Root Authorizations
Learn about establishing Root Authorizations for Decentralized Trust Chains (DTCs) on cheqd.
What is a Root Authorization?
A Root Authorization — formally a Verifiable Authorization for Trust Chain — defines the governance framework and trust rules for an entire decentralized trust ecosystem.
It serves as the starting point for all Verifiable Accreditations and Verifiable Credentials issued within a trust chain. Every accreditation and attestation must ultimately trace back to a valid Root Authorization to establish its legitimacy.
The Root Authorization anchors the root entity — the Root Trusted Accreditation Organization (rTAO) — to a specific Trust Framework Policy, and enables verifiers to traverse the full chain of trust.
Purpose of a Root Authorization
Function
Description
Define governance
Specifies the trust framework, operational rules, and any regulatory requirements for the ecosystem
Anchor trust
Establishes a verifiable starting point for all trust chains
Enable validation
Allows verifiers to confirm that any credential ultimately aligns with an approved governance framework
Key Characteristics
Credential Type: Must be of type
VerifiableAuthorizationForTrustChain
.Issuer: The DID of the Root Trusted Accreditation Organization (rTAO).
Credential Subject: The DID being authorized — this can either be:
The same DID as the issuer (self-authorization), or
A different DID (delegated root authority to another trusted organization).
Terms of Use: Must include a TrustFrameworkPolicy, referencing:
The name of the governance framework
A link (URL) to the full, published governance framework document
Required Fields
Field
Description
Example
Issuer
DID of the rTAO
did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e
Credential Subject
DID of the entity being root-authorized (same as issuer for self-authorization, or a different trusted DID)
did:cheqd:testnet:6af412d7-2f04-4e12-a424-e6719db487ad
termsOfUse
Must include a TrustFrameworkPolicy
with a governance framework reference
See Policies
Example of a Root Authorization
{
"@context": [
"https://www.w3.org/2018/credentials/v1"
],
"issuer": {
"id": "did:cheqd:testnet:c6630f1e-9248-4af6-b7ac-5bcaf646f213"
},
"type": [
"VerifiableCredential",
"VerifiableAuthorizationForTrustChain"
],
"issuanceDate": "2025-04-01T07:19:55.000Z",
"credentialSubject": {
"id": "did:cheqd:testnet:0a35d559-00ff-41b6-81ad-f64faa522771",
"accreditedFor": [
{
"schemaId": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:c6630f1e-9248-4af6-b7ac-5bcaf646f213?resourceName=AIAgentAuthorization&resourceType=JSONSchemaValidator2020",
"types": [
"VerifiableCredential",
"AIAgentAuthorization"
]
},
{
"schemaId": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e?resourceName=VerifiableAccreditation&resourceType=JSONSchemaValidator2020",
"types": [
"VerifiableCredential",
"VerifiableAccreditation",
"VerifiableAccreditationToAccredit"
]
},
{
"schemaId": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e?resourceName=VerifiableAttestation&resourceType=JSONSchemaValidator2020",
"types": [
"VerifiableCredential",
"VerifiableAttestation",
"VerifiableAccreditationToAttest"
]
}
]
},
"termsOfUse": {
"type": "TrustFrameworkPolicy",
"trustFramework": "DAIAA Governance Framework",
"trustFrameworkId": "https://medium.com/quantum-economics/why-we-started-the-decentralized-ai-agent-alliance-6eb0938d7bc5"
},
"proof": {
"type": "JwtProof2020",
"jwt": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9..."
}
}
Important Notes
Self-Authorization: When the issuer and subject are the same DID, the rTAO self-declares adherence to the trust framework.
Delegated Root Authorization: When the subject is a different DID, the rTAO is immediately empowering another trusted entity to operate under the framework.
Policy Binding: All downstream Verifiable Accreditations and Attestations must reference a chain of authorizations and accreditations back to this Root Authorization.
DID-Linked Resource: The Root Authorization should be published as a DID-Linked Resource (DLR) attached to the rTAO’s DID for discoverability and validation.
Visual Flow
Root Authorization (rTAO defines framework)
↓
Verifiable Accreditation (TAO is authorized to operate)
↓
Verifiable Accreditation (Trusted Issuer is authorized)
↓
Verifiable Credential (End-user receives attestation)
Summary
Concept
Root Authorization
Defines
The trust framework and governance for the ecosystem
Issued by
rTAO
Subject
Either rTAO itself or another trusted entity
Credential Type
VerifiableAuthorizationForTrustChain
Linked Policy
Trust Framework Policy
Last updated
Was this helpful?