A Trusted Accreditation Organisation (TAO) can extend trust further down the hierarchy by accrediting Sub-Trusted Accreditation Organisations (SubTAOs). These SubTAOs may then be authorised to issue further Verifiable Accreditations or Verifiable Attestations, subject to defined constraints.
A set of structured permissions around what credentials the SubTAO is accredited to issue, and in which jurisdiction.
See below
Terms of use
A set of policies setting out the scope of Trust Chain for Relying parties to validate against.
See below
Permissions
The credentialSubject section outlines what the SubTAO is accredited to do â including supported credential types, relevant schemas, and jurisdictional constraints.
Schema of the Verifiable Accreditation that the SubTAO is accredited to issue themselves
types
Types of Credential that the SubTAO is accredited to issue
limitJurisdiction
(Optional) Permission that the TAO can set to limit the jurisdictional scope of the credentials issued in the ecosystem
Policies
The termsOfUse field contains an AccreditationPolicy, which points back to both the parent accreditation and the original root authorisation. This maintains traceability through the full trust chain.
The DID URL of the Accreditation issued by another TAO or the Root TAO to the TAO
rootAuthoroisation
The DID URL of the Root of Trust Verifiable Authorsation
Example of fully formed Accreditation
The example below shows a Verifiable Accreditation that is issued by an TAO to a SubTAO, granting permission to issue further accreditations under a defined schema and policy chain.
For all Verifiable Accreditations, the accreditations are stored as DID-Linked Resources (DLRs), linked to the DID of the Accreditor. This means that the Accreditations are publically available, fully DID resolvable and are signed by the authentication keys within the DID Document of the Accreditor.