Ecosystem Use Cases

How industries build verifiable credential infrastructure on the open-source swiyu stack

The swiyu open-source stack is more than Swiss e-ID infrastructure. Any industry, consortium, or standards body can deploy its own governance, registries, and verifiable credentials – on their own servers, under their own policies, anchored in neutral, cryptographically verifiable trust.

This page maps the building blocks, a real-world industry deployment, and the GitHub repositories you need to roll your own trust infrastructure.

A General-Purpose Method of Sharing Verified Information Increases Trust and Improves Productivity

Credit: Findy Cooperative

The Three-Layer Trust Stack

Every verifiable credential ecosystem — regardless of industry — rests on the same three layers. The swiyu open-source components cover all three.

01GovernanceWho is authorized to issue credentials in your ecosystem? A trust registry defines which organizations are recognized actors and what credential types they may issue — your rules, your governance. Define schemas, manage your issuer list, set acceptance policies for verifiers.

02RegistriesThe neutral data layer that makes trust verifiable without central intermediaries: public keys anchored to decentralized identifiers, real-time revocation lists, and the authoritative list of trusted actors.

03ApplicationsThe services participants interact with: issuer services that create and sign credentials, verifier services that check presentations, and wallets that hold and present credentials on behalf of users or organizations.

IATA: A Global Industry Deployment

The International Air Transport Association (IATA) — representing 330 airlines carrying 83% of global air traffic — built the Aviation Security Trust Framework (ASTF) directly on the swiyu open-source infrastructure. It is a production-grade example of an international standards body deploying its own governance, registries, and credential issuance for a critical compliance use case, anchored in swiyu as the neutral trust layer.

LiveGlobal Deploymentastf.iata.org ↗

The Challenge

Commercial aircraft operators must maintain Aircraft Operator Security Programmes (AOSPs) and Supplementary Station Procedures (SSPs) — documents approved by Civil Aviation Authorities across multiple national jurisdictions. Paper-based approvals are slow, forgeable, and impossible to verify instantly at the point of need.

The Solution

A CAA issues a Verifiable Credential — a tamper-proof digital attestation cryptographically bound to the original document. An inspector anywhere in the world scans a QR code and instantly verifies authenticity and current revocation status, with no direct integration into the CAA’s systems required.

swiyu ComponentRole in IATA ASTF

Identifier RegistryAnchors the cryptographic public keys of each Civil Aviation Authority so their credential signatures can be independently verified by anyone

Trust RegistryMaintains the authoritative list of CAAs recognized to issue AOSP and SSP approvals within the IATA governance framework

Status RegistryEnables real-time validity checks — if an approval is superseded or revoked, any verifier knows instantly without contacting the CAA

swiyu-issuerEach participating CAA runs its own issuer instance to create, sign, and manage approval credentials for aircraft operators

swiyu-verifierVerification portals used by inspectors to validate document authenticity against original submissions and check revocation status

“The ASTF demonstrator is anchored in the Swiss Public Beta Infrastructure (swiyu), leveraging its open standards and neutrality to build a scalable and secure trust model — showcasing how a state-operated, neutral trust layer can underpin a critical industry application.”

— IATA ASTF documentation

More Ecosystem Use Cases

DIDAS members are mapping trust flows across sectors. Each represents a concrete deployment of the three-layer stack under sector-specific governance.

🏫EducationUniversity matriculation credentials via eduID. Students carry a verifiable enrolment credential that institutions can check without calling the registrar’s office. Mapped across ETH, EPFL, and Swiss universities.See trust flow diagrams →🏠Banking & FinanceWalk-in and online re-identification flows for KYC compliance. A credential issued during a branch visit satisfies re-ID requirements for subsequent online services, in collaboration with the OpenBankingProject.ch community.See trust flow diagrams →⚕️HealthcarePatient identity, professional credentials, and authorizations across institutions and cantonal boundaries — without central patient registries or proprietary integration layers.Emerging🏛Government ServicesCross-border and inter-cantonal credential flows. Residence permits, professional licenses, and civil status documents as portable, machine-verifiable credentials aligned with the EU Digital Identity Wallet.Emerging

swiyu Building Blocks

All components are published by the Swiss Federal Government (FOITT) under the MIT License. Deploy them on your own infrastructure, adapt them to your governance model, and contribute back to the ecosystem.

Issue & Verify Credentials

swiyu-issuerGeneric credential issuance service (OID4VCI). Manages credential offers, signing, status list integration, and wallet protocol interactions.swiyu-verifierGeneric credential verification service (OID4VP). Initiates verification requests, handles wallet presentations, and returns validated credential claims.

Manage Identifiers (DIDs)

didtoolbox-javaCLI tool for creating, updating, and deactivating Decentralized Identifiers (did:webvh). First step for any issuer or verifier.didresolverDID resolution library. Resolves did:tdw and did:webvh identifiers, validates cryptographic proofs, returns DID Documents for signature verification.

Run Your Own Registries

swiyu-registry-trust-data-serviceTrust registry service. Maintains the public list of verified issuers and verifiers. Wallets query this to show users whether a credential issuer is recognized.swiyu-registry-status-data-serviceStatus registry service. Serves credential status lists for real-time revocation and suspension checks.swiyu-registry-identifier-data-serviceIdentifier registry service. Stores and serves DID Documents of registered participants, providing public key material for credential signature verification.swiyu-core-business-serviceManagement layer for all registry services. Provides write operations for onboarding, updating, and offboarding issuers and verifiers.

Wallets & Testing Tools

eidch-ios-walletiOS wallet reference implementation. Open-source credential storage, presentation, and OID4VCI/OID4VP support — a starting point for sector-specific wallet adaptations.eidch-android-walletAndroid wallet reference implementation. Open-source credential management and protocol support — a starting point for ecosystem-specific wallet applications.swiyu-generic-application-testMinimal wallet for end-to-end testing and deployment validation. Verify your issuer and verifier services are correctly configured before connecting a production wallet.

📘 Full technical documentation and deployment cookbooks ↗

Ready to Build?

DIDAS connects Swiss organizations exploring verifiable credentials and trust infrastructure. Whether you are scoping a pilot, designing a new ecosystem, or extending an existing system – get in touch.

Become a DIDAS Member Explore swiyu on GitHub