System architecture
Architectural Overview
Components
Truvera API
AWS
us-west-1 (Northern California)
Truvera Workspace
Vercel
us-west-1 (Northern California)
Relay Service and EDV
Vercel
us-west-1 (Northern California)
MongoDB
us-west-1 (Northern California)
Blockchain (Dock owned validators)
AWS
us-west-1 (Northern California)
us-east-1 (North Virginia)
us-east-2 (Ohio)
eu-central-2 (Zurich)
eu-west-2 (London)
Truvera network diagram
Data Storage Details
Truvera strives to minimize the data it stores and works to follow SSI best practices of keeping private data with the individual it belongs to. Below we outline what data is used each component of our system.
Truvera API:
Issuer metadata (name, logo, etc.)
VC metadata (id, issue date, etc.)
Subject reference field*
Verification history*
Persisted VC’s* (optional)
Raw credential data is only stored in memory during issuance and is dropped immediately after
* may contain PII
Relay Service:
Temporary storage of encrypted VC’s
Can only be decrypted by recipient DID
Message deleted once retrieved by recipient
Blockchain
The blockchain used (if any) depends on the DID method selected when configuring an organization profile. A public blockchain provides Truvera users with assurance that their identity data is not locked-in to the platform. As long as the blockchain can be read, previously issued credentials in standard credential formats remain verifiable.
We recommend the cheqd blockchain built in the Cosmos ecosystem because it is mature, decentralized, public, and permissionless. The Truvera API abstracts the complexity of blockchain transactions and the associated token fees.
We are cautious that user PII, including hashed data, is never written to a public blockchain. User credential information is never written to the chain. Wallet DIDs are in DID:key format and are not stored on-chain.
Last updated
Was this helpful?
