Affinidi Radix

Standards-compliant registry providing authoritative trust verification for decentralised identity ecosystems.

Documentation update

This product is in Closed Beta. The information provided here offers a technical preview of key capabilities.

Overview

Affinidi Radix is a high-performance trust registry that maintains authoritative information about which entities are authorised to perform specific actions within a trust framework. It implements the Trust Registry Query Protocol (TRQP) v2.0 specification, enabling standards-based verification of trusted entities in decentralised identity ecosystems.

It provides capabitilies such as:

Verify issuer authorisation: Confirm whether an entity is authorised to issue specific credential types.
Confirm verifier recognition: Check if a verifier is recognised by appropriate governance authorities.
Answer trust questions: Determine if Entity B is authorised by Authority A to perform Action X on Resource Y.
Maintain trust records: Automated CRUD operations via DIDComm or manual management.
Scale trust verification: High-performance storage backends (Redis, DynamoDB, CSV).

How it works

The Trust Registry answers trust questions by maintaining and querying trust records. Each trust record links an entity to an authority for a specific action on a resource.

sequenceDiagram
    participant Client as Verifier/Relying Party
    participant Registry as Trust Registry
    participant Storage as Storage Backend<br/>(Redis/DynamoDB/CSV)
    
    Client->>Registry: Query: Is Entity B authorised<br/>by Authority A for Action X?
    Note over Registry: Extract entity_id, authority_id,<br/>action, resource
    Registry->>Storage: Search trust records
    Storage-->>Registry: Matching records (if any)
    Registry->>Registry: Evaluate authorisation
    Registry-->>Client: Response: Authorised/Not Authorised<br/>+ context metadata

Query flow:

The Trust Registry receives a query via REST API (TRQP endpoints) or DIDComm messaging (when enabled).
It extracts the entity ID (DID), authority ID, action, and resource from the query.
It searches the trust records storage for matching entries.
It returns whether the entity is authorised or recognised for the requested operation.
Optionally, it includes additional context metadata from the trust record.

Example query: “Is did:example:issuer1 authorised by did:example:gov1 to issue credentials of type driver_licence?”

The Trust Registry checks its records and responds with authorisation status and any additional context.

Query interfaces

The Trust Registry provides two interfaces for querying trust records:

REST API (TRQP): Always available. Standard HTTP endpoints for authorisation and recognition queries.
DIDComm Messaging: Optional. Encrypted, authenticated queries via DIDComm v2.1 protocol when DIDComm is enabled.

Trust questions

The Trust Registry answers two types of trust questions defined by the TRQP specification:

Authorisation query

Aspect	Details
Question	Has Authority A authorised Entity B to take Action X on Resource Y?
Purpose	Verify whether a specific entity has been granted authorisation by a governing authority to perform an action on a defined resource.
Example Use	Before accepting a driver’s licence credential, a verifier checks if the issuer is authorised by the national transport authority to issue driver’s licences.

Query Methods:

REST API: POST /authorization


        
{
  "authority_id": "did:example:transport_authority",
  "entity_id": "did:example:licence_issuer",
  "action": "issue",
  "resource": "driver_licence"
}

DIDComm (when enabled): https://affinidi.com/didcomm/protocols/trqp/1.0/query-authorization

Recognition query

Aspect	Details
Question	Does Authority X recognise Entity B as an authority to authorise taking Action X on Resource Y?
Purpose	Verify whether one authority recognises another entity as having the authority to grant authorisations for specific actions and resources.
Example Use	A federated trust framework where a national authority recognises regional authorities that can in turn authorise local issuers.

Query Methods:

REST API: POST /recognition


        
{
  "authority_id": "did:example:national_authority",
  "entity_id": "did:example:regional_authority",
  "action": "certify",
  "resource": "professional_credential"
}

DIDComm (when enabled): https://affinidi.com/didcomm/protocols/trqp/1.0/query-recognition

Core capabilities

Capability	Description	Benefits
TRQP v2.0 Compliance	Full implementation of Trust Registry Query Protocol with authorisation queries, recognition queries, and standardised JSON responses. Supports context metadata via Base64-encoded JSON.	Standards-based interoperability with other TRQP-compliant systems. Dual query interfaces (REST API always available, DIDComm optional for encrypted queries).
Storage Backends	Flexible storage options: CSV file storage for development/testing, AWS DynamoDB for scalable cloud deployments with automatic scaling, Redis for sub-millisecond in-memory performance with optional persistence.	Choose the backend that fits your deployment requirements, from simple file-based to enterprise-scale databases.
DIDComm Integration	Optional secure messaging interface for trust record management with CRUD operations via authenticated DIDComm messages. Administrator authentication ensures only authorised DIDs can manage records. Public and private modes control message access.	Secure, encrypted trust record management and queries. End-to-end encryption for sensitive trust verification operations.
Security & Performance	Built with Rust for memory safety and high performance. Optimised for thousands of queries per second with minimal latency. Thread-safe concurrent request handling.	Memory safety prevents common vulnerabilities. Sub-millisecond query response times with Redis backend. Production-ready performance at scale.

Sample use cases

Credential issuance verification

Verifiers need to confirm whether an issuer is authorised by the appropriate governance authority before accepting credentials.

Scenario: A university verifies that a high school is authorised by the education ministry to issue secondary education diplomas.

Trust Registry query:


        
{
  "authority_id": "did:example:education_ministry",
  "entity_id": "did:example:high_school_123",
  "action": "issue",
  "resource": "secondary_diploma"
}

Trust framework compliance

Ensure all participants in a digital trust ecosystem (issuers, verifiers, relying parties) are approved by the governance framework.

Scenario: A government-operated trust framework where only accredited organisations can verify identity credentials.

Trust Registry query:


        
{
  "authority_id": "did:example:national_trust_framework",
  "entity_id": "did:example:verifier_org",
  "action": "verify",
  "resource": "identity_credential"
}

Federated trust networks

Support multi-level trust hierarchies where national authorities recognise regional authorities that in turn authorise local entities.

Scenario: A national health authority recognises regional health boards that authorise local clinics to issue vaccination certificates.

Recognition query (national → regional):


        
{
  "authority_id": "did:example:national_health",
  "entity_id": "did:example:regional_board_north",
  "action": "authorise",
  "resource": "vaccination_certificate"
}

Authorisation query (regional → clinic):


        
{
  "authority_id": "did:example:regional_board_north",
  "entity_id": "did:example:clinic_456",
  "action": "issue",
  "resource": "vaccination_certificate"
}

When to use trust registry

Choose the Trust Registry when you need:

Requirement	How Trust Registry Helps
Standards compliance	Full TRQP v2.0 implementation ensures interoperability with other compliant systems.
Governance frameworks	Maintain authoritative records of who is authorised to perform what actions.
Verifiable credential ecosystems	Verify issuer and verifier legitimacy before credential issuance or verification.
Federated trust models	Support multi-level trust hierarchies with recognition queries.
High-performance verification	Handle thousands of trust queries per second with minimal latency.

Deployment modes

Mode	Query Interface	Record Management	DIDComm Mediator	Use Case
Standalone	REST API endpoints for authorisation and recognition queries.	Manual via direct storage backend access (CSV editing, database operations).	Not required.	Simpler setup for environments where REST API queries are sufficient.
DIDComm-Enabled	Both REST API endpoints AND DIDComm messaging for encrypted queries.	Secure CRUD operations via authenticated DIDComm messages plus manual storage access.	Required. See Affinidi Messaging for mediator setup.	Enhanced security with encrypted queries and trust record management via DIDComm.

Open Source Implementation

Affinidi Radix is built on an open source project. The trust registry implementation is available on GitHub, allowing you to review the code, contribute improvements, or deploy your own instance.

Next steps

Was this page helpful?

Glad to hear it! Please tell us how we can improve more.

Sorry to hear that. Please tell us how we can improve.

Thank you for sharing your feedback so we can improve your experience.