Overview#Trust Anchor is defined in RFC 6024 as "Trust Anchor represents an Authoritative Entity via a Public Key and associated data".
A Relying Party uses Trust Anchors to determine if a digitally signed object is valid by verifying a Digital Signature using the Trust Anchor's Public Key, and by enforcing the constraints expressed in the associated data for the Trust Anchor.
Trust Anchor is part of a Public Key Infrastructure scheme.
Trust Anchor is commonly called a Root Certificate.
Only Local Significance#Trust Anchors have only local significance, i.e., each Relying Party is configured with a set of Trust Anchors, either by the Relying Party or by an entity that manages Trust Anchors in the context in which the Relying Party operates.
The associated data defines the scope of a Trust Anchor by imposing constraints on the signatures that the Trust Anchor may be used to verify.
More Information#There might be more information for this subject on one of the following:
- Certificate Authority
- Certificate Fingerprint
- Certificate-based Authentication
- Certification Authority Browser Forum
- Decentralized Identifier
- How SSL-TLS Works
- Kerberos Service Account
- Public Key Infrastructure
- Public Key Infrastructure Weaknesses
- Root Certificate
- Self-signed Certificate
- Trust Anchor Store