Some implementations of the disclosure are directed to: receiving an encrypted message from an entity, the encrypted message including a request to determine if a claimant of a distributed attestation is a holder of the distributed attestation; decrypting the encrypted message; using at least a public key of the entity to determine whether the entity is authorized to obtain information about the distributed attestation; and if the entity is authorized to obtain information about the distributed attestation, transmitting a response message to the entity indicating if the claimant of the distributed attestation is the holder of the distributed attestation. Authorization of the entity to obtain information about the distributed attestation may be based on role based access control rights to obtain information about the distributed attestation.