Root Authorisations
Learn about establishing Root Authorisations for Trust Registries on cheqd.
What is a Root Authorisation?
A Root Authorisation β formally a Verifiable Authorisation for Trust Chain β defines the governance framework and trust rules for an entire decentralized trust ecosystem.
It serves as the starting point for all Verifiable Accreditations and Verifiable Credentials issued within a trust chain. Every accreditation and attestation must ultimately trace back to a valid Root Authorisation to establish its legitimacy.
The Root Authorisation anchors the root entity β the Root Trusted Accreditation Organisation (rTAO) β to a specific Trust Framework Policy, and enables verifiers to traverse the full chain of trust.
Purpose of a Root Authorisation
Function
Description
Define governance
Specifies the trust framework, operational rules, and any regulatory requirements for the ecosystem
Anchor trust
Establishes a verifiable starting point for all trust chains
Enable validation
Allows verifiers to confirm that any credential ultimately aligns with an approved governance framework
Key Characteristics
Credential Type: Must be of type
VerifiableAuthorisationForTrustChain
.Issuer: The DID of the Root Trusted Accreditation Organisation (rTAO).
Credential Subject: The DID being authorised β this can either be:
The same DID as the issuer (self-authorisation), or
A different DID (delegated root authority to another trusted organisation).
Terms of Use: Must include a TrustFrameworkPolicy, referencing:
The name of the governance framework
A link (URL) to the full, published governance framework document
Required Fields
Field
Description
Example
Issuer
DID of the rTAO
did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e
Credential Subject
DID of the entity being root-authorised (same as issuer for self-authorisation, or a different trusted DID)
did:cheqd:testnet:6af412d7-2f04-4e12-a424-e6719db487ad
termsOfUse
Must include a TrustFrameworkPolicy
with a governance framework reference
See Policies
Example of a Root Authorisation
Important Notes
Self-Authorisation: When the issuer and subject are the same DID, the rTAO self-declares adherence to the trust framework.
Delegated Root Authorisation: When the subject is a different DID, the rTAO is immediately empowering another trusted entity to operate under the framework.
Policy Binding: All downstream Verifiable Accreditations and Attestations must reference a chain of authorisations and accreditations back to this Root Authorisation.
DID-Linked Resource: The Root Authorisation should be published as a DID-Linked Resource (DLR) attached to the rTAOβs DID for discoverability and validation.
Visual Flow
Summary
Concept
Root Authorisation
Defines
The trust framework and governance for the ecosystem
Issued by
rTAO
Subject
Either rTAO itself or another trusted entity
Credential Type
VerifiableAuthorisationForTrustChain
Linked Policy
Trust Framework Policy
Last updated
Was this helpful?