Building Trust with Code: How DSR, Hedera, and LF Decentralized Trust, Are Advancing Decentralized Identity

A recent LF Decentralized Trust (LFDT) webinar highlighted a significant advancement in self-sovereign identity (SSI) infrastructure: the release of a new plugin enabling integration between Hedera and the ACA-Py framework. This plugin, developed by DSR Corporation, has been open sourced under the OpenWallet Foundation and extends ACA-Py with support for the Hedera network. Complementing this, a new Python SDK, now part of the LFDT-hosted Hiero project, provides developers with tools to manage Decentralized Identifiers (DIDs) and Hyperledger AnonCreds Verifiable Credentials on Hedera using the Hedera Consensus Service. Together, these contributions—spanning both the OpenWallet and Hiero ecosystems—anchor critical identity metadata to Hedera’s high-throughput, public distributed ledger and expand the reach of open source digital identity tooling.

The integration demonstrates how open governance, composable identity protocols, and scalable layer-1 infrastructure can be combined to support real-world, production-grade SSI deployments.

Context: From Centralized Identity to Self-Sovereign Models

Traditional identity systems rely on centralized authorities and intermediaries for credential issuance and verification. These models introduce significant challenges: siloed data, user tracking, high costs, and weak privacy guarantees.

Self-sovereign identity (SSI) flips this model. Using decentralized identifiers (DIDs), verifiable credentials (VCs), and secure digital wallets, individuals and organizations can exchange trusted identity claims on a peer-to-peer basis—without relying on centralized infrastructure.

This concept defines interoperable agents for issuing, verifying, and revoking credentials. ACA‑Py is a widely adopted implementation of these agent capabilities.

Preserving Privacy with Hyperledger AnonCreds

The Hyperledger AnonCreds credential format is a cornerstone of privacy-respecting identity systems. It enables selective disclosure and zero-knowledge proofs, allowing users to prove information (e.g., age or qualification) without revealing unnecessary data (e.g., full birthdate or ID).

AnonCreds also supports credential revocation and schema versioning, both of which require a secure, globally accessible data registry.

With the deprecation of some first-generation registries, SSI projects have been in search of a robust and scalable replacement.

ACA‑Py Meets Hedera: Decentralized Registry via Plugin Architecture

To address this gap, DSR released and contributed a new open source ACA‑Py plugin for Hedera to the OpenWallet Foundation community at the Linux Foundation. The plugin enables developers to anchor DIDs and AnonCreds-related metadata (e.g., credential schemas, definitions, and revocation registries) directly to the Hedera network using the Hedera Consensus Service (HCS).

This integration ensures:

• Immutability and auditability of identity data
  
  
• Cryptographic timestamping of all registry events
  
  
• Low-latency credential operations via mirror node resolution and intelligent cachin

The plugin adheres to DIDComm and AnonCreds standards and is designed to be modular, enabling further extension and integration with other ACA‑Py components and registries.

Why Hedera? A Fit-for-Purpose Identity Layer

Hedera provides an ideal foundation for decentralized identity registries due to its performance, security, and operational maturity:

• High throughput: Handles up to 10,000 transactions per second
  
  
• Low, predictable fees: Suits credential-heavy applications
  
  
• aBFT consensus: Delivers fast finality with asynchronous Byzantine fault tolerance
  
  
• Carbon-negative operations: Ensures sustainability and compliance with ESG standards

The Hedera Consensus Service (HCS) enables applications to publish small, immutable messages to the public ledger. This model is well suited for anchoring metadata like DIDs, credential schemas, and revocation registries — while keeping private data off-chain.

Importantly, the entire Hedera network codebase is now open source and maintained under Hiero, a Linux Foundation Decentralized Trust project. This governance model ensures transparency, technical stewardship, and long-term alignment with open standards in the decentralized identity ecosystem.

Plugin Architecture: Technical Overview

The ACA‑Py Hedera plugin introduces a standards-compliant registry backend into the ACA‑Py stack. Key used components include:

• Hedera DID Method Implementation: Compatible with ACA‑Py's DID registry, it supports creation, updates, and resolution of DIDs over Hedera.
  
  
• Credential Registry Functions: Uses HCS topics to publish credential schemas, definitions, and revocation data. Anchored records are signed, timestamped, and queryable.
  
  
• HCS-1 File Support: Large or structured data (e.g., revocation lists) are chunked and written using the HCS-1 format, allowing ACA‑Py to maintain auditability without overloading individual transactions.
  
  
• Mirror Node Query and Caching: To reduce latency, the underlying SDK implements a cache layer on top of mirror node queries for efficient credential verification.
  
  
• Modular Extension Support: The plugin is engineered for reuse and extension, with components published under the hiero-ledger and openwallet-foundation GitHub organizations.
  

Developers can integrate the plugin directly into ACA‑Py-based agents and use it as a drop-in registry for Hedera-backed credential workflows.

End-to-End Demo: Credential Lifecycle on Hedera

The webinar demonstrated a terminal-based walk-through of the plugin in action:

1. An issuer creates a DID and publishes a credential schema and definition on Hedera
   
   
2. An issuer initiates and establishes connection with a holder
   
   
3. An issuer sends a credential offer to a holder -> the holder accepts the offer, receives and stores a credential in their wallet
   
   
4. The holder successfully presents the credential to a verifier
   
   
5. The issuer revokes the credential by updating revocation registry
   
   
6. A second verification attempt fails as expected, confirming revocation

Each step of the credential lifecycle (definition, issuance, revocation) anchors cryptographic commitments to Hedera using HCS and can be independently verified via public mirror nodes.

Looking Ahead

The ACA‑Py plugin is only the first step in the broader effort to integrate Hedera with the open identity ecosystem:

• An integration with Credo framework is in development to bring similar functionality to JavaScript-based cross-platform agent implementation hosted under the OpenWallet Foundation.
  
  
• An official AnonCreds specification for Hedera is being drafted and maintained under the Hiero project.

🗓️ Join us at the Global Digital Collaboration (GDC) Conference in Geneva on July 2, 2025, where DSR and Hedera will showcase this ACA‑Py plugin in a live, interactive demonstration titled “First Person Credentials: Establishing Human Identity in a Decentralized World.”

Contribute and Collaborate

The ACA‑Py plugin is available today and ready for testing, integration, and community contribution. To get involved:

• 💬 Join the LFDT Discord – check out the #hiero channel
• 🧑‍💻 Explore the Hiero GitHub Org – home to the Hiero DID Python SDK, specs, and open roadmap
• 💬 Join the OpenWallet Discord – check out the #acapy channel
• 🧑‍💻 Explore the OWF Aca-Py GitHub Org – home to the Hiero DID Python SDK, specs, and open roadmap
• 📆 Register for upcoming LFDT webinars, Meetups and other events, including virtual and in-person workshops.

For technical inquiries or collaboration opportunities, reach out to the project contributors at DSR Corporation and Hashgraph via the Hiero GitHub repository.

Watch the Full LFDT Webinar

▶️ ACA‑Py Plugin for Hedera Ledger