678",
  "type": ["VerifiableCredential", "TrustBadge"],
  "issuer": "did:drd:platform",
  "validFrom": "2026-02-13T12:00:00Z",
  "validUntil": "2026-03-15T12:00:00Z",
  "credentialSubject": {
    "id": "did:drd:01956abc-def0-7890-abcd-1234567890ab",
    "trustScore": 87,
    "tier": "gold",
    "compliance": ["GDPR", "EU-AI-Act"],
    "capabilities": ["content-analysis", "image-classification"]
  },
  "credentialStatus": {
    "id": "https://api.drd.io/api/v1/vc/status/1#42",
    "type": "StatusList2021Entry",
    "statusListIndex": "42",
    "statusListCredential": "https://api.drd.io/api/v1/vc/status/1",
    "statusPurpose": "revocation"
  },
  "proof": {
    "type": "Ed25519Signature2020",
    "created": "2026-02-13T12:00:00Z",
    "verificationMethod": "did:drd:platform#key-1",
    "proofPurpose": "assertionMethod",
    "proofValue": "z3FXQjecWufY46yG7FQ8sK..."
  }
}

Decentralized Identifiers (DIDs)

DID Document

did-document.json

{
  "@context": [
    "https://www.w3.org/ns/did/v1",
    "https://w3id.org/security/suites/ed25519-2020/v1"
  ],
  "id": "did:drd:01956abc-def0-7890-abcd-1234567890ab",
  "verificationMethod": [{
    "id": "did:drd:01956abc-...#key-1",
    "type": "Ed25519VerificationKey2020",
    "controller": "did:drd:01956abc-...",
    "publicKeyMultibase": "z6Mkf5rGMoatrSj1f4CyvuHBeXJELe9RPdzo2PKGNCKVtZxP"
  }],
  "authentication": ["did:drd:01956abc-...#key-1"],
  "assertionMethod": ["did:drd:01956abc-...#key-1"],
  "service": [{
    "id": "did:drd:01956abc-...#agent-api",
    "type": "AgentService",
    "serviceEndpoint": "https://api.drd.io/api/v1/agents/01956abc-..."
  }, {
    "id": "did:drd:01956abc-...#badge",
    "type": "TrustBadgeService",
    "serviceEndpoint": "https://api.drd.io/api/v1/badge/01956abc-..."
  }]
}

Key Rotation

DID documents support key rotation. Add new verification methods and deprecate old ones without changing the agent's identity.

Service Endpoints

DID documents include service endpoints for API access, badge verification, and credential presentation.

Credential Lifecycle

Verifiable Credentials follow a well-defined lifecycle from issuance to potential revocation. Each stage is recorded in the event sourcing audit trail.

Issue

The DRD platform issues a Verifiable Credential to an agent based on its trust score and compliance status.

Hold

The agent (holder) stores the credential in its DID-linked wallet. The credential is cryptographically bound to the agent's DID.

Present

When interacting with external services, the agent presents its credential as proof of verification and trust level.

Verify

Any party can verify the credential by checking the Ed25519 signature, issuer DID, expiration, and revocation status.

Revoke

If an agent violates policies or its trust score drops, the credential is revoked via a status list update.

Badge Tiers

DRD assigns trust badges based on an agent's verified trust score. Each tier represents a different level of verification and compliance, communicated through the "PROTECTED BY DRD" badge.

Bronze

60+

Basic verification. Agent meets minimum compliance requirements.

Silver

70+

Standard verification. Agent demonstrates consistent policy adherence.

Gold

85+

Premium verification. Agent has an excellent track record of compliance and transparency.

Government

95+

Highest tier. Reserved for agents meeting government-grade security and compliance standards.

Ed25519 Cryptographic Signatures

Property	Value
Algorithm	Ed25519 (EdDSA)
Curve	Curve25519
Public Key Size	32 bytes
Signature Size	64 bytes
Security Level	~128-bit equivalent
Suite	Ed25519Signature2020
Key Encoding	Multibase (base58-btc, prefix 'z')

Credential Schema & Claims

DRD credentials follow a defined schema that specifies the claims included in each credential type. This ensures interoperability and consistent verification across different platforms and verifiers.

TrustBadge Credential Schema

trust-badge-schema.json

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://drd.io/schemas/TrustBadge/v1",
  "type": "object",
  "required": ["trustScore", "tier"],
  "properties": {
    "trustScore": {
      "type": "integer",
      "minimum": 0,
      "maximum": 100,
      "description": "Agent trust score (0-100)"
    },
    "tier": {
      "type": "string",
      "enum": ["bronze", "silver", "gold", "government"],
      "description": "Badge tier based on trust score"
    },
    "compliance": {
      "type": "array",
      "items": { "type": "string" },
      "description": "List of compliance frameworks met"
    },
    "capabilities": {
      "type": "array",
      "items": { "type": "string" },
      "description": "Verified agent capabilities"
    },
    "evaluatedAt": {
      "type": "string",
      "format": "date-time",
      "description": "Timestamp of last trust evaluation"
    }
  }
}

Zero-Knowledge Proofs for Selective Disclosure

What can be disclosed

Badge tier (without exact score)
Score above threshold (e.g., >85)
Compliance with specific frameworks
Credential validity (not expired/revoked)

What stays private

Exact trust score value
Score component breakdown
Full list of capabilities
Agent internal metadata

Selective Disclosure Request

selective-disclosure.json

{
  "type": "SelectiveDisclosureRequest",
  "requiredClaims": [
    {
      "claimType": "tier",
      "reason": "Verify agent meets minimum trust tier"
    },
    {
      "claimType": "trustScore",
      "predicate": ">=",
      "value": 85,
      "reason": "Verify agent exceeds score threshold"
    }
  ],
  "verifier": "did:web:partner-platform.example.com"
}

Credential Status Checks

Status List Credential

status-list.json

{
  "@context": ["https://www.w3.org/ns/credentials/v2"],
  "id": "https://api.drd.io/api/v1/vc/status/1",
  "type": ["VerifiableCredential", "StatusList2021Credential"],
  "issuer": "did:drd:platform",
  "validFrom": "2026-02-13T00:00:00Z",
  "credentialSubject": {
    "id": "https://api.drd.io/api/v1/vc/status/1#list",
    "type": "StatusList2021",
    "statusPurpose": "revocation",
    "encodedList": "H4sIAAAAAAAAA-3BMQEAAAjAoMa..."
  }
}

Real-Time Updates

Status lists are updated within seconds of a revocation. Cached copies have a 5-minute TTL.

Privacy-Preserving

Bitstring encoding prevents verifiers from learning about other credentials in the list.

Offline-Capable

Verifiers can cache status lists and verify credentials without real-time network access.

Custom Cryptographic Layer

DID Management

Create, update, and resolve DIDs using the did:drd: method. Custom key management with Ed25519 via @noble/curves.

Credential Operations

Issue, verify, and revoke W3C VCs using custom Ed25519 signatures via @noble/curves — lightweight and auditable.

Data Store

Credentials and DIDs are stored in DRD's event-sourced data store with full audit trail.

Extensible Architecture

Modular design allows adding new DID methods, credential types, and verification suites without framework lock-in.

Issuing a Credential

Use the DRD SDK to issue a Verifiable Credential to an agent. The platform signs the credential with its Ed25519 key and returns the full VC.

issue-credential.ts

import { DRDClient } from "@drd.io/sdk";

const drd = new DRDClient({
  apiKey: process.env.DRD_API_KEY!,
  workspaceId: "ws-019...",
});

// Issue a TrustBadge credential to an agent
const credential = await drd.vc.issue({
  subjectDid: "did:drd:01956abc-def0-7890-abcd-1234567890ab",
  type: "TrustBadge",
  claims: {
    trustScore: 87,
    tier: "gold",
    compliance: ["GDPR", "EU-AI-Act"],
    capabilities: ["content-analysis", "image-classification"],
  },
  validityDays: 30,
});

console.log(`Credential issued: ${credential.id}`);
console.log(`Type: ${credential.type.join(", ")}`);
console.log(`Valid until: ${credential.validUntil}`);
console.log(`Proof type: ${credential.proof.type}`);
// => "Credential issued: urn:uuid:019vc-a1b2-..."
// => "Type: VerifiableCredential, TrustBadge"
// => "Valid until: 2026-03-15T12:00:00Z"
// => "Proof type: Ed25519Signature2020"

Verifying a Badge

Verify a credential's signature, issuer, expiration, and revocation status. The SDK handles the full verification pipeline including status list checks.

verify-badge.ts

import { DRDClient } from "@drd.io/sdk";

const drd = new DRDClient({
  apiKey: process.env.DRD_API_KEY!,
  workspaceId: "ws-019...",
});

// Verify a Verifiable Credential
const result = await drd.vc.verify({
  credential: credentialJwt, // JWT-encoded credential
});

if (result.valid) {
  console.log("Credential is valid!");
  console.log(`  Issuer:  ${result.issuer}`);
  console.log(`  Subject: ${result.subject}`);
  console.log(`  Type:    ${result.type}`);
  console.log(`  Revoked: ${result.revoked}`);
  console.log(`  Expires: ${result.expiresAt}`);
} else {
  console.error("Credential verification failed");
  console.error(`  Reason: ${result.error}`);
}
// => "Credential is valid!"
// => "  Issuer:  did:drd:platform"
// => "  Subject: did:drd:01956abc-..."
// => "  Type:    TrustBadge"
// => "  Revoked: false"
// => "  Expires: 2026-03-15T12:00:00Z"

// You can also verify directly from an agent ID
const badge = await drd.badge.get("01956abc-def0-7890-abcd-1234567890ab");
console.log(`Trust score: ${badge.trustScore}, Tier: ${badge.tier}`);
// => "Trust score: 87, Tier: gold"

Decentralized Identity & Credentials

On this page

W3C Verifiable Credentials v2.0

Tamper-Evident

Self-Sovereign

Revocable

Verifiable Credential Structure

Decentralized Identifiers (DIDs)

DID Document

Key Rotation

Service Endpoints

Credential Lifecycle

Issue

Hold

Present

Verify

Revoke

Badge Tiers

Ed25519 Cryptographic Signatures

Credential Schema & Claims

TrustBadge Credential Schema

Zero-Knowledge Proofs for Selective Disclosure

What can be disclosed

What stays private

Selective Disclosure Request

Credential Status Checks

Status List Credential

Real-Time Updates

Privacy-Preserving

Offline-Capable

Custom Cryptographic Layer

DID Management

Credential Operations

Data Store

Extensible Architecture

Issuing a Credential

Verifying a Badge

Related Documentation

Decentralized Identity & Credentials

On this page

W3C Verifiable Credentials v2.0

Tamper-Evident

Self-Sovereign

Revocable

Verifiable Credential Structure

Decentralized Identifiers (DIDs)

DID Document

Key Rotation

Service Endpoints

Credential Lifecycle

Issue

Hold

Present

Verify

Revoke

Badge Tiers

Ed25519 Cryptographic Signatures

Credential Schema & Claims

TrustBadge Credential Schema

Zero-Knowledge Proofs for Selective Disclosure

What can be disclosed

What stays private

Selective Disclosure Request

Credential Status Checks

Status List Credential

Real-Time Updates

Privacy-Preserving

Offline-Capable

Custom Cryptographic Layer

DID Management

Credential Operations

Data Store

Extensible Architecture

Issuing a Credential

Verifying a Badge

Related Documentation