Product Docs
Product DocsTechnical DocsLearning & GovernanceUseful Links
  • Product Docs
  • Node Docs
  • Learning Docs
  • ℹ️Getting Started
    • Product Overview
    • ➑️Get Started with cheqd Studio
      • πŸ‘‰Set Up Your Account
      • πŸ—οΈCreate API Keys
      • πŸͺ™Token Top Up
      • πŸ”„Advanced Configuration Options
    • β˜‘οΈUse Trust Registries for AI Agents
      • πŸ—οΈBuild an AI Agent Trust Registry
        • Setup AI Agent Trust Registry
          • Issue Verifiable Credentials to AI Agent
        • Setup and Configure MCP Server
          • Create AI Agent DID
          • Import Credential to AI Agent
          • Advanced functionality
            • Issue a Verifiable Credential
            • Verify a Credential
      • 🀝Validate AI Agent Trust Chain
  • 🟒Start using cheqd
    • πŸ†”Create DIDs and Identity Keys
      • Create Issuer DID
      • Create Identity Keys and Subject DIDs
      • Resolve a DID
      • Update a DID
      • Deactivate a DID
    • βœ…Issue Credentials and Presentations
      • Issue Credential
      • Setup Verida Wallet
      • Verify Credential
      • Verify Presentation
      • Revoke Credential
      • Suspend or Unsuspend Credential
    • ♻️Charge for Verifiable Credentials
      • Understanding Credential Payments
        • Access Control Conditions
        • Privacy Considerations
      • Charge for Status List
      • Issue Credential with Encrypted Status List
      • Create Verifier Pays Issuer flow
      • Bulk Update or Rotate Encryption Keys
    • 🀝Build Trust Registries
      • Decentralized Trust Chains (DTCs)
        • Root Authorisations
        • RTAO -> TAO
        • TAO -> SubTAO
        • TAO -> Trusted Issuer (TI)
        • Referencing Trust Registry within a Verifiable Credential
      • Set up Trust Chain
        • Issue Verifiable Accreditation
        • Verify Verifiable Accreditation
      • Get Started with TRAIN
        • Deploy TRAIN and Anchor rTAO in DNS
        • Validate Trust Chain
    • πŸŽ‹Create Status Lists
      • Bitstring Status List
        • Create Bitstring Status List
        • Update Bitstring Status List
        • Check Bitstring Status List
        • Search Bitstring Status List
      • Token Status List
        • Create Token Status List
        • Update Token Status List
    • ↕️Create DID-Linked Resources
      • Understanding DID-Linked Resources
        • Context for developing DID-Linked Resources
        • Technical composition of DID-Linked Resources
        • Referencing DID-Linked Resources in VCs
      • Create DID-Linked Resource
      • Search DID-Linked Resource
  • πŸ› οΈIntegrate an SDK
    • Choosing the right SDK
    • 🍏Credo
      • Setup Credo Agent
      • Decentralized Identifiers (DIDs)
        • Create a DID
        • Update a DID
        • Deactivate a DID
      • DID-Linked Resources
        • Create DID-Linked Resource
        • Resolve DID-Linked Resource
        • Create AnonCreds Schema
        • Create AnonCreds Credential Definition
      • Verifiable Credentials and Presentations
        • Issue a Verifiable Credential (AnonCreds)
        • Present a Verifiable Credential (AnonCreds)
    • 🍊ACA-Py
      • Setup ACA-Py Agent
      • Decentralized Identifiers (DIDs)
        • Create a DID
        • Update a DID
        • Deactivate a DID
      • DID-Linked Resources
        • Create AnonCreds Schema
        • Create AnonCreds Credential Definition
      • Verifiable Credentials and Presentations
        • AnonCreds
          • Issue a Verifiable Credential
          • Present a Verifiable Credential
          • Revoke a Verifiable Credential
        • JSON-LD
          • Issue a Verifiable Credential
          • Present a Verifiable Credential
    • 🍈Veramo
      • Setup Veramo CLI for cheqd
        • Troubleshooting Veramo CLI setup
      • Decentralised Identifiers (DIDs)
        • Create a DID
        • Querying a DID
        • Update an existing DID
        • Deactivate a DID
        • Create an off-ledger holder DID
        • Managing Identity Keys
        • Troubleshooting
      • Verifiable Credentials and Presentations
        • Issue a Verifiable Credential
        • Verify a Verifiable Credential
        • Create a Verifiable Presentation
        • Verify a Verifiable Presentation
      • Credential Payments
        • Charge for Status List
        • Issue Credential with Encrypted Status List
        • Verifier pays Issuer
      • Bitstring Status List
        • Create Status List
        • Issuing a Verifiable Credential referencing Status List
      • DID-Linked Resources
        • Create a DID-Linked Resource
        • Create a new Resource version within existing Collection
    • 🫐Walt.id Community Stack
  • πŸ—οΈArchitecture
    • Architecture Decision Record (ADR) Process
    • List of ADRs
      • πŸ”΅ADR 001: cheqd DID Method
      • 🟒ADR 002: DID-Linked Resources
      • 🟑ADR 003: DID Resolver
      • 🟠ADR 004: DID Registrar
      • 🟣ADR 005: DID Resolution & DID URL Dereferencing
  • πŸ’«Advanced features and alternatives
    • ➑️DID Registrar
      • Setup DID Registrar
      • Create a DID
      • Create a DID-Linked Resource
    • ⬅️DID Resolver
      • Setup DID Resolver
    • ⚑AnonCreds Object Method
      • Schemas
      • Credential Definitions
      • Revocation Registry Definitions
      • Revocation Status Lists
    • 🌠Advanced Tooling
      • cheqd Cosmos CLI for identity
        • Create a DID
        • Update a DID
        • Deactivate a DID
        • Query a DID
        • Create a DID-Linked Resource
        • Update a DID-Linked Resource
      • Direct interaction with ledger code
      • VDR Tools CLI with cheqd (deprecated)
      • Demo Wallet for Identity Setup
  • βš›οΈNetwork
    • Get started with cheqd Network
      • Identity Write Pricing
      • Comparison to Hyperledger Indy
    • ⏩Setup your Wallet
      • Setup Leap Wallet
        • Congifure cheqd testnet for Leap
      • Setup Keplr Wallet
      • Migrate from Keplr to Leap Wallet
    • β†ͺ️Useful Tools and APIs
      • Block Explorer
      • Testnet Faucet
      • Validator Status API
      • Cheqd x Cosmos Data APIs
      • Cosmos Airdrop Helpers
      • Cosmos Address Convertor
      • Ethereum Bridge
    • ⬆️Network Upgrades
      • 2021
        • 0.1.x
        • 0.2.x
        • 0.3.x
      • 2022
        • 0.4.x
        • 0.5.x
        • 0.6.x
      • 2023
        • 1.x
      • 2024
        • 2.x
        • 3.x
      • Root Cause Analysis of Outages
        • v1.x upgrade RCA
  • βš–οΈLegal
    • License
    • Code of Conduct
    • Security Policy
  • πŸ†˜Support
    • System Status
    • Discord
    • Bugs & Feature Requests
Powered by GitBook
LogoLogo

General

  • Website
  • Blog
  • Get $CHEQ

Product Docs

  • Product Docs
  • cheqd Studio
  • Creds.xyz
  • Bug/Feature Requests

Technical Docs

  • Node Docs
  • GitHub
  • Block Explorer

Learning Docs

  • Learning Docs
  • Governance Docs
  • Governance Forum
  • Governance Explorer
On this page
  • What is a Root Authorisation?
  • Purpose of a Root Authorisation
  • Key Characteristics
  • Required Fields
  • Example of a Root Authorisation
  • Important Notes
  • Visual Flow
  • Summary

Was this helpful?

Edit on GitHub
Export as PDF
  1. Start using cheqd
  2. Build Trust Registries
  3. Decentralized Trust Chains (DTCs)

Root Authorisations

Learn about establishing Root Authorisations for Trust Registries on cheqd.

What is a Root Authorisation?

A Root Authorisation β€” formally a Verifiable Authorisation for Trust Chain β€” defines the governance framework and trust rules for an entire decentralized trust ecosystem.

It serves as the starting point for all Verifiable Accreditations and Verifiable Credentials issued within a trust chain. Every accreditation and attestation must ultimately trace back to a valid Root Authorisation to establish its legitimacy.

The Root Authorisation anchors the root entity β€” the Root Trusted Accreditation Organisation (rTAO) β€” to a specific Trust Framework Policy, and enables verifiers to traverse the full chain of trust.

Purpose of a Root Authorisation

Function

Description

Define governance

Specifies the trust framework, operational rules, and any regulatory requirements for the ecosystem

Anchor trust

Establishes a verifiable starting point for all trust chains

Enable validation

Allows verifiers to confirm that any credential ultimately aligns with an approved governance framework

Key Characteristics

  • Credential Type: Must be of type VerifiableAuthorisationForTrustChain.

  • Issuer: The DID of the Root Trusted Accreditation Organisation (rTAO).

  • Credential Subject: The DID being authorised β€” this can either be:

    • The same DID as the issuer (self-authorisation), or

    • A different DID (delegated root authority to another trusted organisation).

  • Terms of Use: Must include a TrustFrameworkPolicy, referencing:

    • The name of the governance framework

    • A link (URL) to the full, published governance framework document

Required Fields

Field

Description

Example

Issuer

DID of the rTAO

did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e

Credential Subject

DID of the entity being root-authorised (same as issuer for self-authorisation, or a different trusted DID)

did:cheqd:testnet:6af412d7-2f04-4e12-a424-e6719db487ad

termsOfUse

Must include a TrustFrameworkPolicy with a governance framework reference

See Policies

Example of a Root Authorisation

{
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "issuer": {
    "id": "did:cheqd:testnet:c6630f1e-9248-4af6-b7ac-5bcaf646f213"
  },
  "type": [
    "VerifiableCredential",
    "VerifiableAuthorisationForTrustChain"
  ],
  "issuanceDate": "2025-04-01T07:19:55.000Z",
  "credentialSubject": {
    "id": "did:cheqd:testnet:0a35d559-00ff-41b6-81ad-f64faa522771",
    "accreditedFor": [
      {
        "schemaId": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:c6630f1e-9248-4af6-b7ac-5bcaf646f213?resourceName=AIAgentAuthorisation&resourceType=JSONSchemaValidator2020",
        "types": [
          "VerifiableCredential",
          "AIAgentAuthorisation"
        ]
      },
      {
        "schemaId": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e?resourceName=VerifiableAccreditation&resourceType=JSONSchemaValidator2020",
        "types": [
          "VerifiableCredential",
          "VerifiableAccreditation",
          "VerifiableAccreditationToAccredit"
        ]
      },
      {
        "schemaId": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e?resourceName=VerifiableAttestation&resourceType=JSONSchemaValidator2020",
        "types": [
          "VerifiableCredential",
          "VerifiableAttestation",
          "VerifiableAccreditationToAttest"
        ]
      }
    ]
  },
  "termsOfUse": {
    "type": "TrustFrameworkPolicy",
    "trustFramework": "DAIAA Governance Framework",
    "trustFrameworkId": "https://medium.com/quantum-economics/why-we-started-the-decentralized-ai-agent-alliance-6eb0938d7bc5"
  },
  "proof": {
    "type": "JwtProof2020",
    "jwt": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9..."
  }
}

Important Notes

  • Self-Authorisation: When the issuer and subject are the same DID, the rTAO self-declares adherence to the trust framework.

  • Delegated Root Authorisation: When the subject is a different DID, the rTAO is immediately empowering another trusted entity to operate under the framework.

  • Policy Binding: All downstream Verifiable Accreditations and Attestations must reference a chain of authorisations and accreditations back to this Root Authorisation.

  • DID-Linked Resource: The Root Authorisation should be published as a DID-Linked Resource (DLR) attached to the rTAO’s DID for discoverability and validation.

Visual Flow

Root Authorisation (rTAO defines framework)
         ↓
Verifiable Accreditation (TAO is authorised to operate)
         ↓
Verifiable Accreditation (Trusted Issuer is authorised)
         ↓
Verifiable Credential (End-user receives attestation)

Summary

Concept

Root Authorisation

Defines

The trust framework and governance for the ecosystem

Issued by

rTAO

Subject

Either rTAO itself or another trusted entity

Credential Type

VerifiableAuthorisationForTrustChain

Linked Policy

Trust Framework Policy

Last updated 20 days ago

Was this helpful?

🟒
🀝