Skip to main content

Design a Trust Chain

The following page guides you through designing a Trust Chain for your use case. The goal here is to identify all possible actors and their interaction, and to design your trust chain accordingly.

info

For a deep dive into the inner workings of the EBSI trust chain, visit What are Trust Chains?.

The following figure provides an illustration of a Trust Chain for an example use case in the education domain, where the first link, or RTAO, is a National Government.

Trust Model

Diagram 2.1.1

By completing this section, you will:

  • Identify all actors and map out their roles and relationships.
  • Define the rules and policies of your use case.
  • Define the legal identities involved.
  • Define accreditations issued by the Trusted Accreditation Organisation.

To do this, in the Hands on! section below, we will begin from bottom to top. We will start by defining the bottom level of Diagram 2.1.1 (Level 3) first, making our way up the Trust Chain.

Hands on!

1. Identify domain-specific Verifiable Credentials

List any domain-specific Verifiable Credentials that the Trusted Issuer(s) will issue.

  1. Identify the Verifiable Credentials you will issue in your project.
  2. Visit the (existing) EBSI Data Models page and check if data models for your use case already exist. For an introduction to data models, see section Create your Data Model.
  3. List the Verifiable Credentials that you will issue in your project in Trust Chain Template #1.
  4. Define a data model and JSON schema according to section Create your Data Model and contact our Support Office (SO) to publish them in the JSON Schemas Registry.
  5. (Optional) Prepare representative examples and contact our Support Office (SO) to publish them in the JSON Schemas Registry.

Trust Chain Template #1

Verifiable Credential NameLink to the JSON Schema (if it already exists)Link to Examples (examples)

To register a JSON Schema please contact our Support Office (SO).

Hands on!

2. Trusted Issuers

Identify the Trusted Issuer(s).

  1. List the organisations that will issue the Verifiable Credentials (VCs) part of your project in Trust Chain Template #2.
  2. List the type of VC a given organisation will issue.

Trust Chain Template #2

Trusted IssuerVerifiable Credential to be issuedDoes it require accreditation?
Hands on!

3. Accrediting organisations

Identify the Trusted Issuer(s).

Identify the accrediting organisations.

  1. List which issuers must be accredited to be eligible to issue Verifiable Credentials in Trust Chain Template #3.
  2. List the accrediting organisations in Template: Accrediting Organisations
  3. List the accreditation frameworks in Template: Accrediting Organisations

Trust Chain Template #3

Accrediting OrganisationAccreditation for VC (list a VC)Related legislation/regulation
Hands on!

4. Put it all together

Identify the actors and map out the relationship between the different actors, their roles and their relationships.

Hands on!

Collect information about the legal entities involved. Do so by filling in Trust Chain Template #5 for every actor that is part of your trust chain.

Trust Chain Template #5

PropertyDescriptionValue
idREQUIRED. Defines unique identifier of the credential subject.
legalPersonalIdentifierOPTIONAL. National/Legal Identifier of Credential Subject (constructed by the sending Member State in accordance with the technical specifications for the purposes of cross-border identification and which is as persistent as possible in time).
legalNameREQUIRED. Official legal name of Credential Subject.
legalAddressOPTIONAL. Official legal address of Credential Subject.
VATRegistrationOPTIONAL. VAT number of Credential Subject.
taxReferenceOPTIONAL. Official tax reference number of Credential Subject.
LEIOPTIONAL. Official legal entity identifier (LEI) of Credential Subject (referred to in Commission Implementing Regulation (EU) No 1247/2012).
EORIOPTIONAL. Economic Operator Registration and Identification (EORI) of Credential Subject (referred to in Commission Implementing Regulation (EU) No 1352/2013).
SEEDOPTIONAL. System for Exchange of Excise Data (SEED) of Credential Subject (i.e. excise number provided in Article 2(12) of Council Regulation (EC) No 389/2012).
SICOPTIONAL. Standard Industrial Classification (SIC) of Credential Subject (Article 3(1) of Directive 2009/101/EC of the European Parliament and of the Council.)
domainNameREQUIRED. Domain name of Credential Subject.

Congratulations! for having identified all actors, their roles, and relationships, and defined the rules, policies, and legal identities for your use case.