RTAO -> TAO
Learn about structuring Verifiable Accreditations from a Root of Trust (rTAO) to a subordinate entity (TAO) on cheqd.
A Root Trusted Accreditation Organisation (rTAO) can delegate trust by issuing Verifiable Accreditations to Trusted Accreditation Organisations (TAOs). These accreditations define the permissions and scope under which the TAO can operate.
The Verifiable Accreditation should include:
Issuer
DID of the Root of Trust (RTAO)
did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c
Subject
DID of the TAO that is being accredited
did:cheqd:testnet:a2b675de-33d0-4044-8183-0d74f210cceb
Credential Subject
A set of structured permissions around what credentials the TAO is accredited to issue, and in which jurisdiction.
See below
Terms of use
A set of policies setting out the Governance Framework for the ecosystem
See below
Permissions
The credentialSubject
of the accreditation, issued by issuer
defines what the TAO is authorised to do — including which credential types they can issue and in which jurisdictions.
"credentialSubject": {
"id": "did:cheqd:testnet:a2b675de-33d0-4044-8183-0d74f210cceb",
"accreditedFor": [
{
"schemaId": "did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c/resources/b10146d7-0d0f-41e0-8ee3-c76db64890be",
"types": [
"VerifiableCredential",
"VerifiableAccreditation",
"VerifiableAttestation",
"VerifiableAccreditationToAccredit"
],
"limitJurisdiction": "https://publications.europa.eu/resource/authority/atu/FIN"
}
]
}
Field descriptions:
schemaId
The schema the TAO is authorised to use when issuing accreditations or credentials
types
Credential types the TAO is permitted to issue
limitJurisdiction
(Optional) A geographic or regulatory restriction on where the accreditation is valid
Policies
The Root TAO can also set polices known as the AccreditationPolicy
within the termsOfUse
section of the Verifiable Accreditation.
"termsOfUse": {
"type": "AccreditationPolicy",
"parentAccreditation": "did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c/resources/18de60ec-bed1-42e5-980c-601c432bc60b",
"rootAuthorisation": "did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c/resources/18de60ec-bed1-42e5-980c-601c432bc60b"
}
Whereby:
type
Must be AccreditationPolicy
parentAccreditation
The DID URL of the Accreditation issued by another TAO or the Root TAO to the TAO
rootAuthoroisation
The DID URL of the Root of Trust Verifiable Authorsation
Example of fully formed Accreditation
The example below shows a Verifiable Accreditation that is issued by an rTAO to a TAO, specifying a schema under which the recipient is able to use for issuing their own accreditations.
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://schema.org/schema.jsonld",
"https://veramo.io/contexts/profile/v1"
],
"issuer": {
"id": "did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e"
},
"type": [
"VerifiableCredential",
"VerifiableAccreditationToAccredit"
],
"issuanceDate": "2024-08-07T02:08:30.000Z",
"credentialSubject": {
"accreditedFor": [
{
"schemaId": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e?resourceName=VerifiableAccreditation&resourceType=JSONSchemaValidator2020",
"types": [
"VerifiableCredential",
"VerifiableAccreditation",
"VerifiableAttestation",
"VerifiableAccreditationToAccredit"
]
}
],
"id": "did:cheqd:testnet:6af412d7-2f04-4e12-a424-e6719db487ad"
},
"termsOfUse": {
"type": "AccreditationPolicy",
"parentAccreditation": "did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c/resources/18de60ec-bed1-42e5-980c-601c432bc60b",
"rootAuthorisation": "did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c/resources/18de60ec-bed1-42e5-980c-601c432bc60b"
},
"proof": {
"type": "JwtProof2020",
"jwt": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vc2NoZW1hLm9yZy9zY2hlbWEuanNvbmxkIiwiaHR0cHM6Ly92ZXJhbW8uaW8vY29udGV4dHMvcHJvZmlsZS92MSJdLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVmVyaWZpYWJsZUF1dGhvcmlzYXRpb25Gb3JUcnVzdENoYWluIl0sImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImFjY3JlZGl0ZWRGb3IiOlt7InNjaGVtYUlkIjoiZGlkOmNoZXFkOnRlc3RuZXQ6OGVhMDM2ZGEtZjM0MC00ODBkLTg5NTItZjU1NjFlYTE3NjNjL3Jlc291cmNlcy9iMTAxNDZkNy0wZDBmLTQxZTAtOGVlMy1jNzZkYjY0ODkwYmUiLCJ0eXBlcyI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIlZlcmlmaWFibGVBY2NyZWRpdGF0aW9uIiwiVmVyaWZpYWJsZUF0dGVzdGF0aW9uIiwiVmVyaWZpYWJsZUFjY3JlZGl0YXRpb25Ub0FjY3JlZGl0Il0sImxpbWl0SnVyaXNkaWN0aW9uIjoiaHR0cHM6Ly9wdWJsaWNhdGlvbnMuZXVyb3BhLmV1L3Jlc291cmNlL2F1dGhvcml0eS9hdHUvRklOIn1dfX0sInN1YiI6ImRpZDpjaGVxZDp0ZXN0bmV0OjZhZjQxMmQ3LTJmMDQtNGUxMi1hNDI0LWU2NzE5ZGI0ODdhZCIsIm5iZiI6MTcyMjk5NjUxMCwiaXNzIjoiZGlkOmNoZXFkOnRlc3RuZXQ6YjAwM2RmNmYtZWM4ZS00OGRkLTlhMmItNzAxMWM1Y2YwYTVlIn0.CrEirG-Yki2HCfY6GjNR_Oqx0ZV6uJr1NPpTTLnVWfG1Q9R3YASj7IyEZ3FtVGRmdSNhQ9v2pmPijVxeBnwPAg"
}
}
For all Verifiable Accreditations, the accreditations are stored as DID-Linked Resources (DLRs), linked to the DID of the Accreditor. This means that the Accreditations are publically available, fully DID resolvable and are signed by the authentication
keys within the DID Document of the Accreditor.
To issue a Verifiable Accreditation, follow the tutorial below:
t
Last updated
Was this helpful?