# Root Authorizations ## What is a Root Authorization? A **Root Authorization** — formally a **Verifiable Authorization for Trust Chain** — defines the **governance framework and trust rules** for an entire decentralized trust ecosystem. It serves as the **starting point** for all Verifiable Accreditations and Verifiable Credentials issued within a trust chain.\ Every accreditation and attestation must ultimately trace back to a valid Root Authorization to establish its legitimacy. The Root Authorization **anchors** the root entity — the **Root Trusted Accreditation Organization (rTAO)** — to a specific **Trust Framework Policy**, and enables verifiers to traverse the full chain of trust. *** ### Purpose of a Root Authorization | **Function** | **Description** | | ----------------- | ------------------------------------------------------------------------------------------------------- | | Define governance | Specifies the trust framework, operational rules, and any regulatory requirements for the ecosystem | | Anchor trust | Establishes a verifiable starting point for all trust chains | | Enable validation | Allows verifiers to confirm that any credential ultimately aligns with an approved governance framework | *** ### Key Characteristics * **Credential Type**:\ Must be of type `VerifiableAuthorizationForTrustChain`. * **Issuer**:\ The DID of the Root Trusted Accreditation Organization (rTAO). * **Credential Subject**:\ The DID being authorized — this can either be: * **The same DID as the issuer** (self-authorization), or * **A different DID** (delegated root authority to another trusted organization). * **Terms of Use**:\ Must include a **TrustFrameworkPolicy**, referencing: * The name of the governance framework * A link (URL) to the full, published governance framework document *** ### Required Fields | **Field** | **Description** | **Example** | | ---------------------- | ----------------------------------------------------------------------------------------------------------- | -------------------------------------------------------- | | **Issuer** | DID of the rTAO | `did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e` | | **Credential Subject** | DID of the entity being root-authorized (same as issuer for self-authorization, or a different trusted DID) | `did:cheqd:testnet:6af412d7-2f04-4e12-a424-e6719db487ad` | | **termsOfUse** | Must include a `TrustFrameworkPolicy` with a governance framework reference | See Policies | *** ### Example of a Root Authorization ```json { "@context": [ "https://www.w3.org/2018/credentials/v1" ], "issuer": { "id": "did:cheqd:testnet:c6630f1e-9248-4af6-b7ac-5bcaf646f213" }, "type": [ "VerifiableCredential", "VerifiableAuthorizationForTrustChain" ], "issuanceDate": "2025-04-01T07:19:55.000Z", "credentialSubject": { "id": "did:cheqd:testnet:0a35d559-00ff-41b6-81ad-f64faa522771", "accreditedFor": [ { "schemaId": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:c6630f1e-9248-4af6-b7ac-5bcaf646f213?resourceName=AIAgentAuthorization&resourceType=JSONSchemaValidator2020", "types": [ "VerifiableCredential", "AIAgentAuthorization" ] }, { "schemaId": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e?resourceName=VerifiableAccreditation&resourceType=JSONSchemaValidator2020", "types": [ "VerifiableCredential", "VerifiableAccreditation", "VerifiableAccreditationToAccredit" ] }, { "schemaId": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e?resourceName=VerifiableAttestation&resourceType=JSONSchemaValidator2020", "types": [ "VerifiableCredential", "VerifiableAttestation", "VerifiableAccreditationToAttest" ] } ] }, "termsOfUse": { "type": "TrustFrameworkPolicy", "trustFramework": "DAIAA Governance Framework", "trustFrameworkId": "https://medium.com/quantum-economics/why-we-started-the-decentralized-ai-agent-alliance-6eb0938d7bc5" }, "proof": { "type": "JwtProof2020", "jwt": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9..." } } ``` *** ### Important Notes * **Self-Authorization**:\ When the issuer and subject are the **same DID**, the rTAO self-declares adherence to the trust framework. * **Delegated Root Authorization**:\ When the subject is a **different DID**, the rTAO is immediately empowering another trusted entity to operate under the framework. * **Policy Binding**:\ All downstream Verifiable Accreditations and Attestations must reference a chain of authorizations and accreditations **back to this Root Authorization**. * **DID-Linked Resource**:\ The Root Authorization should be published as a **DID-Linked Resource (DLR)** attached to the rTAO’s DID for discoverability and validation. *** ### Visual Flow ```plaintext Root Authorization (rTAO defines framework) ↓ Verifiable Accreditation (TAO is authorized to operate) ↓ Verifiable Accreditation (Trusted Issuer is authorized) ↓ Verifiable Credential (End-user receives attestation) ``` *** ### Summary | **Concept** | **Root Authorization** | | --------------- | ---------------------------------------------------- | | Defines | The trust framework and governance for the ecosystem | | Issued by | rTAO | | Subject | Either rTAO itself or another trusted entity | | Credential Type | `VerifiableAuthorizationForTrustChain` | | Linked Policy | Trust Framework Policy | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cheqd.io/product/studio/trust-registries/dtc/root-authorisations.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.