Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Build and validate Decentralized Trust Chains, using cheqd Decentralized Identifiers (DIDs) and Verifiable Accreditations stored as DID-Linked Resources (DLRs).
Trust Registries enable a Relying Party to determine the authenticity and authorization of a legal entity within a digital credential ecosystem. Trust Registries are crucial to establish for production environments, because they allow relying parties to make informed decisions on whether to trust the credentials they receive.
cheqd has pioneered a industry-leading trust registry solution, allowing users to create hierarchical chains of trust, with each trust registry entry being DID-Resolvable.
cheqd offers an industry-leading, decentralized trust registry solution, allowing issuers to be accredited through hierarchical chains of trust called Decentralized Trust Chains (DTCs). Each entry in the registry is:
✅ DID-resolvable
📜 Cryptographically signed and verifiable
🌍 Publicly discoverable using DID-Linked Resources
🔗 Linked to governance frameworks
cheqd enables you to build Decentralized Trust Chains — a powerful model for structuring trust in credential ecosystems without relying on centralized authorities or static whitelists.
Using cheqd’s flexible DID and DID-Linked Resource architecture, trust is established through a chain of cryptographically verifiable credentials:
Root Authorizations define the governance framework and root of trust
Verifiable Accreditations delegate authority to trusted organisations
🏷Verifiable Attestations (Credentials) are issued by accredited entities to end users
Each link in the chain is publicly resolvable, tamper-evident, and policy-bound — forming a complete lineage of trust from issuer to root authority.
Before you begin building, we recommend familiarising yourself with how Decentralized Trust Chains work and the role of each credential type:
Use cheqd Studio APIs to define, issue, and publish trust registry entries:
Create and manage Root Authorizations, Accreditations, and Attestations
Resolve trust chains in real time using standard DID resolution
Anchor trust registries on-chain while keeping business logic off-chain
For verification, use TRAIN to validate the trust registry to determine whether an issuer DID is accredited, and what they are accredited for — by traversing the full trust chain to its root.
Verify Verifiable Accreditations back to a Root of Trust using cheqd Studio.
Users are able to issue Verifiable Accreditations to determine the validity of the accreditation, as well to traverse the trust chain to a root of trust.
Make sure you have already created at least one Verifiable Accreditation that you are able to query in the verify API.
Issue Verifiable Accreditation
Issue a Verifiable Accreditation as a DID-Linked Resource from an "issuer" DID to a recipient "subject" DID.
Learn about Decentralized Trust Chains (DTCs) on cheqd.
Verifiable Credentials (VCs) are most commonly issued by legal entities to assert facts such as identity, qualifications, or authorization. Their core purpose is to provide the Relying Party — the entity verifying the credential — with a Level of Assurance (LoA) that the claims within the credential are legitimate.
However, in practice, it’s often difficult for relying parties to determine whether a legal entity issuing a credential is authentic, or a fraudulent impersonation. There is no built-in mechanism in most credential ecosystems for verifying whether a DID-based issuer is recognised, authorized, or trustworthy.
To fully establish trust, relying parties must be able to:
Identify who issued a credential
Understand whether the issuer was authorized to issue it
Trace who accredited the issuer, and under what governance framework
To solve this challenge, cheqd introduces a verifiable trust infrastructure called Decentralized Trust Chains (DTCs) — a model that complements and extends approaches like the EBSI Trust Chain Framework.
DTCs allow participants to create hierarchical chains of trust, where:
A Root Trusted Accreditation Organisation (rTAO) defines the governance model
Verifiable Accreditations delegate authority to other legal entities (e.g., TAOs, Trusted Issuers)
Verifiable Credentials are issued by accredited issuers, with embedded metadata that references the trust chain
Together, these components form a decentralized trust registry for each ecosystem.
cheqd’s DTC model introduces both permissions and policies:
Permissions define what an entity is allowed to do (e.g. issue or accredit)
Policies define who granted that permission, under what framework, and with what legal or operational requirements.
This infrastructure is made publicly resolvable by publishing all authorizations and accreditations as DID-Linked Resources on the cheqd ledger. This means:
🧩 Trust relationships are machine-verifiable
🔍 Verifiers do not need prior knowledge of each entity
🛠️ Resolution follows W3C standards like DID-Core, DID Resolution and DID-Linked Resources.
The result: A scalable, cryptographically verifiable way to determine whether an issuer — and the credential they issue — can be trusted.
There are many terms used within this guide, and as such, familiarise yourself or refer back to the concepts within the glossary below:
Decentralized Trust Chains are based on the concept of a hierarchical trust model, conceptually similar to traditional Public Key Infrastructure (PKI). At the top sits a Root of Trust, from which trust is delegated through a verifiable chain of credentials.
In this model, each participant is identified by a Decentralized Identifier (DID) and may be granted permission — via a Verifiable Accreditation — to accredit others or issue credentials themselves.
Trust is delegated top-down through Verifiable Accreditations:
The following diagram show how a Root TAO accredits two TAOs lower in the hierarchy:
Each role is cryptographically linked through issued Verifiable Credentials, creating a machine-verifiable trust path.
Credentials are issued with a termsOfUse section that references an Attestation Policy, linking them back to the issuer’s accreditation and the root of trust.
Digital Wallets or agents can present these credentials for verification.
Verifiers can then resolve and validate the entire trust chain — from the issuer to the rTAO — using DID resolution and optional DNS anchoring.
As shown in the diagram above, legal entities can play the following roles:
In a Decentralized Trust Chain, each legal entity assumes a defined role with clearly scoped permissions. While a single DID may represent multiple roles in simple ecosystems, every complete trust chain should include these three functional roles:
Root Trusted Accreditation Organisation (rTAO)
Trusted Accreditation Organisation (TAO)
The rTAO is the root of governance in a trust chain. It establishes the ecosystem’s rules and authorizes who can issue or accredit within it.
Capabilities:
Issue a Root Authorization that defines the Trust Framework
Self-accredit for governance or issuance
Accredit TAOs and TIs to delegate responsibility
Revoke accreditations from any participant in the trust chain
Credential Type:
VerifiableAuthorizationForTrustChain
Policy Type:
TrustFrameworkPolicy (included in termsOfUse)
A TAO manages a delegated segment of the trust chain under the rTAO. It may further accredit entities or take on the role of issuer if permitted.
Capabilities:
Accredit itself to issue VCs
Accredit other TAOs or Trusted Issuers
Revoke accreditations issued within its scope
Credential Type:
VerifiableAccreditationToAccredit
Policy Type:
AccreditationPolicy (included in termsOfUse)
A Trusted Issuer is an entity that issues domain-specific Verifiable Credentials under the conditions granted by its accreditation.
Capabilities:
Issue Verifiable Credentials to users or organisations
Only within the types, schemas, and jurisdictions defined in their accreditation
Credential Type:
VerifiableAccreditationToAttest
Policy Type:
AccreditationPolicy (accreditation) +
AttestationPolicy (included in the issued credential’s termsOfUse)
Policies define the rules, permissions, and governance bindings for each layer of the trust chain. They are embedded into credentials via the termsOfUse field and fall into three types:
Root Authorization includes a TrustFrameworkPolicy
Each Accreditation must reference:
A parent AccreditationPolicy, or
This layered policy model enables verifiers to traverse and validate the entire trust chain — from a single credential back to a rTAO (optionally anchored in DNS) — while ensuring that all participants adhere to consistent governance and operational standards.
Trust Chains are constructed from three verifiable building blocks:
Define the rules of the ecosystem
Issued by the rTAO as a VerifiableAuthorizationForTrustChain
Reference the root governance framework
Grant permission to accredit or issue
Are always domain-specific and non-transferable
Must include an AccreditationPolicy in termsOfUse
Allow entities to govern or issue
Assert facts (identity, qualifications, rights)
Must include an AttestationPolicy that:
Links back to the issuer's accreditation
Establishes a trust path to the root authority
Use cheqd Studio APIs to define, issue, and publish trust registry entries:
Create and manage Root Authorizations, Accreditations, and Attestations
Resolve trust chains in real time using standard DID resolution
Anchor trust registries on-chain while keeping business logic off-chain
For verification, use TRAIN to validate the trust registry to determine whether an issuer DID is accredited, and what they are accredited for — by traversing the full trust chain to its root.
Anchor Decentralized Identifiers (DIDs) in DNS records and validate Decentralized Trust Chains (DTCs) using TRAIN.
TRAIN (TRust mAnagement INfrastructure) is a framework, led by the team at the , for establishing and validating decentralized trust. It allows ecosystems to verify whether Verifiable Credentials (VCs) were issued by authorized and trustworthy entities through cryptographically linked trust chains.
TRAIN includes two core components:
GF
Governance Framework
A policy document outlining the purpose, roles, scopes and permissions for a given ecosystem using the Trust Infrastructure.
Root TAO (rTAO)
Root Trusted Accreditation Organization
A Root Trusted Accreditation Organisation (rTAO) is the top-level authority in a Decentralized Trust Chain responsible for defining the governance framework and issuing the Root Authorization that anchors all downstream accreditations and attestations within the trust ecosystem.
TAO
Trusted Accreditation Organization
A Trusted Accreditation Organisation (TAO) is an entity accredited by a Root Trusted Accreditation Organisation (rTAO) or another TAO to govern a segment of the trust chain by issuing accreditations to other entities or authorizing the issuance of Verifiable Credentials within a defined scope.
-
Trust Chain
Hierarchy of Verifiable Accreditations. Multiple Trust Chains may comprise a Trust Registry.
TI
Trusted Issuer
A Trusted Issuer is an entity accredited within a Decentralized Trust Chain to issue domain-specific Verifiable Credentials, operating under the scope and governance defined by an upstream accreditation and the overarching trust framework.
-
Trust Infrastructure
The overall set of technical and governance components to establish end-to-end trust.
-
Verifiable Accreditation
A Verifiable Accreditation is a Verifiable Credential that delegates authority from one entity to another, specifying the types of credentials they are permitted to issue or the roles they are authorized to perform within a defined trust framework.
-
Verifiable Trust Model
Permissions with policies to either accredit, or to attest
Only the Trusted Issuer (TI) is permitted to issue domain-specific Verifiable Credentials (VCs).
TrustFrameworkPolicyEach Credential (Attestation) must reference:
The AttestationPolicy pointing back to the issuer’s accreditation
Issuable only by accredited Trusted Issuers
-
Accreditation Policy
A machine-readable policy embedded in a Verifiable Accreditation that defines the scope, conditions, and governance under which an entity is authorized to accredit others or issue Verifiable Credentials.
-
Attestation Policy
A machine-readable policy embedded in a Verifiable Credential that links the credential to the issuer’s accreditation and root authorization, enabling verifiers to validate that the issuer was authorized to make the attestation.
DID
Decentralized Identifier
Legal entity identifier for Trust Registry, cannot be natural person in context of Trust Infrastructure
GA
Governance Authority
Root TAO (rTAO)
Issues Root Authorizations and initial Accreditations to other TAOs. Sets the governance baseline.
Trusted Accreditation Organization (TAO)
Can accredit other TAOs or Trusted Issuers. Acts as an intermediary layer in larger ecosystems.
Trusted Issuer (TI)
Issues Verifiable Credentials to users/entities, based on permissions received from an upstream TAO.
TrustFrameworkPolicy
Root Authorization
Defines the root governance model
AccreditationPolicy
Verifiable Accreditation
Constrains and describes the scope of authority
AttestationPolicy
Verifiable Credential
Links the credential back to the issuer’s accreditation and trust framework
Element
Purpose
Authorizations
Define the governance and policy rules at the root of the trust chain
Accreditations
Delegate trust authority for accreditation or credential issuance
Credentials (Attestations)
Assert verifiable facts within the scope of a governed trust framework
The legal entity or consortia responsible for writing the Governance Framework. In many instances the Governance Authority is also a Root TAO
TDZM (Trust-DNS Zone Manager): A DNS component that enables Root Trusted Accreditation Organisations (rTAOs) to publicly anchor their Decentralized Identifiers (DIDs) in DNS.
Together, these components allow for governance-aware, high-assurance validation of digital credentials without centralized trust registries.
TDZM
Anchors rTAO DIDs in DNS, establishing a verifiable and auditable trust root
TTV (TRAIN Trust Validator)
Validates VCs by following Verifiable Accreditations and optionally confirming the rTAO via DNS
When combined, they allow you to:
Establish a cryptographically linked trust hierarchy
Publish root DIDs (rTAOs) in DNS
Automatically validate credentials against published governance frameworks
Support scalable, decentralized ecosystems without compromising on assurance
Run the TDZM backend and UI using:
Docker Compose (for testing or development)
Helm Charts in Kubernetes (for production)
TDZM includes:
A DNS nameserver to manage your trust zone
A backend API and UI for managing records
Optional OIDC authentication
In your parent DNS zone (e.g. federation1.com):
Add an NS record pointing your trust subdomain (e.g. trust.federation1.com) to TDZM
Add an A record to resolve the nameserver’s domain to its IP
Example:
Use TDZM to publish a TXT or TLSA DNS record that links your rTAO’s DID to the trust domain.
Example:
This enables the TRAIN Trust Validator to resolve and verify the rTAO’s authenticity.
Publish a Root Authorization for Trust Chain from the rTAO
Issue Verifiable Accreditations from rTAO → TAOs → Trusted Issuers
Define governance rules and credential schema policies as needed
Send a JSON request to TTV with the credential’s issuer, type, accreditation path, and optional DNS anchors. TTV will:
Traverse the Verifiable Accreditation chain
Verify structural and policy compliance
Optionally confirm the root via DNS lookups
Return a structured verification result
Anchor rTAO in DNS
🌐 TDZM
Manage trust zones
🛠️ TDZM Backend & UI
Define & delegate trust
📜 Verifiable Accreditations
Validate credentials
🔎 TRAIN Trust Validator (TTV)
By combining DNS-based assurance with credential-level verification, the TRAIN infrastructure provides a flexible and scalable solution for decentralized trust governance.
Learn about structuring Verifiable Accreditations from a Trusted Accreditation Organisation (TAO) to a subordinate TAO (subTAO) on cheqd.
A Trusted Accreditation Organisation (TAO) can extend trust further down the hierarchy by accrediting Sub-Trusted Accreditation Organisations (SubTAOs). These SubTAOs may then be authorized to issue further Verifiable Accreditations or Verifiable Attestations, subject to defined constraints.
The Verifiable Accreditation should include:
Issuer
DID of the TAO
did:cheqd:testnet:a2b675de-33d0-4044-8183-0d74f210cceb
The credentialSubject section outlines what the SubTAO is accredited to do — including supported credential types, relevant schemas, and jurisdictional constraints.
Whereby:
The termsOfUse field contains an AccreditationPolicy, which points back to both the parent accreditation and the original root authorization. This maintains traceability through the full trust chain.
Whereby:
The example below shows a Verifiable Accreditation that is issued by an TAO to a SubTAO, granting permission to issue further accreditations under a defined schema and policy chain.
For all Verifiable Accreditations, the accreditations are stored as DID-Linked Resources (DLRs), linked to the DID of the Accreditor. This means that the Accreditations are publicly available, fully DID resolvable and are signed by the authentication keys within the DID Document of the Accreditor.
To issue a Verifiable Accreditation, follow the tutorial below:
trust.federation1.com. NS ns1.trust.federation1.com.
ns1.trust.federation1.com. A 203.0.113.10_did.trust.federation1.com. TXT "did:cheqd:mainnet:rtao123"Deploy TRAIN and Anchor rTAO in DNS
Add high assurance to your root DID, anchoring it within a DNS record.
Set up Trust Chain
Design and build a trust chain for establishing a trust hierarchy in your ecosystem.
Validate Trust Chain
Validate Trust Chain to a root of trust using the TRAIN Trust Validator (TTV).
Subject
DID of the SubTAO that is being accredited
did:cheqd:testnet:e66a9416-d03e-4ced-95e3-07af16e25bc5
Credential Subject
A set of structured permissions around what credentials the SubTAO is accredited to issue, and in which jurisdiction.
See below
Terms of use
A set of policies setting out the scope of Trust Chain for Relying parties to validate against.
See below
schemaId
Schema of the Verifiable Accreditation that the SubTAO is accredited to issue themselves
types
Types of Credential that the SubTAO is accredited to issue
limitJurisdiction
(Optional) Permission that the TAO can set to limit the jurisdictional scope of the credentials issued in the ecosystem
type
Must be AccreditationPolicy
parentAccreditation
The DID URL of the Accreditation issued by another TAO or the Root TAO to the TAO
rootAuthorization
The DID URL of the Root of Trust Verifiable Authorization
"credentialSubject": {
"id": "did:cheqd:testnet:e66a9416-d03e-4ced-95e3-07af16e25bc5",
"accreditedFor": [
{
"schemaId": "did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c/resources/b10146d7-0d0f-41e0-8ee3-c76db64890be",
"types": [
"VerifiableCredential",
"VerifiableAccreditation",
"VerifiableAttestation",
"VerifiableAccreditationToAccredit"
],
"limitJurisdiction": "https://publications.europa.eu/resource/authority/atu/FIN"
}
]
},
"termsOfUse": {
"type": "AccreditationPolicy",
"parentAccreditation": "did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c/resources/18de60ec-bed1-42e5-980c-601c432bc60b",
"rootAuthorization": "did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c/resources/18de60ec-bed1-42e5-980c-601c432bc60b"
}
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://schema.org/schema.jsonld",
"https://veramo.io/contexts/profile/v1"
],
"issuer": {
"id": "did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e"
},
"type": [
"VerifiableCredential",
"VerifiableAccreditationToAccredit"
],
"issuanceDate": "2024-08-07T02:08:30.000Z",
"credentialSubject": {
"accreditedFor": [
{
"schemaId": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e?resourceName=VerifiableAccreditation&resourceType=JSONSchemaValidator2020",
"types": [
"VerifiableCredential",
"VerifiableAccreditation",
"VerifiableAttestation",
"VerifiableAccreditationToAccredit"
]
}
],
"id": "did:cheqd:testnet:6af412d7-2f04-4e12-a424-e6719db487ad"
},
"termsOfUse": {
"type": "AccreditationPolicy",
"parentAccreditation": "did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c/resources/18de60ec-bed1-42e5-980c-601c432bc60b",
"rootAuthorization": "did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c/resources/18de60ec-bed1-42e5-980c-601c432bc60b"
},
"proof": {
"type": "JwtProof2020",
"jwt": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vc2NoZW1hLm9yZy9zY2hlbWEuanNvbmxkIiwiaHR0cHM6Ly92ZXJhbW8uaW8vY29udGV4dHMvcHJvZmlsZS92MSJdLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVmVyaWZpYWJsZUF1dGhvcmlzYXRpb25Gb3JUcnVzdENoYWluIl0sImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImFjY3JlZGl0ZWRGb3IiOlt7InNjaGVtYUlkIjoiZGlkOmNoZXFkOnRlc3RuZXQ6OGVhMDM2ZGEtZjM0MC00ODBkLTg5NTItZjU1NjFlYTE3NjNjL3Jlc291cmNlcy9iMTAxNDZkNy0wZDBmLTQxZTAtOGVlMy1jNzZkYjY0ODkwYmUiLCJ0eXBlcyI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIlZlcmlmaWFibGVBY2NyZWRpdGF0aW9uIiwiVmVyaWZpYWJsZUF0dGVzdGF0aW9uIiwiVmVyaWZpYWJsZUFjY3JlZGl0YXRpb25Ub0FjY3JlZGl0Il0sImxpbWl0SnVyaXNkaWN0aW9uIjoiaHR0cHM6Ly9wdWJsaWNhdGlvbnMuZXVyb3BhLmV1L3Jlc291cmNlL2F1dGhvcml0eS9hdHUvRklOIn1dfX0sInN1YiI6ImRpZDpjaGVxZDp0ZXN0bmV0OjZhZjQxMmQ3LTJmMDQtNGUxMi1hNDI0LWU2NzE5ZGI0ODdhZCIsIm5iZiI6MTcyMjk5NjUxMCwiaXNzIjoiZGlkOmNoZXFkOnRlc3RuZXQ6YjAwM2RmNmYtZWM4ZS00OGRkLTlhMmItNzAxMWM1Y2YwYTVlIn0.CrEirG-Yki2HCfY6GjNR_Oqx0ZV6uJr1NPpTTLnVWfG1Q9R3YASj7IyEZ3FtVGRmdSNhQ9v2pmPijVxeBnwPAg"
}
}Learn about structuring Verifiable Accreditations from a Trusted Accreditation Organisation (TAO) to a Trusted Issuer (TI) on cheqd.
A Trusted Accreditation Organisation (TAO) can delegate authority to Trusted Issuers (TIs) by issuing them Verifiable Accreditations. These accreditations grant permission to issue specific types of Verifiable Attestations — such as diplomas, licences, or professional credentials — within the boundaries of a defined governance framework.
The Verifiable Accreditation should include:
Issuer
DID of the TAO
did:cheqd:testnet:e66a9416-d03e-4ced-95e3-07af16e25bc5
Root TAOs can set permissions under which TAOs must abide. This creates a level of codified governance for the trust ecosystem.
Field descriptions:
The termsOfUse field contains the AccreditationPolicy, which provides governance context by linking to both the TAO’s parent accreditation and the root authorization of the trust chain.
Whereby:
For all Verifiable Accreditations, the accreditations are stored as DID-Linked Resources (DLRs), linked to the DID of the Accreditor. This means that the Accreditations are publically available, fully DID resolvable and are signed by the authentication keys within the DID Document of the Accreditor.
To issue a Verifiable Accreditation, follow the tutorial below:
Learn about structuring Verifiable Accreditations from a Root of Trust (rTAO) to a subordinate entity (TAO) on cheqd.
A Root Trusted Accreditation Organisation (rTAO) can delegate trust by issuing Verifiable Accreditations to Trusted Accreditation Organisations (TAOs). These accreditations define the permissions and scope under which the TAO can operate.
The Verifiable Accreditation should include:
Learn how to include or reference Trust Registries and Verifiable Accreditations within the body of W3C Verifiable Credentials.
To ensure a Verifiable Credential (VC) is not only technically valid but also issued by an authorized and trusted party, it must include metadata that links back to its origin in a trust registry.
This is done using the termsOfUse property, where the Trusted Issuer includes an AttestationPolicy referencing:
The Verifiable Accreditation that granted them permission
Subject
DID of the Trusted Issuer that is being accredited
did:cheqd:testnet:f6e731f0-5bfb-429b-b2c7-e65a951d7b5e
Credential Subject
A set of structured permissions around what credentials the Trusted Issuer is accredited to issue, and in which jurisdiction.
See below
Terms of use
A set of policies setting out the scope of Trust Chain for Relying parties to validate against.
See below
id
The DID of the Trusted Issuer receiving the accreditation
schemaId
The schema the TI is authorized to use for issuing credentials
types
Credential types the TI is allowed to issue
limitJurisdiction
(Optional) Limits issuance to a specific jurisdiction
type
Must be AccreditationPolicy
parentAccreditation
The DID URL of the Accreditation issued by another TAO or the Root TAO to the TAO
rootAuthorization
The DID URL of the Root of Trust Verifiable Authorization
"credentialSubject": {
"id": "did:cheqd:testnet:e66a9416-d03e-4ced-95e3-07af16e25bc5",
"accreditedFor": [
{
"schemaId": "did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c/resources/b10146d7-0d0f-41e0-8ee3-c76db64890be",
"types": [
"VerifiableCredential",
"VerifiableAttestation",
"DiplomaCredential"
],
"limitJurisdiction": "https://publications.europa.eu/resource/authority/atu/FIN"
}
]
},
"termsOfUse": {
"type": "AccreditationPolicy",
"parentAccreditation": "did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c/resources/18de60ec-bed1-42e5-980c-601c432bc60b",
"rootAuthorization": "did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c/resources/18de60ec-bed1-42e5-980c-601c432bc60b"
}
did:cheqd:testnet:a2b675de-33d0-4044-8183-0d74f210cceb
Credential Subject
A set of structured permissions around what credentials the TAO is accredited to issue, and in which jurisdiction.
See below
Terms of use
A set of policies setting out the Governance Framework for the ecosystem
See below
The credentialSubject of the accreditation, issued by issuer defines what the TAO is authorized to do — including which credential types they can issue and in which jurisdictions.
Field descriptions:
schemaId
The schema the TAO is authorized to use when issuing accreditations or credentials
types
Credential types the TAO is permitted to issue
limitJurisdiction
(Optional) A geographic or regulatory restriction on where the accreditation is valid
The Root TAO can also set polices known as the AccreditationPolicy within the termsOfUse section of the Verifiable Accreditation.
Whereby:
type
Must be AccreditationPolicy
parentAccreditation
The DID URL of the Accreditation issued by another TAO or the Root TAO to the TAO
rootAuthorization
The DID URL of the Root of Trust Verifiable Authorization
The example below shows a Verifiable Accreditation that is issued by an rTAO to a TAO, specifying a schema under which the recipient is able to use for issuing their own accreditations.
For all Verifiable Accreditations, the accreditations are stored as DID-Linked Resources (DLRs), linked to the DID of the Accreditor. This means that the Accreditations are publically available, fully DID resolvable and are signed by the authentication keys within the DID Document of the Accreditor.
To issue a Verifiable Accreditation, follow the tutorial below:
t
Issuer
DID of the Root of Trust (RTAO)
did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c
Subject
DID of the TAO that is being accredited
Including a reference to a trust registry enables verifiers to:
Validate that the issuer is accredited to issue this type of credential.
Trace the credential’s trust lineage back to a Root Trusted Accreditation Organisation (rTAO).
Enforce domain-specific governance or regulatory policies.
The termsOfUse field uses the AttestationPolicy type and typically includes:
type
Must be "AttestationPolicy"
parentAccreditation
DID URL pointing to the Verifiable Accreditation that granted authority to the issuer
rootAuthorization
DID URL referencing the original Root Authorization for the trust chain
This embedded trust policy allows verifiers to:
Look up the parent accreditation and root authorization.
Confirm that the issuer was permitted to issue the attestation type.
Automate or enforce policy-based trust decisions.
Once a Verifiable Credential includes an AttestationPolicy referencing the trust registry, TRAIN (TRust mAnagement INfrastructure) can be used to automatically validate the issuer’s authority against a decentralized trust chain.
TRAIN is a trust validator that:
Accepts a credential (or its metadata) as input.
Resolves the issuer’s accreditation.
Traverses the trust chain to the root authorization.
Optionally checks DNS anchoring of the root DID for higher assurance.
Returns a result that confirms if the issuer is trusted under the specified framework.
Here’s a simplified example of the request body TRAIN accepts:
TRAIN returns a response like this:
Automates trust validation using standardized credential metadata.
Provides clear trust decisions for wallets, agents, and verifiers.
Enables integration with public DNS for added assurance of root DIDs.
Compatible with all credentials that follow cheqd’s trust chain model.
Learn about establishing Root Authorizations for Decentralized Trust Chains (DTCs) on cheqd.
A Root Authorization — formally a Verifiable Authorization for Trust Chain — defines the governance framework and trust rules for an entire decentralized trust ecosystem.
It serves as the starting point for all Verifiable Accreditations and Verifiable Credentials issued within a trust chain. Every accreditation and attestation must ultimately trace back to a valid Root Authorization to establish its legitimacy.
The Root Authorization anchors the root entity — the Root Trusted Accreditation Organization (rTAO) — to a specific Trust Framework Policy, and enables verifiers to traverse the full chain of trust.
Credential Type:
Must be of type VerifiableAuthorizationForTrustChain.
Issuer: The DID of the Root Trusted Accreditation Organization (rTAO).
Credential Subject: The DID being authorized — this can either be:
Self-Authorization: When the issuer and subject are the same DID, the rTAO self-declares adherence to the trust framework.
Delegated Root Authorization: When the subject is a different DID, the rTAO is immediately empowering another trusted entity to operate under the framework.
Policy Binding: All downstream Verifiable Accreditations and Attestations must reference a chain of authorizations and accreditations back to this Root Authorization.
Set up your Decentralized Trust Chain (DTC) on cheqd.
A Trust Chain is a hierarchical structure of Verifiable Accreditations (VAs) that connects a Trusted Issuer to a Root Trusted Accreditation Organisation (rTAO). This structure allows credentials to be verified as trustworthy using tools like TRAIN, by tracing authority through cryptographic delegation.
Each step in the chain is formalised using a Verifiable Accreditation, while the root is anchored using a Root Authorization for Trust Chain, which establishes the governance framework of the ecosystem.
If you're ready to issue your first accreditation, skip ahead to use cheqd Studio:
Deploy the DNS Zone Manager and anchor your Root DID in a DNS Zone.
To enable DNS-based verification of root authorities in your trust ecosystem, TRAIN relies on a component called the TDZM (Trust-DNS Zone Manager). This component manages DNS zones where Root Trusted Accreditation Organisations (rTAOs) can anchor their DIDs using TXT or TLSA records.
This page explains how to deploy TDZM, anchor your rTAO, and configure the environment to support trust chain resolution using DNS.
"credentialSubject": {
"id": "did:cheqd:testnet:a2b675de-33d0-4044-8183-0d74f210cceb",
"accreditedFor": [
{
"schemaId": "did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c/resources/b10146d7-0d0f-41e0-8ee3-c76db64890be",
"types": [
"VerifiableCredential",
"VerifiableAccreditation",
"VerifiableAttestation",
"VerifiableAccreditationToAccredit"
],
"limitJurisdiction": "https://publications.europa.eu/resource/authority/atu/FIN"
}
]
}"termsOfUse": {
"type": "AccreditationPolicy",
"parentAccreditation": "did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c/resources/18de60ec-bed1-42e5-980c-601c432bc60b",
"rootAuthorization": "did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c/resources/18de60ec-bed1-42e5-980c-601c432bc60b"
}
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://schema.org/schema.jsonld",
"https://veramo.io/contexts/profile/v1"
],
"issuer": {
"id": "did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e"
},
"type": [
"VerifiableCredential",
"VerifiableAccreditationToAccredit"
],
"issuanceDate": "2024-08-07T02:08:30.000Z",
"credentialSubject": {
"accreditedFor": [
{
"schemaId": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e?resourceName=VerifiableAccreditation&resourceType=JSONSchemaValidator2020",
"types": [
"VerifiableCredential",
"VerifiableAccreditation",
"VerifiableAttestation",
"VerifiableAccreditationToAccredit"
]
}
],
"id": "did:cheqd:testnet:6af412d7-2f04-4e12-a424-e6719db487ad"
},
"termsOfUse": {
"type": "AccreditationPolicy",
"parentAccreditation": "did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c/resources/18de60ec-bed1-42e5-980c-601c432bc60b",
"rootAuthorization": "did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c/resources/18de60ec-bed1-42e5-980c-601c432bc60b"
},
"proof": {
"type": "JwtProof2020",
"jwt": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vc2NoZW1hLm9yZy9zY2hlbWEuanNvbmxkIiwiaHR0cHM6Ly92ZXJhbW8uaW8vY29udGV4dHMvcHJvZmlsZS92MSJdLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVmVyaWZpYWJsZUF1dGhvcmlzYXRpb25Gb3JUcnVzdENoYWluIl0sImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImFjY3JlZGl0ZWRGb3IiOlt7InNjaGVtYUlkIjoiZGlkOmNoZXFkOnRlc3RuZXQ6OGVhMDM2ZGEtZjM0MC00ODBkLTg5NTItZjU1NjFlYTE3NjNjL3Jlc291cmNlcy9iMTAxNDZkNy0wZDBmLTQxZTAtOGVlMy1jNzZkYjY0ODkwYmUiLCJ0eXBlcyI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIlZlcmlmaWFibGVBY2NyZWRpdGF0aW9uIiwiVmVyaWZpYWJsZUF0dGVzdGF0aW9uIiwiVmVyaWZpYWJsZUFjY3JlZGl0YXRpb25Ub0FjY3JlZGl0Il0sImxpbWl0SnVyaXNkaWN0aW9uIjoiaHR0cHM6Ly9wdWJsaWNhdGlvbnMuZXVyb3BhLmV1L3Jlc291cmNlL2F1dGhvcml0eS9hdHUvRklOIn1dfX0sInN1YiI6ImRpZDpjaGVxZDp0ZXN0bmV0OjZhZjQxMmQ3LTJmMDQtNGUxMi1hNDI0LWU2NzE5ZGI0ODdhZCIsIm5iZiI6MTcyMjk5NjUxMCwiaXNzIjoiZGlkOmNoZXFkOnRlc3RuZXQ6YjAwM2RmNmYtZWM4ZS00OGRkLTlhMmItNzAxMWM1Y2YwYTVlIn0.CrEirG-Yki2HCfY6GjNR_Oqx0ZV6uJr1NPpTTLnVWfG1Q9R3YASj7IyEZ3FtVGRmdSNhQ9v2pmPijVxeBnwPAg"
}
}{
"@context": [
"https://www.w3.org/ns/credentials/v2",
"https://www.w3.org/ns/credentials/examples/v2"
],
"id": "http://university.example/credentials/3732",
"type": ["VerifiableCredential", "ExampleDegreeCredential"],
"issuer": "did:cheqd:testnet:c2f18b6b-32e2-48d1-a5a8-5f5d2d9798f0",
"validFrom": "2010-01-01T00:00:00Z",
"credentialSubject": {
"id": "did:cheqd:testnet:b4902745-5b5b-423e-820a-0773b033f2b9",
"degree": {
"type": "ExampleBachelorDegree",
"name": "Bachelor of Science and Arts"
}
},
"termsOfUse": {
"type": "AttestationPolicy",
"parentAccreditation": "did:cheqd:testnet:c2f18b6b-32e2-48d1-a5a8-5f5d2d9798f0/resources/58c01595-f884-4a3b-add4-8c691e16b8ee",
"rootAuthorization": "did:cheqd:testnet:c2f18b6b-32e2-48d1-a5a8-5f5d2d9798f0/resources/58c01595-f884-4a3b-add4-8c691e16b8ee"
}
}
{
"issuer": "did:cheqd:testnet:c2f18b6b-32e2-48d1-a5a8-5f5d2d9798f0",
"type": ["VerifiableCredential", "ExampleDegreeCredential"],
"termsofuse": "AttestationPolicy",
"parentAccreditation": "did:cheqd:testnet:c2f18b6b-32e2-48d1-a5a8-5f5d2d9798f0/resources/58c01595-f884-4a3b-add4-8c691e16b8ee",
"DNSTrustFrameworkPointers": ["example.trust-scheme.org"]
}{
"VerificationStatus": true,
"VerificationResult": {
"AccreditorDIDs": [
"did:cheqd:testnet:c2f18b6b-32e2-48d1-a5a8-5f5d2d9798f0",
"did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c"
],
"FoundRootIssuerDID": "did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c",
"TrustFramework": "Example Trust Framework",
"TrustFrameworkId": "https://example.com/governance-framework/124",
"VerifyRootIssuerDIDinDNS": true
}
}DID-Linked Resources
Learn about cheqd's approach to implementing DID-Linked Resources
Issue Verifiable Accreditation
Issue a Verifiable Accreditation to start a trust registry on cheqd
Get Started with TRAIN
Deploy TRAIN to verify Decentralized Trust Chains back to a Root of Trust DID and DNS Record.
A different DID (delegated root authority to another trusted organization).
Terms of Use: Must include a TrustFrameworkPolicy, referencing:
The name of the governance framework
A link (URL) to the full, published governance framework document
DID-Linked Resource: The Root Authorization should be published as a DID-Linked Resource (DLR) attached to the rTAO’s DID for discoverability and validation.
Function
Description
Define governance
Specifies the trust framework, operational rules, and any regulatory requirements for the ecosystem
Anchor trust
Establishes a verifiable starting point for all trust chains
Enable validation
Allows verifiers to confirm that any credential ultimately aligns with an approved governance framework
Field
Description
Example
Issuer
DID of the rTAO
did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e
Credential Subject
DID of the entity being root-authorized (same as issuer for self-authorization, or a different trusted DID)
did:cheqd:testnet:6af412d7-2f04-4e12-a424-e6719db487ad
termsOfUse
Must include a TrustFrameworkPolicy with a governance framework reference
See Policies
Concept
Root Authorization
Defines
The trust framework and governance for the ecosystem
Issued by
rTAO
Subject
Either rTAO itself or another trusted entity
Credential Type
VerifiableAuthorizationForTrustChain
Linked Policy
Trust Framework Policy
{
"@context": [
"https://www.w3.org/2018/credentials/v1"
],
"issuer": {
"id": "did:cheqd:testnet:c6630f1e-9248-4af6-b7ac-5bcaf646f213"
},
"type": [
"VerifiableCredential",
"VerifiableAuthorizationForTrustChain"
],
"issuanceDate": "2025-04-01T07:19:55.000Z",
"credentialSubject": {
"id": "did:cheqd:testnet:0a35d559-00ff-41b6-81ad-f64faa522771",
"accreditedFor": [
{
"schemaId": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:c6630f1e-9248-4af6-b7ac-5bcaf646f213?resourceName=AIAgentAuthorization&resourceType=JSONSchemaValidator2020",
"types": [
"VerifiableCredential",
"AIAgentAuthorization"
]
},
{
"schemaId": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e?resourceName=VerifiableAccreditation&resourceType=JSONSchemaValidator2020",
"types": [
"VerifiableCredential",
"VerifiableAccreditation",
"VerifiableAccreditationToAccredit"
]
},
{
"schemaId": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e?resourceName=VerifiableAttestation&resourceType=JSONSchemaValidator2020",
"types": [
"VerifiableCredential",
"VerifiableAttestation",
"VerifiableAccreditationToAttest"
]
}
]
},
"termsOfUse": {
"type": "TrustFrameworkPolicy",
"trustFramework": "DAIAA Governance Framework",
"trustFrameworkId": "https://medium.com/quantum-economics/why-we-started-the-decentralized-ai-agent-alliance-6eb0938d7bc5"
},
"proof": {
"type": "JwtProof2020",
"jwt": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9..."
}
}Root Authorization (rTAO defines framework)
↓
Verifiable Accreditation (TAO is authorized to operate)
↓
Verifiable Accreditation (Trusted Issuer is authorized)
↓
Verifiable Credential (End-user receives attestation)Trust Chains enable decentralized ecosystems to:
Delegate authority without centralized registries
Define and enforce governance frameworks
Enable TRAIN to validate credentials against trusted policies
Optionally anchor trust using DNS or X.509 proofs
This is especially useful in domains like education, health, supply chain, or finance where hierarchical authority is well established.
Role
Description
rTAO (Root Trusted Accreditation Organisation)
The top-level, highly trusted entity (e.g. government agency or standards body). It defines the governance framework and issues the root authorization.
TAO (Trusted Accreditation Organisation)
An intermediary entity that is accredited by the rTAO or another TAO. It may accredit further entities.
Trusted Issuer
An entity accredited by a TAO or rTAO to issue Verifiable Credentials to holders.
Register a DID to represent your Root Trusted Accreditation Organisation (rTAO). This should be a recognised, high-trust entity.
Optionally, anchor this DID in DNS using a TXT or TLSA record for added assurance in tools like TRAIN.
Before issuing any accreditations, the rTAO must publish a Root Authorization for Trust Chain, which includes:
A URI for the governance framework
A human-readable trust framework ID
Supported credential schemas for the ecosystem
This authorization forms the root of the trust graph and is referenced by all downstream Verifiable Accreditations.
Use the rTAO to issue a Verifiable Accreditation to a TAO. This VA should:
Reference the Root Authorization
Define the scope of trust (e.g. what credential types or domains the TAO can operate in)
Optionally include expiration or other constraints
Each TAO may issue Verifiable Accreditations to one or more Trusted Issuers, who are responsible for issuing actual Verifiable Credentials to end-users.
Each entity is linked by a signed Verifiable Accreditation, and all references point back to the initial Root Authorization for Trust Chain.
In decentralized ecosystems, trust can be strengthened by combining blockchain-based identity with traditional Web PKI. To support this, Root Trusted Accreditation Organisations (rTAOs) can anchor their DIDs in DNS records, enabling domain-level verification of the root of the trust chain.
Anchoring a DID in DNS provides:
🔐 Cryptographic proof of domain control
🌍 Public discoverability and auditability of the rTAO’s identity
✅ Higher assurance in trust chain validation, especially for public sector or federated environments
🤝 Interoperability with tools like TRAIN, which can validate trust chains using DNS lookups
This optional step is highly recommended if your governance model involves domain ownership or if trust must be externally verifiable.
TDZM is a component that manages DNS zones where rTAOs can publish their DIDs as TXT or TLSA records. It integrates with DNS infrastructure to serve trust metadata for automated validation.
TRAIN uses TDZM to verify that:
The rTAO controls the claimed domain
The DID used in the trust chain is anchored in DNS
The governance framework is consistently represented
Anchoring your rTAO in DNS enhances trustworthiness and auditability by:
Providing cryptographic proof of domain control
Allowing trust validators (like TRAIN) to verify the root of the trust chain against public DNS records
Increasing assurance in ecosystems where DNS-based trust is required (e.g., public sector, federated networks)
You can deploy TDZM in two ways:
Locally using Docker Compose
In a Kubernetes Cluster using Helm charts
This is the easiest way to run TDZM for development and testing.
Navigate to the deploy/local directory in the TDZM repository.
Run the deployment script:
The
buildflag is optional but recommended to ensure you’re running the latest version.
This will launch:
A Keycloak instance for authentication
The TDZM backend
The TDZM UI
TDZM Backend: http://localhost:16001
TDZM UI: http://localhost:8001/ui
TDZM can be deployed in a Kubernetes cluster using Helm charts for both the backend and UI.
Kubernetes cluster with Nginx Ingress Controller
TLS certificates available as Kubernetes secrets OR A Let’s Encrypt cert issuer setup via Ingress
Before TDZM can manage your trust zone, you must configure your DNS provider:
NS Record in the parent zone pointing to your TDZM instance Example:
A Record resolving the nameserver to your TDZM server’s IP Example:
These records must be added in the parent zone (e.g., federation1.com) for your trust zone to be valid (trust.federation1.com).
When deploying the backend, set the following values in your Helm values.yaml file:
Property
Description
Example
zoneConfig.TF_DOMAIN_NAME
DNS zone managed by TDZM
trust.federation1.com
zoneConfig.TF_DOMAIN_IP
IP address for the NS server
192.0.2.4
zoneConfig.PRIMARY_SERVER_NSD
Domain of the primary nameserver
ns1.trust.federation1.com
zoneConfig.PRIMARY_SERVER_IP
IP of the primary nameserver
192.0.2.4
Note: TDZM requires a shared volume (ReadWriteMany) for pod scaling. Ensure your cluster supports this (e.g., via NFS).
UI configuration options:
Property
Description
Example
zonemgr_url
Backend URL
http://tdzm-backend.namespace.svc.cluster.local
oidc_issuer_url
OIDC server URL
https://auth.federation1.com
oidc_client_id
OIDC client ID
tzdm-ui-client
oidc_client_secret
Client secret
super-secret-value
Once TDZM is running and DNS is delegated:
Add a TXT record under your trust zone with the content linking your rTAO DID to the domain.
Example DNS entry:
This DNS record will allow TRAIN to resolve and validate the rTAO’s DID during trust chain verification.
TDZM Backend
Manages DNS records and trust zones
TDZM UI
Provides web interface to manage delegations
TRAIN
Uses TDZM-managed DNS records to validate rTAO identities
DNS Provider
Must delegate NS and A records to the TDZM zone manager
Validate the trust chain of a credential using TRAIN, to recursively traverse back to a Root of Trust, and determine the accreditations and authorizations of an issuer Decentralized Identifier (DID).
TRAIN is a trust validation service that evaluates the trustworthiness of Verifiable Credentials (VCs) by checking whether the issuer's Decentralized Identifier (DID) can be traced back to a trusted source—known as a root of trust.
This page explains how TRAIN performs trust validation for credentials issued within the cheqd ecosystem, using Decentralized Trust Chains (DTCs) to verify each step in the chain from the credential issuer to a recognized root authority.
Use the TRAIN APIs below to validate your trust chain:
TRAIN's Trust Validator (TTV) validates credentials by:
Taking a Verifiable Credential (VC) as input.
Identifying the issuer DID from the credential.
Following the credential's trust chain, resolving links between DIDs, Verifiable Accreditations, and Trust Anchors.
Verifying whether the top-level (root) entity in the chain is a trusted source (e.g., DNS-anchored entity, government body, industry group).
Within the cheqd network, Trust Anchors represent root entities that can authorize other issuers via Verifiable Accreditations. These accreditations form Decentralized Trust Chains, which TRAIN evaluates to determine if a credential is trustworthy.
TRAIN integrates the cheqd Trust Anchor model by:
Recognizing VerifiableAccreditation credentials as establishing authority between entities.
Resolving these links recursively up the chain until it reaches a root-level DID.
Checking whether the root DID is associated with a DNS-anchored Trust Anchor using DNSTrustFrameworkPointer entries.
When TRAIN evaluates a credential issued within cheqd's ecosystem, it performs the following checks:
Credential Verification Validates the signature and schema of the input Verifiable Credential.
Trust Chain Resolution
Follows the termsOfUse field and associated VerifiableAccreditation resources to build the credential’s trust chain.
Anchor Resolution
Locates the root DID and evaluates whether it has a valid DNSTrustFrameworkPointer or other proof-of-authority reference (e.g., X.509 linkage).
The following fields are used when submitting a request to the TRAIN Trustworthiness Validator (TTV). This validator checks whether the issuer of a Verifiable Credential is trustworthy by tracing their accreditations up a trust chain. The fields below are passed as JSON in the request body and instruct TRAIN on how to resolve and validate the issuer's authority and compliance with a defined trust policy.
When a trust validation request is submitted, the TRAIN Trust Validator returns a structured JSON response describing the outcome of the trust chain evaluation. This includes the result of DNS anchoring checks (if requested) and the discovered trust framework that governs the credential's validation.
Below is a breakdown of each field returned in the response:
Decentralized Assurance: No need to trust a single registry—chains of accreditations are independently verifiable.
DNS Anchoring: Leverages globally resolvable domain infrastructure to provide high-assurance validation.
Interoperable: Built on open standards like DIDs, VCs, and JSON-LD for compatibility with other ecosystems.
Below is a sequence diagram showing how a request is fully validated.
Root Authorization for Trust Chain (published by rTAO)
↓
Verifiable Accreditation from rTAO to TAO
↓
Verifiable Accreditation from TAO to Trusted Issuer
↓
Verifiable Credential (Attestation) issued to subjectTAO: did:cheqd:gov-edu ← Department of Education
└── Root Authorization → "cheqd Governance Framework"
↓
TAO: did:cheqd:state-certifier ← State Certification Body
↓
Trusted Issuer: did:cheqd:university-123 ← Accredited University
↓
Verifiable Credential: Bachelor of ScienceCopyEdittrust.federation1.com. NS ns1.trust.federation1.com.cssCopyEditns1.trust.federation1.com. A 192.0.2.4bashCopyEdit./deploy.sh buildarduinoCopyEdit_did.trust.federation1.com. TXT "did:cheqd:mainnet:rtao123"authConfigFileContent.ISSUER_URL
OIDC issuer for JWT validation
https://auth.federation1.com
authConfigFileContent.CLIENT_ID
Allowed client ID
tzdm-client
authConfigFileContent.ALLOW_UNSAFE_SSL
Skip SSL validation (not recommended)
false
ui_host
Public UI domain
ui.trust.federation1.com
app_base_url_path
Must be /ui
/ui
Producing a trust assessment (e.g., valid/invalid, verified/unverified) that can be consumed by relying parties.
Anchor Validation Confirms that the root DID’s association with a domain name is cryptographically anchored using DNS-based proofs (e.g., DNS TXT records or TLSA).
Policy Compliance (optional)
Validates that the trust chain complies with local or domain-specific policy requirements (e.g., only accept credentials rooted in .gov domains).
parentAccreditation
✅ Yes
A DID URI pointing to the VerifiableAccreditation that proves the issuer was accredited by a higher authority (i.e. part of a trust chain).
did:cheqd:testnet:07b4e2cb-b0b8-444e-8ed4-b0920115a45e?resourceName=TrustedIssuerAccreditation&resourceType=VerifiableAccreditationToAttest
credentialSchema
❌ Optional
URI for a JSON schema to validate the structure of the credential. If not provided, TRAIN will use the schema defined in the accreditation itself.
https://resolver.cheqd.net/.../resourceName=MuseumPassCredentialSchema&resourceType=JsonSchemaValidator2018
DNSTrustFrameworkPointers
❌ Optional
A list of DNS domains used to verify that the root DID is also DNS-anchored. If not provided, TRAIN will still validate the root DID alone.
[ "cheqd.testtrain.trust-scheme.de" ]
VerificationResult.FoundRootIssuerDID
string
The root DID at the top of the trust chain (i.e. the ultimate Trust Anchor).
"did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e"
VerificationResult.TrustFramework
string
A URL pointing to the governance or policy framework that governs this trust chain. This is sourced from the root authorization (VerifiableAuthorization).
"https://learn.cheqd.io/governance/start"
VerificationResult.TrustFrameworkId
string
A human-readable name or ID of the trust framework, also derived from the root authorization metadata.
"cheqd Governance Framework"
VerificationResult.FindingCorrespondingDNSTrustFrameworkInitiated
boolean
Indicates whether TRAIN attempted to look up a DNS pointer associated with the root DID.
true
VerificationResult.VerifyRootIssuerDIDinDNS
boolean
Indicates whether the root DID was successfully verified via a DNS TXT/TLSA record.
true
Field
Required
Description
Example Value
issuer
✅ Yes
The DID of the issuer of the Verifiable Credential being validated. Must be a valid did:cheqd DID.
did:cheqd:testnet:975f1941-9313-41d4-ac8b-88fedda7ce80
type
✅ Yes
An array of credential types. The first must always be "VerifiableCredential"; any additional values represent the VC subtype.
[ "VerifiableCredential", "MuseumPassCredential" ]
termsofuse
✅ Yes
The policy name or type under which the credential is issued. Indicates which validation logic TRAIN should apply.
"AttestationPolicy"
Field
Type
Description
Example
VerificationStatus
boolean
Indicates whether the root DID was successfully matched against a DNS record. Will only be true if DNS verification was performed and succeeded.
true
VerificationResult
object
Contains detailed information about the accreditation chain, root DID, and DNS verification process.
—
VerificationResult.AccreditorDIDs
string[]
An ordered array of DIDs representing each entity in the accreditation chain, from the VC issuer up to the root authority.
[ "did:cheqd:issuer", "did:cheqd:intermediary", "did:cheqd:root" ]
Issue Verifiable Accreditation
Issue a type of Verifiable Accreditation, including authorizations for the trust chain, and subordinate accreditations
Issue Verifiable Accreditation
Issue a type of Verifiable Accreditation, including authorizations for the trust chain, and subordinate accreditations
Deploy TRAIN and Anchor rTAO in DNS
Add high assurance to your root DID, anchoring it within a DNS record.
Issue Verifiable Accreditations as DID-Linked Resources using cheqd Studio.
Users are able to issue Verifiable Accreditations as DID-Linked Resources on-ledger, which may be used to verify whether a particular recipient of an accreditation is accredited to issue a certain type of credential, under the scope of a particular governance framework. This implementation on cheqd builds on the principles of the EBSI Trust Chain model, using DID-Linked Resources to create a more standardised format for storing, retrieving and dereferencing to trust registry entries.
Make sure you have set up your account with cheqd Studio and are logged in, using our guide below:
Before you can create a Verifiable Accreditation, you need to create a DID which is used to link to one or multiple Verifiable Accreditations on-ledger. Use the API in the page below to create a DID:
Verifiable Accreditations are JSON objects that take the form of the Verifiable Credential data model. There are three types of Verifiable Accreditation:
For each accreditation type, the user will need to use a different request format for the API.
For a trusted ecosystem, these attestations are required to trace the legitimacy of a credential issuer to a root-of-trust.
For a trusted ecosystem, these attestations are required to trace the legitimacy of a credential issuer to a root-of-trust.
Owing to the design of DID-Linked Resources, following the creation of the a Verifiable Accreditation, users are able to reference the specific version, or create a query to always fetch the latest version of the Accreditation.
Using a DID Resolver or the search DID endpoint, users can find the DID URL and unique resourceId of the Verifiable Accreditation. The unique resourceId allows users to specify this exact version of the Accreditation.
In the DID Document Metadata, users should find "linkedResourceMetadata", like the following snippet:
Here, the "resourceURI" specifies the DID URL of the specific Verifiable Accreditation that was created.
In order to reference the latest version of the Verifiable Accreditation, the following construction needs to be used:
did:cheqd:<namespace>:<resourceCollectionId>?resourceName=<resourceName>&resourceType=<resourceType>
For example:
did:cheqd:testnet:0a5b94d0-a417-48ed-a6f5-4abc9e95888d?resourceName=OxfordUniversityAccreditation&resourceType=VerifiableAccreditationToAccredit
In order to reference the Verifiable Accreditation at a particular point in time, the following construction needs to be used:
did:cheqd:<namespace>:<resourceCollectionId>?resourceName=<resourceName>&resourceType=<resourceType>&resourceVerionTime=<XMLDateTime>
For example:
did:cheqd:testnet:0a5b94d0-a417-48ed-a6f5-4abc9e95888d?resourceName=OxfordUniversityAccreditation&resourceType=VerifiableAccreditationToAccredit&resourceVersionTime=2023-02-22T06:58:18.61Z
"accreditationName"
Yes
Name of the accreditation which is used for chronological versioning of the accreditation.
"trustFramework"
Yes
A URL that points to an Ecosystem Governance Framework
"trustFrameworkId"
Yes
The name of the Ecosystem Governance Framework
"credentialStatus"
Optional
An object detailing the status information of the Accreditation
"accreditationName"
Yes
Name of the accreditation which is used for chronological versioning of the accreditation.
"parentAccreditation"
Yes
A URL or DID URL of Accreditation of the Issuer demonstrating capacity to issue this Accreditation.
"rootAuthorization"
Yes
A URL or DID URL of the root authorization governing the ecosystem
"credentialStatus"
Optional
An object detailing the status information of the Accreditation
"accreditationName"
Yes
Name of the accreditation which is used for chronological versioning of the accreditation.
"parentAccreditation"
Yes
A URL or DID URL of Accreditation of the Issuer demonstrating capacity to issue this Accreditation.
"rootAuthorization"
Yes
A URL or DID URL of the root authorization governing the ecosystem
"credentialStatus"
Optional
An object detailing the status information of the Accreditation
Verifiable Authorization for Trust Chain
This Accreditation authorizes the recipient to issue Accreditations with reference to a particular governance framework.
Verifiable Accreditation to Accredit
This Accreditation verifies that an organisation has the permissions needed to accredit other organisations for issuing a particular type of Verifiable Accreditation.
Verifiable Accreditation to Attest
This Accreditation verifies that an organisation has the permissions needed to issue Verifiable Credentials, defined by a particular schema.
"issuerDid"
Yes
The DID of the Issuer of the Accreditation
"subjectDid"
Yes
The DID of the Recipient of the Accreditation
"schemas"
Yes
A schema or multiple schemas that the recipient is accredited to issue
"format"
Optional
"issuerDid"
Yes
The DID of the Issuer of the Accreditation
"subjectDid"
Yes
The DID of the Recipient of the Accreditation
"schemas"
Yes
A schema or multiple schemas that the recipient is accredited to issue
"format"
Optional
"issuerDid"
Yes
The DID of the Issuer of the Accreditation
"subjectDid"
Yes
The DID of the Recipient of the Accreditation
"schemas"
Yes
A schema or multiple schemas that the recipient is accredited to issue
"format"
Optional
Set Up Your Account
Set up your account with cheqd Studio and log in to start using the APIs.
Defaults to "jwt" but may also be "json-ld"
Defaults to "jwt" but may also be "json-ld"
Defaults to "jwt" but may also be "json-ld"
{
"issuerDid": "did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e",
"subjectDid": "did:cheqd:testnet:6af412d7-2f04-4e12-a424-e6719db487ad",
"schemas": [
{
"types": [
"VerifiableCredential",
"MuseumPassCredential"
],
"url": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:0a5b94d0-a417-48ed-a6f5-4abc9e95888d?resourceName=MuseumPassCredentialSchema&resourceType=JsonSchemaValidator2018"
}
],
"format": "jwt",
"accreditationName": "authorizeAccreditationTest",
"trustFramework": "https://learn.cheqd.io/governance/start",
"trustFrameworkId": "cheqd Governance Framework"
}{
"@context": [
"https://www.w3.org/2018/credentials/v1"
],
"type": [
"VerifiableCredential",
"VerifiableAuthorizationForTrustChain"
],
"issuer": {
"id": "did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e"
},
"credentialSubject": {
"accreditedFor": [
{
"schemaId": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:0a5b94d0-a417-48ed-a6f5-4abc9e95888d?resourceName=MuseumPassCredentialSchema&resourceType=JsonSchemaValidator2018",
"types": [
"VerifiableCredential",
"MuseumPassCredential"
]
}
],
"id": "did:cheqd:testnet:6af412d7-2f04-4e12-a424-e6719db487ad"
},
"issuanceDate": "2024-10-15T04:06:47.000Z",
"termsOfUse": {
"type": "TrustFrameworkPolicy",
"trustFramework": "https://learn.cheqd.io/governance/start",
"trustFrameworkId": "cheqd Governance Framework"
},
"proof": {
"type": "JwtProof2020",
"jwt": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSJdLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVmVyaWZpYWJsZUF1dGhvcmlzYXRpb25Gb3JUcnVzdENoYWluIl0sImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImFjY3JlZGl0ZWRGb3IiOlt7InNjaGVtYUlkIjoiaHR0cHM6Ly9yZXNvbHZlci5jaGVxZC5uZXQvMS4wL2lkZW50aWZpZXJzL2RpZDpjaGVxZDp0ZXN0bmV0OjBhNWI5NGQwLWE0MTctNDhlZC1hNmY1LTRhYmM5ZTk1ODg4ZD9yZXNvdXJjZU5hbWU9TXVzZXVtUGFzc0NyZWRlbnRpYWxTY2hlbWEmcmVzb3VyY2VUeXBlPUpzb25TY2hlbWFWYWxpZGF0b3IyMDE4IiwidHlwZSI6Ik11c2V1bVBhc3NDcmVkZW50aWFsIn1dfSwidGVybXNPZlVzZSI6eyJ0eXBlIjoiVmVyaWZpYWJsZUF1dGhvcmlzYXRpb25Gb3JUcnVzdENoYWluIiwidHJ1c3RGcmFtZXdvcmsiOiJodHRwczovL2xlYXJuLmNoZXFkLmlvL2dvdmVybmFuY2Uvc3RhcnQiLCJ0cnVzdEZyYW1ld29ya0lkIjoiY2hlcWQgR292ZXJuYW5jZSBGcmFtZXdvcmsifX0sInN1YiI6ImRpZDpjaGVxZDp0ZXN0bmV0OjZhZjQxMmQ3LTJmMDQtNGUxMi1hNDI0LWU2NzE5ZGI0ODdhZCIsIm5iZiI6MTcyODk2NTIwNywiaXNzIjoiZGlkOmNoZXFkOnRlc3RuZXQ6YjAwM2RmNmYtZWM4ZS00OGRkLTlhMmItNzAxMWM1Y2YwYTVlIn0.6dKE9-y2Id852onu1_WnD6aJnDtxgFZcjCbCfQ8MT1ACsHY8ox5jiKP4QUJNmhwesLidC99Qa0uyCrUhvHc2Bg"
}
}{
"issuerDid": "did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e",
"subjectDid": "did:cheqd:testnet:6af412d7-2f04-4e12-a424-e6719db487ad",
"schemas": [
{
"types": [
"VerifiableCredential",
"MuseumPassCredential"
],
"url": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:0a5b94d0-a417-48ed-a6f5-4abc9e95888d?resourceName=MuseumPassCredentialSchema&resourceType=JsonSchemaValidator2018"
}
],
"format": "jwt",
"accreditationName": "accreditationToAttestTest",
"parentAccreditation": "did:cheqd:testnet:15b74787-6e48-4fd5-8020-eab24e990578?resourceName=accreditAccreditation&resourceType=VerifiableAccreditationToAccredit",
"rootAuthorization": "did:cheqd:testnet:5RpEg66jhhbmASWPXJRWrA?resourceName=authorizeAccreditation&resourceType=VerifiableAuthorisationForTrustChain",
}{
"@context": [
"https://www.w3.org/2018/credentials/v1"
],
"type": [
"VerifiableCredential",
"VerifiableAccreditationToAccredit"
],
"issuer": {
"id": "did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e"
},
"credentialSubject": {
"accreditedFor": [
{
"schemaId": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:0a5b94d0-a417-48ed-a6f5-4abc9e95888d?resourceName=MuseumPassCredentialSchema&resourceType=JsonSchemaValidator2018",
"types": [
"VerifiableCredential",
"MuseumPassCredential"
]
}
],
"id": "did:cheqd:testnet:6af412d7-2f04-4e12-a424-e6719db487ad"
},
"issuanceDate": "2024-10-15T04:06:47.000Z",
"termsOfUse": {
"type": "VerifiableAuthorisationForTrustChain",
"parentAccreditation": "did:cheqd:testnet:15b74787-6e48-4fd5-8020-eab24e990578?resourceName=accreditAccreditation&resourceType=VerifiableAccreditationToAccredit",
"rootAuthorization": "did:cheqd:testnet:5RpEg66jhhbmASWPXJRWrA?resourceName=authorizeAccreditation&resourceType=VerifiableAuthorisationForTrustChain",
},
"proof": {
"type": "JwtProof2020",
"jwt": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSJdLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVmVyaWZpYWJsZUF1dGhvcmlzYXRpb25Gb3JUcnVzdENoYWluIl0sImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImFjY3JlZGl0ZWRGb3IiOlt7InNjaGVtYUlkIjoiaHR0cHM6Ly9yZXNvbHZlci5jaGVxZC5uZXQvMS4wL2lkZW50aWZpZXJzL2RpZDpjaGVxZDp0ZXN0bmV0OjBhNWI5NGQwLWE0MTctNDhlZC1hNmY1LTRhYmM5ZTk1ODg4ZD9yZXNvdXJjZU5hbWU9TXVzZXVtUGFzc0NyZWRlbnRpYWxTY2hlbWEmcmVzb3VyY2VUeXBlPUpzb25TY2hlbWFWYWxpZGF0b3IyMDE4IiwidHlwZSI6Ik11c2V1bVBhc3NDcmVkZW50aWFsIn1dfSwidGVybXNPZlVzZSI6eyJ0eXBlIjoiVmVyaWZpYWJsZUF1dGhvcmlzYXRpb25Gb3JUcnVzdENoYWluIiwidHJ1c3RGcmFtZXdvcmsiOiJodHRwczovL2xlYXJuLmNoZXFkLmlvL2dvdmVybmFuY2Uvc3RhcnQiLCJ0cnVzdEZyYW1ld29ya0lkIjoiY2hlcWQgR292ZXJuYW5jZSBGcmFtZXdvcmsifX0sInN1YiI6ImRpZDpjaGVxZDp0ZXN0bmV0OjZhZjQxMmQ3LTJmMDQtNGUxMi1hNDI0LWU2NzE5ZGI0ODdhZCIsIm5iZiI6MTcyODk2NTIwNywiaXNzIjoiZGlkOmNoZXFkOnRlc3RuZXQ6YjAwM2RmNmYtZWM4ZS00OGRkLTlhMmItNzAxMWM1Y2YwYTVlIn0.6dKE9-y2Id852onu1_WnD6aJnDtxgFZcjCbCfQ8MT1ACsHY8ox5jiKP4QUJNmhwesLidC99Qa0uyCrUhvHc2Bg"
}
}{
"issuerDid": "did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e",
"subjectDid": "did:cheqd:testnet:6af412d7-2f04-4e12-a424-e6719db487ad",
"schemas": [
{
"types": [
"VerifiableCredential",
"MuseumPassCredential"
],
"url": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:0a5b94d0-a417-48ed-a6f5-4abc9e95888d?resourceName=MuseumPassCredentialSchema&resourceType=JsonSchemaValidator2018"
}
],
"format": "jwt",
"accreditationName": "accreditationToAttestTest",
"parentAccreditation": "did:cheqd:testnet:15b74787-6e48-4fd5-8020-eab24e990578?resourceName=accreditAccreditation&resourceType=VerifiableAccreditationToAccredit",
"rootAuthorization": "did:cheqd:testnet:5RpEg66jhhbmASWPXJRWrA?resourceName=authorizeAccreditation&resourceType=VerifiableAuthorizationForTrustChain",
}{
"@context": [
"https://www.w3.org/2018/credentials/v1"
],
"type": [
"VerifiableCredential",
"VerifiableAccreditationToAccredit"
],
"issuer": {
"id": "did:cheqd:testnet:b003df6f-ec8e-48dd-9a2b-7011c5cf0a5e"
},
"credentialSubject": {
"accreditedFor": [
{
"schemaId": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:0a5b94d0-a417-48ed-a6f5-4abc9e95888d?resourceName=MuseumPassCredentialSchema&resourceType=JsonSchemaValidator2018",
"types": [
"VerifiableCredential",
"MuseumPassCredential"
]
}
],
"id": "did:cheqd:testnet:6af412d7-2f04-4e12-a424-e6719db487ad"
},
"issuanceDate": "2024-10-15T04:06:47.000Z",
"termsOfUse": {
"type": "VerifiableAuthorisationForTrustChain",
"parentAccreditation": "did:cheqd:testnet:15b74787-6e48-4fd5-8020-eab24e990578?resourceName=accreditAccreditation&resourceType=VerifiableAccreditationToAccredit",
"rootAuthorization": "did:cheqd:testnet:5RpEg66jhhbmASWPXJRWrA?resourceName=authorizeAccreditation&resourceType=VerifiableAuthorisationForTrustChain",
},
"proof": {
"type": "JwtProof2020",
"jwt": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSJdLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVmVyaWZpYWJsZUF1dGhvcmlzYXRpb25Gb3JUcnVzdENoYWluIl0sImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImFjY3JlZGl0ZWRGb3IiOlt7InNjaGVtYUlkIjoiaHR0cHM6Ly9yZXNvbHZlci5jaGVxZC5uZXQvMS4wL2lkZW50aWZpZXJzL2RpZDpjaGVxZDp0ZXN0bmV0OjBhNWI5NGQwLWE0MTctNDhlZC1hNmY1LTRhYmM5ZTk1ODg4ZD9yZXNvdXJjZU5hbWU9TXVzZXVtUGFzc0NyZWRlbnRpYWxTY2hlbWEmcmVzb3VyY2VUeXBlPUpzb25TY2hlbWFWYWxpZGF0b3IyMDE4IiwidHlwZSI6Ik11c2V1bVBhc3NDcmVkZW50aWFsIn1dfSwidGVybXNPZlVzZSI6eyJ0eXBlIjoiVmVyaWZpYWJsZUF1dGhvcmlzYXRpb25Gb3JUcnVzdENoYWluIiwidHJ1c3RGcmFtZXdvcmsiOiJodHRwczovL2xlYXJuLmNoZXFkLmlvL2dvdmVybmFuY2Uvc3RhcnQiLCJ0cnVzdEZyYW1ld29ya0lkIjoiY2hlcWQgR292ZXJuYW5jZSBGcmFtZXdvcmsifX0sInN1YiI6ImRpZDpjaGVxZDp0ZXN0bmV0OjZhZjQxMmQ3LTJmMDQtNGUxMi1hNDI0LWU2NzE5ZGI0ODdhZCIsIm5iZiI6MTcyODk2NTIwNywiaXNzIjoiZGlkOmNoZXFkOnRlc3RuZXQ6YjAwM2RmNmYtZWM4ZS00OGRkLTlhMmItNzAxMWM1Y2YwYTVlIn0.6dKE9-y2Id852onu1_WnD6aJnDtxgFZcjCbCfQ8MT1ACsHY8ox5jiKP4QUJNmhwesLidC99Qa0uyCrUhvHc2Bg"
}
}"linkedResourceMetadata": [
{
"resourceURI": "did:cheqd:testnet:0a5b94d0-a417-48ed-a6f5-4abc9e95888d/resources/4e1104f9-2ee9-4bde-adc2-ab8ba72b124a",
"resourceCollectionId": "0a5b94d0-a417-48ed-a6f5-4abc9e95888d",
"resourceId": "4e1104f9-2ee9-4bde-adc2-ab8ba72b124a",
"resourceName": "OxfordUniversityAccreditation",
"resourceType": "VerifiableAccreditationToAccredit",
"mediaType": "application/json",
"resourceVersion": "",
"created": "2023-03-24T12:13:45Z",
"checksum": "6819aaecd4073173b159fedf8077c38e14939d03d58e7f4e2a0ddfe034eb2ed4",
"previousVersionId": null,
"nextVersionId": null
} Generate and publish a Verifiable Accreditation for a subject DID as a DID Linked resource.
If set to true the verification will also check the status of the accreditation. Requires the VC to have a credentialStatus property.
falseIf set to true allow to verify accreditation which based on deactivated DID.
falseDID of the Verifiable Accreditation holder/subject. This needs to be a did:key DID.
did:cheqd:testnet:5efa5126-c070-420f-a9c2-d22ae6eefb92DID URL of the Verifiable Accreditation to be verified as a VC-JWT string or a JSON object.
did:cheqd:testnet:7c2b990c-3d05-4ebf-91af-f4f4d0091d2e?resourceName=cheqd-issuer-logo&resourceType=CredentialArtworkDID of the Verifiable Accreditation holder/subject
did:cheqd:testnet:7c2b990c-3d05-4ebf-91af-f4f4d0091d2eUnique resource identifier of the Verifiable Accreditation
398cee0a-efac-4643-9f4c-74c48c72a14bResource name of the Verifiable Accreditation
cheqd-issuer-logoResource type of the Verifiable Accreditation
CredentialArtworkGenerate and publish a Verifiable Accreditation for a subject DID as a DID Linked resource.
Select the type of accreditation to be issued.
Input fields for the creating a Verifiable Accreditation.
DID of the Verifiable Accreditation issuer. This needs to be a did:cheqd DID.
did:cheqd:testnet:7bf81a20-633c-4cc7-bc4a-5a45801005e0DID of the Verifiable Accreditation holder/subject. This needs to be a did:cheqd DID.
did:cheqd:testnet:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doKUnique name of the Verifiable Accreditation.
JSON object containing the attributes to be included in the Accreditation.
Optional properties to be included in the @context property of the Accreditation.
["https://schema.org/schema.jsonld","https://veramo.io/contexts/profile/v1"]DID URL of the parent Verifiable Accreditation, required for accredit/attest operation.
DID URL of the root Verifiable Accreditation, required for accredit/attest operation.
Name or Type of the Trust Framework, required for authorize operation.
Url of the Trust Framework, required for authorize operation.
Optional properties to be included in the type property of the Accreditation.
["Person"]Optional expiration date according to the <a href=https://www.w3.org/TR/vc-data-model/#expiration> VC Data Model specification.
2023-06-08T13:49:28.000ZFormat of the Verifiable Accreditation. Defaults to VC-JWT.
jwtPossible values: Terms of use can be utilized by an issuer or a holder to communicate the terms under which a verifiable credential was issued.
{"type":"IssuerPolicy","id":"http://example.com/policies/credential/4","profile":"http://example.com/profiles/credential","prohibition":[{"assigner":"https://example.edu/issuers/14","assignee":"AllVerifiers","target":"http://example.edu/credentials/3732","action":["Archival"]}]}RefreshService property MUST be one or more refresh services that provides enough information to the recipient's software such that the recipient can refresh the verifiable credential.
{"type":"ManualRefreshService2018","id":"https://example.edu/refresh/3732"}Evidence property MUST be one or more evidence schemes providing enough information for a verifier to determine whether the evidence gathered by the issuer meets its confidence requirements for relying on the credential.
{"type":["DocumentVerification"],"id":"https://example.edu/evidence/f2aeec97-fc0d-42bf-8ca7-0548192d4231","verifier":"https://example.edu/issuers/14","evidenceDocument":"DriversLicense","subjectPresence":"Physical","documentPresence":"Physical","licenseNumber":"123AB4567"}The request was successful.
A problem with the input fields has occurred. Additional state information plus metadata may be available in the response body.
Access token is missing or invalid
An internal error has occurred. Additional state information plus metadata may be available in the response body.
The request was successful.
A problem with the input fields has occurred. Additional state information plus metadata may be available in the response body.
Access token is missing or invalid
An internal error has occurred. Additional state information plus metadata may be available in the response body.
POST /trust-registry/accreditation/verify HTTP/1.1
Host: studio-api.cheqd.net
x-api-key: YOUR_API_KEY
Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 500
"subjectDid='did:cheqd:testnet:5efa5126-c070-420f-a9c2-d22ae6eefb92'&didUrl='did:cheqd:testnet:7c2b990c-3d05-4ebf-91af-f4f4d0091d2e?resourceName=cheqd-issuer-logo&resourceType=CredentialArtwork'&did='did:cheqd:testnet:7c2b990c-3d05-4ebf-91af-f4f4d0091d2e'&resourceId='398cee0a-efac-4643-9f4c-74c48c72a14b'&resourceName='cheqd-issuer-logo'&resourceType='CredentialArtwork'&schemas=[{'types':['text'],'url':'text'}]&policies={'issuanceDate':true,'expirationDate':true,'audience':false}"POST /trust-registry/accreditation/issue?accreditationType=authorize HTTP/1.1
Host: studio-api.cheqd.net
x-api-key: YOUR_API_KEY
Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 955
"issuerDid='did:cheqd:testnet:7bf81a20-633c-4cc7-bc4a-5a45801005e0'&subjectDid='did:cheqd:testnet:2582fe17-9b25-45e4-8104-1cfca430f0c3'&schemas=[{'type':'MuseumPassCredential','url':'https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:0a5b94d0-a417-48ed-a6f5-4abc9e95888d?resourceName=MuseumPassCredentialSchema&resourceType=JsonSchemaValidator2018'}]&format='jwt'&accreditationName='authorizeAccreditation'&trustFramework='https://learn.cheqd.io/governance/start'&trustFrameworkId='cheqd Governance Framework'&parentAccreditation='did:cheqd:testnet:15b74787-6e48-4fd5-8020-eab24e990578?resourceName=accreditAccreditation&resourceType=VerifiableAccreditationToAccredit'&rootAuthorization='did:cheqd:testnet:5RpEg66jhhbmASWPXJRWrA?resourceName=authorizeAccreditation&resourceType=VerifiableAuthorizationForTrustChain'&credentialStatus={'statusPurpose':'revocation','statusListName':'employee-credentials','statusListIndex':10}"{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://schema.org",
"https://veramo.io/contexts/profile/v1"
],
"credentialSubject": {
"gender": "male",
"id": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
"name": "Bob"
},
"credentialStatus": {
"id": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:7c2b990c-3d05-4ebf-91af-f4f4d0091d2e?resourceName=cheqd-suspension-1&resourceType=StatusList2021Suspension#20",
"statusIndex": 20,
"statusPurpose": "suspension",
"type": "StatusList2021Entry"
},
"issuanceDate": "2023-06-08T13:49:28.000Z",
"issuer": {
"id": "did:cheqd:testnet:7bf81a20-633c-4cc7-bc4a-5a45801005e0"
},
"proof": {
"jwt": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkaWQ6Y2hlcWQ6dGVzdG5ldDo3YmY4MWEyMC02MzNjLTRjYzctYmM0YS01YTQ1ODAxMDA1ZTAiLCJuYmYiOjE2ODYyMzIxNjgsInN1YiI6ImRpZDprZXk6ejZNa2hhWGdCWkR2b3REa0w1MjU3ZmFpenRpR2lDMlF0S0xHcGJubkVHdGEyZG9LIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3NjaGVtYS5vcmciLCJodHRwczovL3ZlcmFtby5pby9jb250ZXh0cy9wcm9maWxlL3YxIl0sImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImdlbmRlciI6Im1hbGUiLCJuYW1lIjoiQm9iIn0sInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJQZXJzb24iXX19.wMfdR6RtyAZA4eoWya5Aw97wwER2Cm5Guk780Xw8H9fA3sfudIJeLRLboqixpTchqSbYeA7KbuCTAnLgXTD_Cg",
"type": "JwtProof2020"
},
"type": [
"VerifiableCredential",
"Person"
]
}{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://schema.org",
"https://veramo.io/contexts/profile/v1"
],
"credentialSubject": {
"gender": "male",
"id": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
"name": "Bob"
},
"credentialStatus": {
"id": "https://resolver.cheqd.net/1.0/identifiers/did:cheqd:testnet:7c2b990c-3d05-4ebf-91af-f4f4d0091d2e?resourceName=cheqd-suspension-1&resourceType=StatusList2021Suspension#20",
"statusIndex": 20,
"statusPurpose": "suspension",
"type": "StatusList2021Entry"
},
"issuanceDate": "2023-06-08T13:49:28.000Z",
"issuer": {
"id": "did:cheqd:testnet:7bf81a20-633c-4cc7-bc4a-5a45801005e0"
},
"proof": {
"jwt": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkaWQ6Y2hlcWQ6dGVzdG5ldDo3YmY4MWEyMC02MzNjLTRjYzctYmM0YS01YTQ1ODAxMDA1ZTAiLCJuYmYiOjE2ODYyMzIxNjgsInN1YiI6ImRpZDprZXk6ejZNa2hhWGdCWkR2b3REa0w1MjU3ZmFpenRpR2lDMlF0S0xHcGJubkVHdGEyZG9LIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3NjaGVtYS5vcmciLCJodHRwczovL3ZlcmFtby5pby9jb250ZXh0cy9wcm9maWxlL3YxIl0sImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImdlbmRlciI6Im1hbGUiLCJuYW1lIjoiQm9iIn0sInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJQZXJzb24iXX19.wMfdR6RtyAZA4eoWya5Aw97wwER2Cm5Guk780Xw8H9fA3sfudIJeLRLboqixpTchqSbYeA7KbuCTAnLgXTD_Cg",
"type": "JwtProof2020"
},
"type": [
"VerifiableCredential",
"Person"
]
}