Setup AI Agent Trust Registry

Walkthrough for setting up Trust Registries for your AI Agents.

Users are able to build AI Agent Trust Registries using our cheqd Studio APIs. The following steps will enable organisations, governance authorities, auditors and AI Agents to establish permissions, rules and hierarchy between each other.

Step 1: Set up your cheqd Studio account

Make sure you have set up your account with cheqd Studio and are logged in, using our guide below:

Set up your account

Set up your account with cheqd Studio and log in to start using the APIs.

Step 2: Create a Root DID

The first step for any trust registry is a Root DID, which acts as a trust anchor for the chain of trust below. This DID should be for the highest level of trust in your ecosystem, such as a governance authority, a managing company or an auditor.

For more basic trust registries, the company issuing the AI Agent credentials may also be the Root of Trust with the Root DID.

Create an Issuer DID

Create a W3C conformant DID on cheqd using the did:cheqd DID Method.

Step 3: Design Schemas for your Ecosystem

When you accredit an AI Agent or Organisation that builds AI Agents, you need to do so for a particular purpose. These purposes are defined in schemas, containing the fields that MUST or MAY be present in an accreditation or credential.

We have created some template schemas that we suggest you use within your trust registry!

3.1 Verifiable Attestation

This is a schema for a Verifiable Credential issued to your AI Agent from a Trusted Issuer. The Issuer attests to features of the AI Agent, hence we call it a Verifiable Attestation.

Verifiable Attestation Schema

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "Verifiable Attestation",
  "description": "The schema defines a generic structure for any Verifiable Credentials according to the VCDM v1.1",
  "type": "object",
  "properties": {
    "@context": {
      "description": "Semantic context for the issued credential. First element MUST be https://www.w3.org/2018/credentials/v1",
      "type": "array",
      "items": {
        "type": "string",
        "format": "uri"
      },
      "contains": {
        "const": "https://www.w3.org/2018/credentials/v1"
      },
      "minItems": 1,
      "uniqueItems": true
    },
    "id": {
      "description": "Globally unique identifier for the issued credential",
      "type": "string",
      "format": "uri"
    },
    "type": {
      "description": "Full type chain, used to identify the credential base types",
      "type": "array",
      "items": {
        "type": "string"
      },
      "contains": {
        "type": "string",
        "const": "VerifiableAttestation"
      },
      "uniqueItems": true
    },
    "issuer": {
      "description": "Defines a property for expressing the issuer of a Verifiable Credential",
      "oneOf": [
        {
          "description": "DID of the credential issuer",
          "type": "string",
          "format": "uri"
        },
        {
          "type": "object",
          "required": ["id"],
          "properties": {
            "id": {
              "description": "DID of the credential issuer",
              "type": "string",
              "format": "uri"
            }
          }
        }
      ]
    },
    "issuanceDate": {
      "description": "Defines the date and time, when the issued credential becomes valid",
      "type": "string",
      "format": "date-time"
    },
    "issued": {
      "description": "Defines when the issued credential was issued",
      "type": "string",
      "format": "date-time"
    },
    "validFrom": {
      "description": "Defines the date and time, when the issued credential becomes valid",
      "type": "string",
      "format": "date-time"
    },
    "validUntil": {
      "description": "Defines the date and time, when the issued credential expires",
      "type": "string",
      "format": "date-time"
    },
    "expirationDate": {
      "description": "Defines the date and time, when the issued credential expires",
      "type": "string",
      "format": "date-time"
    },
    "credentialSubject": {
      "description": "Defines information about the subject that is defined by the type chain",
      "anyOf": [
        {
          "$ref": "#/$defs/credentialSubject"
        },
        {
          "type": "array",
          "items": {
            "$ref": "#/$defs/credentialSubject"
          }
        }
      ]
    },
    "credentialStatus": {
      "description": "Defines suspension and/or revocation details for the issued credential. Further redefined by the type extension",
      "anyOf": [
        {
          "$ref": "#/$defs/credentialStatus"
        },
        {
          "type": "array",
          "items": {
            "$ref": "#/$defs/credentialStatus"
          }
        }
      ]
    },
    "credentialSchema": {
      "description": "One or more schemas that validate the Verifiable Credential.",
      "anyOf": [
        {
          "$ref": "#/$defs/credentialSchema"
        },
        {
          "type": "array",
          "items": {
            "$ref": "#/$defs/credentialSchema"
          }
        }
      ]
    },
    "termsOfUse": {
      "description": "Contains the terms under which the issued credential was issued",
      "anyOf": [
        {
          "$ref": "#/$defs/termsOfUse"
        },
        {
          "type": "array",
          "items": {
            "$ref": "#/$defs/termsOfUse"
          }
        }
      ]
    },
    "evidence": {
      "description": "Contains the optional evidence used to issue this credential",
      "anyOf": [
        {
          "$ref": "#/$defs/evidence"
        },
        {
          "type": "array",
          "items": {
            "$ref": "#/$defs/evidence"
          }
        }
      ]
    }
  },
  "required": [
    "@context",
    "id",
    "type",
    "issuer",
    "credentialSubject"
  ],
  "$defs": {
    "credentialSubject": {
      "description": "Defines information about the subject that is defined by the type chain",
      "type": "object",
      "properties": {
        "id": {
          "description": "Defines the DID of the subject that is described by the issued credential",
          "type": "string",
          "format": "uri"
        }
      }
    },
    "credentialStatus": {
      "description": "Defines suspension and/or revocation details for the issued credential. Further redefined by the type extension",
      "type": "object",
      "properties": {
        "id": {
          "description": "Exact identity for the credential status",
          "type": "string",
          "format": "uri"
        },
        "type": {
          "description": "Defines the revocation type extension",
          "type": "string"
        }
      },
      "required": ["id", "type"]
    },
    "credentialSchema": {
      "description": "Contains information about the credential schema on which the issued credential is based",
      "type": "object",
      "properties": {
        "id": {
          "description": "References the credential schema stored on the Trusted Schemas Registry (TSR) on which the Verifiable Authorisation is based on",
          "type": "string",
          "format": "uri"
        },
        "type": {
          "description": "Defines credential schema type",
          "type": "string"
        }
      },
      "required": ["id", "type"]
    },
    "termsOfUse": {
      "description": "Contains the terms under which the issued credential was issued",
      "type": "object",
      "properties": {
        "id": {
          "description": "Contains a URL that points to where more information about this instance of terms of use can be found.",
          "type": "string"
        },
        "type": {
          "description": "Defines the type extension",
          "type": "string"
        }
      },
      "required": ["type"]
    },
    "evidence": {
      "type": "object",
      "properties": {
        "id": {
          "description": "If present, it SHOULD contain a URL that points to where more information about this instance of evidence can be found.",
          "type": "string"
        },
        "type": {
          "anyOf": [
            {
              "description": "Defines the evidence type extension",
              "type": "string"
            },
            {
              "description": "Defines the evidence type extension",
              "type": "array",
              "items": {
                "type": "string"
              }
            }
          ]
        }
      },
      "required": ["type"]
    }
  }
}

This schema can be always retrieved from the cheqd ledger at:

https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e?resourceName=VerifiableAttestation&resourceType=JSONSchemaValidator2020resolver.cheqd.net

3.2 Verifiable Accreditation

This is a schema for a Verifiable Credential between two DIDs, to accredit the DIDs for specific purposes. The accreditedFor section of the Accreditation can be modified with specific schemas for AI Agents.

Verifiable Accreditation Schema

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "Verifiable Accreditation",
  "description": "Schema of a Verifiable Accreditation",
  "type": "object",
  "allOf": [
    {
      "$ref": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e?resourceName=VerifiableAttestation&resourceType=JSONSchemaValidator2020"
    },
    {
      "properties": {
        "credentialSubject": {
          "description": "Defines additional information about the subject that is described by the Verifiable Accreditation",
          "type": "object",
          "properties": {
            "id": {
              "description": "Defines a unique identifier of the Verifiable Accreditation",
              "type": "string",
              "format": "uri"
            },
            "accreditedFor": {
              "description": "Defines a list of claims that define/determine the authorisation of an Issuer to issue certain types of VCs",
              "type": "array",
              "items": {
                "type": "object",
                "properties": {
                  "schemaId": {
                    "description": "Schema, registered in Trusted  Schemas Registry, which the accredited organisation is allowed to issue, as per their accreditation",
                    "type": "string",
                    "format": "uri"
                  },
                  "types": {
                    "type": "array",
                    "items": {
                      "type": "string"
                    }
                  },
                  "limitJurisdiction": {
                    "anyOf": [
                      {
                        "description": "Defines the jurisdiction for which the accreditation is valid",
                        "type": "string",
                        "format": "uri"
                      },
                      {
                        "type": "array",
                        "description": "Defines the jurisdictions for which the accreditation is valid",
                        "items": {
                          "type": "string",
                          "format": "uri"
                        }
                      }
                    ]
                  }
                },
                "required": ["schemaId", "types"]
              }
            }
          },
          "required": ["id", "accreditedFor"]
        },
        "credentialStatus": {
          "description": "Defines revocation details for the issued credential. Further redefined by type extension",
          "type": "object",
          "properties": {
            "id": {
              "description": "Exact identity for the credential status",
              "type": "string",
              "format": "uri"
            },
            "type": {
              "description": "Defines the revocation status type",
              "type": "string",
              "const": "EbsiAccreditationEntry"
            }
          },
          "required": ["id", "type"]
        }
      },
      "required": [
        "credentialSubject",
        "termsOfUse"
      ]
    }
  ]
}

This schema can be always retrieved from the cheqd ledger at:

https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e?resourceName=VerifiableAccreditation&resourceType=JSONSchemaValidator2020resolver.cheqd.net

We suggest that you use the same schemas that we have already made for Verifiable Accreditations and Attestations, although this is not a requirement

3.3 Custom Schemas

Builders can create custom schemas for their AI Agents, or for the accreditations between different organisations in their ecosystems. This is achieved through editing the accreditedFor section of a Verifiable Attestation above.

For example, the following schema shows how the configuration of an AI Agent can be represented within a schema:

AI Agent Authorisation Schema

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "type": "object",
  "allOf": [
    {
      "$ref": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e?resourceName=VerifiableAttestation&resourceType=JSONSchemaValidator2020"
    },
    {
    "properties": {
      "credentialSubject": {
        "type": "object",
        "properties": {
          "id": {
            "type": "string",
            "pattern": "uri"
          },
          "aiAgentName": {
            "type": "string"
          },
          "aiAgentVersion": {
            "type": "string"
          },
          "model": {
            "type": "string"
          },
          "modelVersion": {
            "type": "string"
          },
          "contextWindow": {
            "type": "integer",
            "minimum": 0
          },
          "temperature": {
            "type": "number",
            "minimum": 0,
            "maximum": 1
          },
          "topK": {
            "type": "integer",
            "minimum": 0
          },
          "topP": {
            "type": "number",
            "minimum": 0,
            "maximum": 1
          },
          "maxTokens": {
            "type": "integer",
            "minimum": 0
          },
          "fineTuned": {
            "type": "boolean"
          },
          "fineTuningDetails": {
            "type": "string",
            "nullable": true
          },
          "safetyRating": {
            "type": "string"
          },
          "evaluationMetrics": {
            "type": "array",
            "items": {
              "type": "string"
            }
          },
          "certificationAuthority": {
            "type": "string"
          },
          "validUntil": {
            "type": "string",
            "format": "date-time"
          }
        },
        "required": [
          "id",
          "aiAgentName",
          "model"
        ]
      },
      "proof": {
        "description": "Contains information about the proof",
        "type": "object",
        "properties": {
          "type": {
            "description": "Defines the proof type",
            "type": "string"
          },
          "proofPurpose": {
            "description": "Defines the purpose of the proof",
            "type": "string"
          },
          "created": {
            "description": "Defines the date and time, when the proof has been created",
            "type": "string",
            "format": "date-time"
          },
          "verificationMethod": {
            "description": "Contains information about the verification method / proof mechanisms",
            "type": "string"
          },
          "jws": {
            "description": "Defines the proof value in JWS format",
            "type": "string"
          }
        },
        "required": [
          "type",
          "proofPurpose",
          "created",
          "verificationMethod",
          "jws"
        ]
      }
    },
    "required": ["credentialSubject", "proof"]
    }
  ]
}

Step 4: Publish your schemas to cheqd as DID-Linked Resources

With the Root DID you created in Step 2, you can create links to your schemas, storing them on-chain in a resolvable format.

You can follow the tutorial here to publish your schemas as DID-Linked Resources. Generally we use the resourceType of JSONSchemaValidator2020 for JSON schemas written to the ledger.

Create DID-Linked Resource

Link resources such as schemas to your DID, publishing as a DID-Linked Resource.

This will store the schemas securely on the cheqd Network, where they can be fetched using DID URLs.

Step 5: Issue a Root Authorisation for the Trust Chain

The Root Authorisation in trust registries on cheqd is called a rootAuthorisationForTrustChain. This authorisation contains informartion about the governance framework the AI Agents will operate in, and signifies to trust registry resolvers that they have reached the intended Root.

Authorisations are issued between two DIDs (which may be the same). As such, if you are managing the entire ecosystem, you may need to create multiple DIDs for different roles in the ecosystem. Otherwise, you need to be aware of the DIDs of the organisations you are seeking to authorise.

Generally, the Root Authorisation also contains the schemas and types of credentials that will be issued below in the trust chain.

Note that it is common for the rootAuthorisationForTrustChain to be self-issued, from the same issuer DID to subject DID, authorising it to carry out other operations.

5.1 Verifiable Authorisation for Trust Chain

Using POST /trust-registry/accreditation/issue

Use the following request format:

Request format for Verifiable Authorisation for Trust Chain

{
  "issuerDid": "did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e", // This is the Root DID for the Trust Chain
  "subjectDid": "did:cheqd:testnet:6af412d7-2f04-4e12-a424-e6719db487ad", // This is the DID Authorised at a Root Level and may often be the same DID as the issuer
  "schemas": [ // enter the schemas you have created for your trust registry
    {
      "types": "AIAgentAuthorisation",
      "url": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:c6630f1e-9248-4af6-b7ac-5bcaf646f213?resourceName=AIAgentAuthorisation&resourceType=JSONSchemaValidator2020"
    },
    {
      "uri": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e?resourceName=VerifiableAccreditation&resourceType=JSONSchemaValidator2020",
      "types": [
          "VerifiableCredential",
          "VerifiableAccreditation",
          "VerifiableAccreditationToAccredit"
        ]
      },
      {
       "uri": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e?resourceName=VerifiableAttestation&resourceType=JSONSchemaValidator2020",
       "types": [
          "VerifiableCredential",
          "VerifiableAttestation",
          "VerifiableAccreditationToAttest"
        ]
      }
  ],
  "format": "jwt",
  "accreditationName": "authoriseAccreditationTest",
  "trustFramework": "https://learn.cheqd.io/governance/start",
  "trustFrameworkId": "cheqd Governance Framework"
}

Response format for Verifiable Authorisation for Trust Chain

{
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "type": [
    "VerifiableCredential",
    "VerifiableAuthorisationForTrustChain"
  ],
  "issuer": {
    "id": "did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e"
  },
  "credentialSubject": {
    "accreditedFor": [
      {
        "schemaId": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:0a5b94d0-a417-48ed-a6f5-4abc9e95888d?resourceName=MuseumPassCredentialSchema&resourceType=JsonSchemaValidator2018",
        "type": "MuseumPassCredential"
      }
    ],
    "id": "did:cheqd:testnet:6af412d7-2f04-4e12-a424-e6719db487ad"
  },
  "issuanceDate": "2024-10-15T04:06:47.000Z",
  "termsOfUse": {
    "type": "VerifiableAuthorisationForTrustChain",
    "trustFramework": "https://learn.cheqd.io/governance/start",
    "trustFrameworkId": "cheqd Governance Framework"
  },
  "proof": {
    "type": "JwtProof2020",
    "jwt": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSJdLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVmVyaWZpYWJsZUF1dGhvcmlzYXRpb25Gb3JUcnVzdENoYWluIl0sImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImFjY3JlZGl0ZWRGb3IiOlt7InNjaGVtYUlkIjoiaHR0cHM6Ly9yZXNvbHZlci5jaGVxZC5uZXQvMS4wL2lkZW50aWZpZXJzL2RpZDpjaGVxZDp0ZXN0bmV0OjBhNWI5NGQwLWE0MTctNDhlZC1hNmY1LTRhYmM5ZTk1ODg4ZD9yZXNvdXJjZU5hbWU9TXVzZXVtUGFzc0NyZWRlbnRpYWxTY2hlbWEmcmVzb3VyY2VUeXBlPUpzb25TY2hlbWFWYWxpZGF0b3IyMDE4IiwidHlwZSI6Ik11c2V1bVBhc3NDcmVkZW50aWFsIn1dfSwidGVybXNPZlVzZSI6eyJ0eXBlIjoiVmVyaWZpYWJsZUF1dGhvcmlzYXRpb25Gb3JUcnVzdENoYWluIiwidHJ1c3RGcmFtZXdvcmsiOiJodHRwczovL2xlYXJuLmNoZXFkLmlvL2dvdmVybmFuY2Uvc3RhcnQiLCJ0cnVzdEZyYW1ld29ya0lkIjoiY2hlcWQgR292ZXJuYW5jZSBGcmFtZXdvcmsifX0sInN1YiI6ImRpZDpjaGVxZDp0ZXN0bmV0OjZhZjQxMmQ3LTJmMDQtNGUxMi1hNDI0LWU2NzE5ZGI0ODdhZCIsIm5iZiI6MTcyODk2NTIwNywiaXNzIjoiZGlkOmNoZXFkOnRlc3RuZXQ6YjAwM2RmNmYtZWM4ZS00OGRkLTlhMmItNzAxMWM1Y2YwYTVlIn0.6dKE9-y2Id852onu1_WnD6aJnDtxgFZcjCbCfQ8MT1ACsHY8ox5jiKP4QUJNmhwesLidC99Qa0uyCrUhvHc2Bg"
  }
}

Request Parameter

Required

Description

"issuerDid"

Yes

The DID of the Issuer of the Accreditation

"subjectDid"

Yes

The DID of the Recipient of the Accreditation

"types"

Yes

The "types" of credential you are authorising for your trust chain

"url"

Yes

A schema or multiple schemas that the recipient is accredited to issue

"format"

Optional

Defaults to "jwt" but may also be "json-ld"

"accreditationName"

Yes

Name of the accreditation which is used for chronological versioning of the accreditation.

"trustFramework"

Yes

A URL that points to an Ecosystem Governance Framework

"trustFrameworkId"

Yes

The name of the Ecosystem Governance Framework

"credentialStatus"

Optional

An object detailing the status information of the Accreditation

You can use the API below to make this transaction, using the parameter 'authorise'.

Publish a verifiable accreditation for a DID.

post

Generate and publish a Verifiable Accreditation for a subject DID as a DID Linked resource.

Authorizations

Query parameters

accreditationTypestring · enumRequired

Select the type of accreditation to be issued.

Possible values:

Body

Input fields for the creating a Verifiable Accreditation.

issuerDidstringRequired

DID of the Verifiable Accreditation issuer. This needs to be a did:cheqd DID.

Example: did:cheqd:testnet:7bf81a20-633c-4cc7-bc4a-5a45801005e0

subjectDidstringRequired

DID of the Verifiable Accreditation holder/subject. This needs to be a did:cheqd DID.

Example: did:cheqd:testnet:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK

accreditationNamestringRequired

Unique name of the Verifiable Accreditation.

attributesobjectOptional

JSON object containing the attributes to be included in the Accreditation.

@contextstring[]Optional

Optional properties to be included in the @context property of the Accreditation.

Example: ["https://schema.org/schema.jsonld","https://veramo.io/contexts/profile/v1"]

parentAccreditationstringOptional

DID URL of the parent Verifiable Accreditation, required for accredit/attest operation.

rootAuthorisationstringOptional

DID URL of the root Verifiable Accreditation, required for accredit/attest operation.

trustFrameworkstringOptional

Name or Type of the Trust Framework, required for authorise operation.

trustFrameworkIdstringOptional

Url of the Trust Framework, required for authorise operation.

typestring[]Optional

Optional properties to be included in the type property of the Accreditation.

Example: ["Person"]

expirationDatestring · date-timeOptional

Optional expiration date according to the <a href=https://www.w3.org/TR/vc-data-model/#expiration> VC Data Model specification.

Example: 2023-06-08T13:49:28.000Z

formatstring · enumOptional

Format of the Verifiable Accreditation. Defaults to VC-JWT.

Example: jwtPossible values:

termsOfUseobject[]Optional

Terms of use can be utilized by an issuer or a holder to communicate the terms under which a verifiable credential was issued.

Example:

{"type":"IssuerPolicy","id":"http://example.com/policies/credential/4","profile":"http://example.com/profiles/credential","prohibition":[{"assigner":"https://example.edu/issuers/14","assignee":"AllVerifiers","target":"http://example.edu/credentials/3732","action":["Archival"]}]}

refreshServiceobject[]Optional

RefreshService property MUST be one or more refresh services that provides enough information to the recipient's software such that the recipient can refresh the verifiable credential.

Example: {"type":"ManualRefreshService2018","id":"https://example.edu/refresh/3732"}

evidenceobject[]Optional

Evidence property MUST be one or more evidence schemes providing enough information for a verifier to determine whether the evidence gathered by the issuer meets its confidence requirements for relying on the credential.

Example:

{"type":["DocumentVerification"],"id":"https://example.edu/evidence/f2aeec97-fc0d-42bf-8ca7-0548192d4231","verifier":"https://example.edu/issuers/14","evidenceDocument":"DriversLicense","subjectPresence":"Physical","documentPresence":"Physical","licenseNumber":"123AB4567"}

Responses

200

The request was successful.

application/json

400

A problem with the input fields has occurred. Additional state information plus metadata may be available in the response body.

401

Access token is missing or invalid

500

An internal error has occurred. Additional state information plus metadata may be available in the response body.

post

POST /trust-registry/accreditation/issue?accreditationType=authorise HTTP/1.1
Host: 
x-api-key: YOUR_API_KEY
Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 955

"issuerDid='did:cheqd:testnet:7bf81a20-633c-4cc7-bc4a-5a45801005e0'&subjectDid='did:cheqd:testnet:2582fe17-9b25-45e4-8104-1cfca430f0c3'&schemas=[{'type':'MuseumPassCredential','url':'https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:0a5b94d0-a417-48ed-a6f5-4abc9e95888d?resourceName=MuseumPassCredentialSchema&resourceType=JsonSchemaValidator2018'}]&format='jwt'&accreditationName='authoriseAccreditation'&trustFramework='https://learn.cheqd.io/governance/start'&trustFrameworkId='cheqd Governance Framework'&parentAccreditation='did:cheqd:testnet:15b74787-6e48-4fd5-8020-eab24e990578?resourceName=accreditAccreditation&resourceType=VerifiableAccreditationToAccredit'&rootAuthorisation='did:cheqd:testnet:5RpEg66jhhbmASWPXJRWrA?resourceName=authoriseAccreditation&resourceType=VerifiableAuthorisationForTrustChain'&credentialStatus={'statusPurpose':'revocation','statusListName':'employee-credentials','statusListIndex':10}"

{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://schema.org",
    "https://veramo.io/contexts/profile/v1"
  ],
  "credentialSubject": {
    "gender": "male",
    "id": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
    "name": "Bob"
  },
  "credentialStatus": {
    "id": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:7c2b990c-3d05-4ebf-91af-f4f4d0091d2e?resourceName=cheqd-suspension-1&resourceType=StatusList2021Suspension#20",
    "statusIndex": 20,
    "statusPurpose": "suspension",
    "type": "StatusList2021Entry"
  },
  "issuanceDate": "2023-06-08T13:49:28.000Z",
  "issuer": {
    "id": "did:cheqd:testnet:7bf81a20-633c-4cc7-bc4a-5a45801005e0"
  },
  "proof": {
    "jwt": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkaWQ6Y2hlcWQ6dGVzdG5ldDo3YmY4MWEyMC02MzNjLTRjYzctYmM0YS01YTQ1ODAxMDA1ZTAiLCJuYmYiOjE2ODYyMzIxNjgsInN1YiI6ImRpZDprZXk6ejZNa2hhWGdCWkR2b3REa0w1MjU3ZmFpenRpR2lDMlF0S0xHcGJubkVHdGEyZG9LIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3NjaGVtYS5vcmciLCJodHRwczovL3ZlcmFtby5pby9jb250ZXh0cy9wcm9maWxlL3YxIl0sImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImdlbmRlciI6Im1hbGUiLCJuYW1lIjoiQm9iIn0sInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJQZXJzb24iXX19.wMfdR6RtyAZA4eoWya5Aw97wwER2Cm5Guk780Xw8H9fA3sfudIJeLRLboqixpTchqSbYeA7KbuCTAnLgXTD_Cg",
    "type": "JwtProof2020"
  },
  "type": [
    "VerifiableCredential",
    "Person"
  ]
}

Step 6: Issue your next Accreditation

Depending on how many layers deep you want your trust registry, you now need to issue an accreditationToAccredit or an accreditationToAttest. In essence, you need to decide whether you want to accredit a subordinate entity to accredit other organisations (creating a deeper trust chain), or accredit a subordinate entity to issue Credentials to your AI Agent.

6.1 Verifiable Accreditation to Accredit

Request format for Verifiable Accreditation to Accredit

{
  "issuerDid": "did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e",
  "subjectDid": "did:cheqd:testnet:6af412d7-2f04-4e12-a424-e6719db487ad",
  "schemas": [
    {
      "types": "AIAgentAuthorisation",
      "url": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:c6630f1e-9248-4af6-b7ac-5bcaf646f213?resourceName=AIAgentAuthorisation&resourceType=JSONSchemaValidator2020"
    },
    {
      "uri": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e?resourceName=VerifiableAccreditation&resourceType=JSONSchemaValidator2020",
      "types": [
          "VerifiableCredential",
          "VerifiableAccreditation",
          "VerifiableAccreditationToAccredit"
        ]
      },
      {
       "uri": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e?resourceName=VerifiableAttestation&resourceType=JSONSchemaValidator2020",
       "types": [
          "VerifiableCredential",
          "VerifiableAttestation",
          "VerifiableAccreditationToAttest"
        ]
      }
  ],
  "format": "jwt",
  "accreditationName": "accreditationToAttestTest",
  "parentAccreditation": "did:cheqd:testnet:15b74787-6e48-4fd5-8020-eab24e990578?resourceName=accreditAccreditation&resourceType=VerifiableAccreditationToAccredit",
  "rootAuthorization": "did:cheqd:testnet:5RpEg66jhhbmASWPXJRWrA?resourceName=authorizeAccreditation&resourceType=VerifiableAuthorisationForTrustChain",
}

Response format for Verifiable Accreditation to Accredit

{
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "type": [
    "VerifiableCredential",
    "VerifiableAccreditationToAccredit"
  ],
  "issuer": {
    "id": "did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e"
  },
  "credentialSubject": {
    "accreditedFor": [
      {
        "schemaId": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:0a5b94d0-a417-48ed-a6f5-4abc9e95888d?resourceName=MuseumPassCredentialSchema&resourceType=JsonSchemaValidator2018",
        "type": "AIAgentAuthorisation"
      }
    ],
    "id": "did:cheqd:testnet:6af412d7-2f04-4e12-a424-e6719db487ad"
  },
  "issuanceDate": "2024-10-15T04:06:47.000Z",
  "termsOfUse": {
    "type": "AccreditationPolicy",
    "parentAccreditation": "did:cheqd:testnet:15b74787-6e48-4fd5-8020-eab24e990578?resourceName=accreditAccreditation&resourceType=VerifiableAccreditationToAccredit",
    "rootAuthorization": "did:cheqd:testnet:5RpEg66jhhbmASWPXJRWrA?resourceName=authorizeAccreditation&resourceType=VerifiableAuthorisationForTrustChain",
  },
  "proof": {
    "type": "JwtProof2020",
    "jwt": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSJdLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVmVyaWZpYWJsZUF1dGhvcmlzYXRpb25Gb3JUcnVzdENoYWluIl0sImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImFjY3JlZGl0ZWRGb3IiOlt7InNjaGVtYUlkIjoiaHR0cHM6Ly9yZXNvbHZlci5jaGVxZC5uZXQvMS4wL2lkZW50aWZpZXJzL2RpZDpjaGVxZDp0ZXN0bmV0OjBhNWI5NGQwLWE0MTctNDhlZC1hNmY1LTRhYmM5ZTk1ODg4ZD9yZXNvdXJjZU5hbWU9TXVzZXVtUGFzc0NyZWRlbnRpYWxTY2hlbWEmcmVzb3VyY2VUeXBlPUpzb25TY2hlbWFWYWxpZGF0b3IyMDE4IiwidHlwZSI6Ik11c2V1bVBhc3NDcmVkZW50aWFsIn1dfSwidGVybXNPZlVzZSI6eyJ0eXBlIjoiVmVyaWZpYWJsZUF1dGhvcmlzYXRpb25Gb3JUcnVzdENoYWluIiwidHJ1c3RGcmFtZXdvcmsiOiJodHRwczovL2xlYXJuLmNoZXFkLmlvL2dvdmVybmFuY2Uvc3RhcnQiLCJ0cnVzdEZyYW1ld29ya0lkIjoiY2hlcWQgR292ZXJuYW5jZSBGcmFtZXdvcmsifX0sInN1YiI6ImRpZDpjaGVxZDp0ZXN0bmV0OjZhZjQxMmQ3LTJmMDQtNGUxMi1hNDI0LWU2NzE5ZGI0ODdhZCIsIm5iZiI6MTcyODk2NTIwNywiaXNzIjoiZGlkOmNoZXFkOnRlc3RuZXQ6YjAwM2RmNmYtZWM4ZS00OGRkLTlhMmItNzAxMWM1Y2YwYTVlIn0.6dKE9-y2Id852onu1_WnD6aJnDtxgFZcjCbCfQ8MT1ACsHY8ox5jiKP4QUJNmhwesLidC99Qa0uyCrUhvHc2Bg"
  }
}

Request Parameter

Required

Description

"issuerDid"

Yes

The DID of the Issuer of the Accreditation

"subjectDid"

Yes

The DID of the Recipient of the Accreditation

"url"

Yes

A schema or multiple schemas that the recipient is accredited to issue

"types"

Yes

The types of credential the subject is accredited to issue

"format"

Optional

Defaults to "jwt" but may also be "json-ld"

"accreditationName"

Yes

Name of the accreditation which is used for chronological versioning of the accreditation.

"parentAccreditation"

Yes

A URL or DID URL of Accreditation of the Issuer demonstrating capacity to issue this Accreditation.

"rootAuthorisation"

Yes

A URL or DID URL of the root authorization governing the ecosystem

"credentialStatus"

Optional

An object detailing the status information of the Accreditation

For a trusted ecosystem, these attestations are required to trace the legitimacy of a credential issuer to a root-of-trust.

6.2 Verifiable Accreditation to Attest

If you just want to accredit the subordinate DID to issue credentials to your AI Agent, use a Verifiable Accreditation to Attest.

Request format for Verifiable Accreditation to Attest

{
  "issuerDid": "did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e",
  "subjectDid": "did:cheqd:testnet:6af412d7-2f04-4e12-a424-e6719db487ad",
  "schemas": [
    {
      "types": "AIAgentAuthorisation",
      "url": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:c6630f1e-9248-4af6-b7ac-5bcaf646f213?resourceName=AIAgentAuthorisation&resourceType=JSONSchemaValidator2020"
    },
    {
      "uri": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e?resourceName=VerifiableAccreditation&resourceType=JSONSchemaValidator2020",
      "types": [
          "VerifiableCredential",
          "VerifiableAccreditation",
          "VerifiableAccreditationToAccredit"
        ]
      },
      {
       "uri": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e?resourceName=VerifiableAttestation&resourceType=JSONSchemaValidator2020",
       "types": [
          "VerifiableCredential",
          "VerifiableAttestation",
          "VerifiableAccreditationToAttest"
        ]
      }
  ],
  "format": "jwt",
  "accreditationName": "accreditationToAttestTest",
  "parentAccreditation": "did:cheqd:testnet:15b74787-6e48-4fd5-8020-eab24e990578?resourceName=accreditAccreditation&resourceType=VerifiableAccreditationToAccredit",
  "rootAuthorization": "did:cheqd:testnet:5RpEg66jhhbmASWPXJRWrA?resourceName=authorizeAccreditation&resourceType=VerifiableAuthorisationForTrustChain",
}

Response format for Verifiable Accreditation to Attest

{
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "type": [
    "VerifiableCredential",
    "VerifiableAccreditationToAccredit"
  ],
  "issuer": {
    "id": "did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e"
  },
  "credentialSubject": {
    "accreditedFor": [
      {
        "schemaId": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:0a5b94d0-a417-48ed-a6f5-4abc9e95888d?resourceName=MuseumPassCredentialSchema&resourceType=JsonSchemaValidator2018",
        "type": "MuseumPassCredential"
      }
    ],
    "id": "did:cheqd:testnet:6af412d7-2f04-4e12-a424-e6719db487ad"
  },
  "issuanceDate": "2024-10-15T04:06:47.000Z",
  "termsOfUse": {
    "type": "VerifiableAuthorisationForTrustChain",
    "parentAccreditation": "did:cheqd:testnet:15b74787-6e48-4fd5-8020-eab24e990578?resourceName=accreditAccreditation&resourceType=VerifiableAccreditationToAccredit",
    "rootAuthorization": "did:cheqd:testnet:5RpEg66jhhbmASWPXJRWrA?resourceName=authorizeAccreditation&resourceType=VerifiableAuthorisationForTrustChain",
  },
  "proof": {
    "type": "JwtProof2020",
    "jwt": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSJdLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVmVyaWZpYWJsZUF1dGhvcmlzYXRpb25Gb3JUcnVzdENoYWluIl0sImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImFjY3JlZGl0ZWRGb3IiOlt7InNjaGVtYUlkIjoiaHR0cHM6Ly9yZXNvbHZlci5jaGVxZC5uZXQvMS4wL2lkZW50aWZpZXJzL2RpZDpjaGVxZDp0ZXN0bmV0OjBhNWI5NGQwLWE0MTctNDhlZC1hNmY1LTRhYmM5ZTk1ODg4ZD9yZXNvdXJjZU5hbWU9TXVzZXVtUGFzc0NyZWRlbnRpYWxTY2hlbWEmcmVzb3VyY2VUeXBlPUpzb25TY2hlbWFWYWxpZGF0b3IyMDE4IiwidHlwZSI6Ik11c2V1bVBhc3NDcmVkZW50aWFsIn1dfSwidGVybXNPZlVzZSI6eyJ0eXBlIjoiVmVyaWZpYWJsZUF1dGhvcmlzYXRpb25Gb3JUcnVzdENoYWluIiwidHJ1c3RGcmFtZXdvcmsiOiJodHRwczovL2xlYXJuLmNoZXFkLmlvL2dvdmVybmFuY2Uvc3RhcnQiLCJ0cnVzdEZyYW1ld29ya0lkIjoiY2hlcWQgR292ZXJuYW5jZSBGcmFtZXdvcmsifX0sInN1YiI6ImRpZDpjaGVxZDp0ZXN0bmV0OjZhZjQxMmQ3LTJmMDQtNGUxMi1hNDI0LWU2NzE5ZGI0ODdhZCIsIm5iZiI6MTcyODk2NTIwNywiaXNzIjoiZGlkOmNoZXFkOnRlc3RuZXQ6YjAwM2RmNmYtZWM4ZS00OGRkLTlhMmItNzAxMWM1Y2YwYTVlIn0.6dKE9-y2Id852onu1_WnD6aJnDtxgFZcjCbCfQ8MT1ACsHY8ox5jiKP4QUJNmhwesLidC99Qa0uyCrUhvHc2Bg"
  }
}

Request Parameter

Required

Description

"issuerDid"

Yes

The DID of the Issuer of the Accreditation

"subjectDid"

Yes

The DID of the Recipient of the Accreditation

"url"

Yes

A schema or multiple schemas that the recipient is accredited to issue

"types"

Yes

The types of credential the subject is accredited to issue

"format"

Optional

Defaults to "jwt" but may also be "json-ld"

"accreditationName"

Yes

Name of the accreditation which is used for chronological versioning of the accreditation.

"parentAccreditation"

Yes

A URL or DID URL of Accreditation of the Issuer demonstrating capacity to issue this Accreditation.

"rootAuthorisation"

Yes

A URL or DID URL of the root authorization governing the ecosystem

"credentialStatus"

Optional

An object detailing the status information of the Accreditation

For a trusted ecosystem, these attestations are required to trace the legitimacy of a credential issuer to a root-of-trust.

Note that there MUST be an accreditationToAttest for credentials to be issued that reference an accreditation in the next tutorial.

Core Trust Registry Setup Complete!

Great! Now you have set up the core functionality for your trust registry. Next you will want to issue a Verifiable Attestation from the "trusted issuer" in the Trust Registry to an AI Agent:

Issue Verifiable Credentials to AI Agent

Issue a Verifiable Credential to your AI Agent referencing the parentAccreditation and rootAuthorisation for the trust chain.

Last updated 1 month ago

Was this helpful?