Glossary

Note: Mostly, this terminology is specific to the Origin platform. Theoretical and formally standardized cryptographic and cybersecurity terms are introduced only lightly. For more details about those concepts, see the KERI ecosystem's KERISSE website, GLEIF's vLEI Governance Framework, the Trust Over IP Glossary, Hyperledger Aries RFCs, and W3C's Verifiable Credentials Data Model and Decentralized Identifiers (DIDs).

AID

A self-certifying identifier which cryptographically binds an identifier to a public and private key pair. It is an identifier that can be proven to be the one and only identifier tied to a public key using cryptography alone. A vLEI formally references its issuee by the issuee's AID.

client

An org that operates on the Origin platform to create, manage, and use its digital identity. Contrast service provider.

CSP (communications service provider)

A service provider that provides telecom services such as A2P messaging or VOIP, and that uses Origin to help clients make their traffic verifiable.

DAR (designated authorized representative)

A formally defined role in the vLEI Governance Framework. A DAR represents a client during vLEI issuance. They designate LARs, formally commit their org to governance rules, and establish a contractual relationship between their org and a QVI.

digital credential

A small, digitally signed file that provides evidence that the holder is entitled to a privilege. X509 certificates and SSH keys are familiar but old examples. A second generation of digital credentials solves some centralization and maintenance problems and has come of age in the past decade. It is associated with AnonCreds, the ISO mobile driver's license spec, and W3C verifiable credential spec. Origin can help support these technologies. However, the focus of Origin is a third generation of digital credentials called ACDCs. These offer dramatically improvements in security and efficiency. vLEIs are an example of a ACDC-based credential supported by Origin.

facilitator

A service provider that helps a client build the foundation of their digital identity. Typically a client contracts with a facilitator; the facilitator then vets the org and its staff, issues important credentials, and provides training and support. Origin may be the delivery channel for only a subset of these things. A client may interact with other service providers, but its relationship is typically mediated by its facilitator, at least at first. QVIs are often facilitators because vLEIs are foundational to the digital identity strategy of many orgs. See Origin for Service Providers > Facilitating for details.

LAR (legal entity authorized representative)

A formally defined role in the vLEI Governance Framework. They are a member of a committee that uses cryptographic keys to jointly manage their org's identity by providing formal approvals of all operations that the org performs directly. They also delegate, so other representatives of the org can function autonomously.

QVI (qualified vLEI issuer)

A service provider accredited by GLEIF to issue vLEIs to client orgs. See the vLEI Governance Framework for details.

service provider

An org that operates on the Origin platform to deliver services consumed by clients. Two examples of a service provider are a QVI and a CSP.

vLEI

A category of digital credential that was designed by GLEIF to embody extremely high assurance of identity for organizations and the people who represent them. There are multiple subtypes of vLEI, including one that certifies a QVI (QVI vLEI), one that identifies legal entities (LE vLEI), one that identifies officers of an organization with legally recognized roles (OOR vLEI), and one that identifies staff of an organization with arbitrary job titles (ECR vLEI). See the vLEI Governance Framework for details.