Get Started with TRAIN
Anchor Decentralized Identifiers (DIDs) in DNS records and validate Decentralized Trust Chains (DTCs) using TRAIN.
Last updated
Was this helpful?
Anchor Decentralized Identifiers (DIDs) in DNS records and validate Decentralized Trust Chains (DTCs) using TRAIN.
Last updated
Was this helpful?
TRAIN (TRust mAnagement INfrastructure) is a framework, led by the team at the , for establishing and validating decentralized trust. It allows ecosystems to verify whether Verifiable Credentials (VCs) were issued by authorized and trustworthy entities through cryptographically linked trust chains.
TRAIN includes two core components:
TRAIN Trust Validator (TTV): A service that validates the issuer of a Verifiable Credential by tracing Verifiable Accreditations up to a trusted root authority.
TDZM (Trust-DNS Zone Manager): A DNS component that enables Root Trusted Accreditation Organisations (rTAOs) to publicly anchor their Decentralized Identifiers (DIDs) in DNS.
Together, these components allow for governance-aware, high-assurance validation of digital credentials without centralized trust registries.
TDZM
Anchors rTAO DIDs in DNS, establishing a verifiable and auditable trust root
TTV (TRAIN Trust Validator)
Validates VCs by following Verifiable Accreditations and optionally confirming the rTAO via DNS
When combined, they allow you to:
Establish a cryptographically linked trust hierarchy
Publish root DIDs (rTAOs) in DNS
Automatically validate credentials against published governance frameworks
Support scalable, decentralized ecosystems without compromising on assurance
Run the TDZM backend and UI using:
Docker Compose (for testing or development)
Helm Charts in Kubernetes (for production)
TDZM includes:
A DNS nameserver to manage your trust zone
A backend API and UI for managing records
Optional OIDC authentication
In your parent DNS zone (e.g. federation1.com
):
Add an NS record pointing your trust subdomain (e.g. trust.federation1.com
) to TDZM
Add an A record to resolve the nameserver’s domain to its IP
Example:
Use TDZM to publish a TXT or TLSA DNS record that links your rTAO’s DID to the trust domain.
Example:
This enables the TRAIN Trust Validator to resolve and verify the rTAO’s authenticity.
Publish a Root Authorisation for Trust Chain from the rTAO
Issue Verifiable Accreditations from rTAO → TAOs → Trusted Issuers
Define governance rules and credential schema policies as needed
Send a JSON request to TTV with the credential’s issuer, type, accreditation path, and optional DNS anchors. TTV will:
Traverse the Verifiable Accreditation chain
Verify structural and policy compliance
Optionally confirm the root via DNS lookups
Return a structured verification result
Anchor rTAO in DNS
🌐 TDZM
Manage trust zones
🛠️ TDZM Backend & UI
Define & delegate trust
📜 Verifiable Accreditations
Validate credentials
🔎 TRAIN Trust Validator (TTV)
By combining DNS-based assurance with credential-level verification, the TRAIN infrastructure provides a flexible and scalable solution for decentralized trust governance.
Deploy TRAIN and Anchor rTAO in DNS
Add high assurance to your root DID, anchoring it within a DNS record.