A discloser is the entity that discloses or presents an ACDC (Authentic Chained Data Container) credential to another party. The discloser may or may not be the original issuer of the ACDC being disclosed.
"A role of an entity that discloses an ACDC. A Discloser may or may not be the Issuer of the disclosed ACDC."
This definition establishes the discloser as one of the fundamental roles in the ACDC credential presentation ecosystem, distinct from but related to the issuer role. The discloser is the active party in a presentation exchange, controlling what information is revealed, when it is revealed, and under what conditions.
The canonical abbreviation is Discloser (capitalized when referring to the formal role), though the term may appear in lowercase when used descriptively.
Governance Context
Role in the vLEI Ecosystem
Within the , the discloser role is critical to the operational model of verifiable credential presentations. The vLEI Ecosystem Governance Framework v3.0 establishes that:
Implementation Notes
Conceptual Implementation Guidance
Disclosure Decision Framework
When implementing discloser functionality, consider:
Trust assessment: Evaluate the relationship with the disclosee to determine appropriate disclosure level
Information minimization: Default to compact or selective disclosure unless full disclosure is required
Privacy impact analysis: Assess correlation risks before disclosing multiple credentials together
Contractual requirements: Determine if chain-link confidentiality or contractually protected disclosure is needed
Graduated Disclosure Strategy
Implement graduated disclosure by:
Initial compact presentation: Start with SAIDs to minimize information leakage
Progressive expansion: Reveal additional field maps as trust develops or requirements emerge
Verification at each step: Ensure the disclosee can verify each disclosure variant
Contractual gates: Require agreement to terms before expanding disclosure
Privacy Protection Patterns
Attribute bundling: Carefully consider which attributes to disclose together to avoid correlation
Temporal separation: Disclose different credentials at different times to reduce linkability
Contextual isolation: Use different AIDs for different contexts when possible
Blinding techniques: Leverage UUIDs in private ACDCs to prevent rainbow table attacks
Integration with vLEI Ecosystem
For vLEI implementations:
Legal entity presentations: Legal entities act as disclosers when presenting their vLEI credentials to verifiers
Representative presentations: OOR and ECR credential holders disclose role credentials to prove authorization
QVI presentations: QVIs may disclose their QVI credentials to demonstrate issuance authority
Chain of trust: Ensure disclosed credentials maintain verifiable links back to GLEIF root of trust
Authorized representatives (both OOR and ECR credential holders) act as disclosers when presenting role credentials
QVIs may act as disclosers when presenting their QVI credentials to demonstrate their authorization to issue vLEI credentials
The discloser role is not explicitly defined as a governance role in the vLEI framework documents, but rather emerges as an operational role that any credential holder assumes when presenting credentials. This reflects the decentralized nature of the KERI/ACDC architecture, where credential presentation does not require intermediaries or central authorities.
GLEIF Context
While GLEIF (Global Legal Entity Identifier Foundation) does not formally define "discloser" as a governance role in its vLEI documentation, the concept is implicit in the credential presentation workflows described in the governance framework. GLEIF's role as the root of trust in the vLEI ecosystem means that:
GLEIF itself may act as a discloser when presenting its root credentials
The governance framework establishes the conditions under which various parties may disclose credentials
The discloser role interacts with several other governance-defined entities:
Disclosee: The recipient of the disclosed ACDC, forming the complementary role in presentation exchanges
Issuer: The original creator of the ACDC, who may or may not be the same entity as the discloser
Issuee: The subject of the credential, who typically becomes the discloser in subsequent presentations
Verifier: While not formally defined in the ACDC specification, verifiers are the practical recipients (disclosees) in most credential presentation scenarios
Roles & Responsibilities
Primary Responsibilities
The discloser's primary responsibilities in the ACDC/IPEX ecosystem include:
1. Credential Presentation Control
The discloser has exclusive control over what information is disclosed and when. This includes:
Establish disclosure terms: Define the conditions under which information may be used by the disclosee
Obtain agreement: Ensure the disclosee agrees to terms before revealing sensitive information
Create bespoke credentials: Generate custom ACDCs that bind disclosure to specific usage constraints
Authority and Permissions
The discloser's authority derives from:
Cryptographic Control
The discloser must have cryptographic control over the ACDC being disclosed, which typically means:
Possession of the credential: Having received the ACDC from the issuer through an issuance exchange
Control over the issuee AID: If the ACDC has an issuee field, the discloser typically controls the private keys associated with that AID
Ability to sign presentations: The discloser can create cryptographic signatures proving they control the credential
Delegation Authority
In some scenarios, the discloser may have delegated authority:
Custodial agents: May act as disclosers on behalf of credential holders
Authorized representatives: In the vLEI ecosystem, representatives may disclose credentials on behalf of legal entities
Delegated identifiers: Through KERI's delegation mechanism, disclosers may operate under delegated authority
Limitations
The discloser role has several important limitations:
1. Cannot Modify Issued Credentials
The discloser cannot alter the content of an ACDC issued by another party. The SAID mechanism ensures that any modification would be immediately detectable. The discloser can only:
Choose which variant to present (compact, partial, selective, full)
Select which attributes to disclose (in selective disclosure scenarios)
While chain-link confidentiality provides legal protections, the discloser cannot cryptographically prevent a disclosee from further disclosing information. The protections are:
Legal/contractual: Based on agreements and liability frameworks
Not cryptographic: Unlike encryption, which can technically prevent access
Dependent on enforcement: Require legal systems to enforce confidentiality obligations
3. Cannot Revoke After Disclosure
Once information is disclosed, the discloser cannot "take it back." While the original issuer may revoke a credential through the TEL (Transaction Event Log), the discloser cannot:
Undo a disclosure that has already occurred
Force a disclosee to delete received information
Retroactively change disclosure terms
4. Must Respect Issuer Constraints
The discloser must operate within constraints established by the issuer:
Schema compliance: Cannot disclose information in ways that violate the ACDC's schema
Rule sections: Must respect any rules embedded in the ACDC by the issuer
Revocation status: Should not present revoked credentials as valid
Credential Lifecycle
While the discloser is not a credential type itself, understanding the discloser's role in the credential lifecycle is essential:
Issuance Phase
During issuance, the future discloser is typically the issuee (credential subject):
Issuance exchange: The issuer acts as the discloser in the initial exchange, presenting the newly created ACDC to the issuee
Credential receipt: The issuee receives the ACDC and stores it in their credential store
Verification: The issuee verifies the ACDC's cryptographic integrity and issuer authenticity
Presentation Phase
This is where the issuee becomes the discloser:
Presentation request: A verifier (acting as disclosee) requests specific credential information
Disclosure decision: The discloser decides what information to reveal and in what format
IPEX exchange: The discloser initiates a presentation exchange using the IPEX protocol
Graduated disclosure: The discloser may progressively reveal information through multiple exchange steps
Verification by disclosee: The disclosee verifies the disclosed ACDC's authenticity
Revocation Considerations
When a credential is revoked:
Issuer revocation: The issuer updates the TEL to mark the credential as revoked
Discloser awareness: The discloser should monitor the TEL to be aware of revocation status
Presentation obligations: The discloser should not present revoked credentials as valid
Revocation disclosure: In some scenarios, the discloser may need to present a revoked credential to prove it was revoked
Related Governance Documents
ACDC Specification
The primary technical specification defining the discloser role:
Role reversal: A disclosee in one exchange may become a discloser in a subsequent exchange (chain-link confidentiality)
Conclusion
The discloser role is fundamental to the ACDC credential presentation model, providing the active control point for privacy-preserving, graduated disclosure of verifiable credentials. While not explicitly defined as a governance role in the vLEI framework, the discloser concept is essential to understanding how credentials flow through the ecosystem and how privacy protections are implemented. The discloser's responsibilities center on controlling what information is revealed, when it is revealed, and under what contractual conditions, while maintaining the cryptographic integrity that enables verification back to the original issuer.