The following subsection guides you through designing a Trust Chain for your use case. The goal here is to identify all possible actors and their interaction, and to design your trust chain accordingly.
A Trust Chain is a hierarchical relationship among different entities, where trust flows downwards and is inherited from the top of the chain. Establishing trust between entities that do not necessarily know each other, this framework allows for the secure and decentralised exchange of Verifiable Credentials. A Trust Chain must contain at least one of each of the following three roles:
- Root Trusted Accreditation Organisation (Root TAO), which represents the foundation of the Trust Model and has full control of the Trust Chain.
- Trusted Accreditation Organisation(s) (TAOs), which govern an accreditation segment on behalf of the RTAO.
- Trusted Issuer(s) (TIs), which represents the Issuers of the credentials in a trust chain.
Please visit our current Issuer Trust Model for a deep dive into the inner workings of the trust chain (employed by EBSI).
The following figure provides an illustration of a Trust Chain for an example use case in the education domain, where the first link, or RTAO, is a National Government.
Diagram 2.1.1
Overview - Trust Chain definition
By completing this subsection, you will:
- Identify all actors and map out their roles and relationships.
- Define the rules and policies of your use case.
- Define the legal identities involved.
- Define accreditations issued by the Trusted Accreditation Organisation.
To do this, in the Hands on! section below, we will begin from bottom to top. We will start by defining the bottom level of Diagram 2.1.1 (Level 3) first, making our way up the Trust Chain.
It's time to define your own Trust Chain. The following templates will help you define your project's Trust Chain and be well-equipped for the following sections of this Toolkit.
1 - Identify domain-specific Verifiable Credentials
List any domain-specific Verifiable Credentials that the Trusted Issuer(s) will issue.
- Identify the Verifiable Credentials you will issue in your project.
- Visit the (existing) EBSI Data Models page and check if data models for your use case already exist. For an introduction to data models, see section Create your Data Model.
- List the Verifiable Credentials that you will issue in your project in Section 2 Template #1.
- Define a data model and JSON schema according to section Create your Data Model and open a ticket through our Support Office (SO) to publish them in the JSON Schemas Registry.
- (Optional) Prepare representative examples and open a ticket to publish them in the JSON Schemas Registry Support Office (SO).
Section 2 Template #1
| Verifiable Credential Name | Link to the JSON Schema (if it already exists) | Link to Examples (examples) |
|---|---|---|
To register a JSON Schema please open a ticket at our Support Office (SO).
2 - Trusted Issuers
Identify the Trusted Issuer(s).
- List the organisations that will issue the Verifiable Credentials (VCs) part of your project in Section 2 Template #2.
- List the type of VC a given organisation will issue.
Section 2 Template #2
| Trusted Issuer | Verifiable Credential to be issued | Does it require accreditation? |
|---|---|---|
3 - Accrediting organisations
Identify the Trusted Issuer(s).
Identify the accrediting organisations.
- List which issuers must be accredited to be eligible to issue Verifiable Credentials in Section 2 Template #3.
- List the accrediting organisations in Template: Accrediting Organisations
- List the accreditation frameworks in Template: Accrediting Organisations
Section 2 Template #3
| Accrediting Organisation | Accreditation for VC (list a VC) | Related legislation/regulation |
|---|---|---|
4 - Put it all together
Identify the actors and map out the relationship between the different actors, their roles and their relationships by filling out Section 2 Template #4.
5 - Legal entities information
Collect information about the legal entities involved. Do so by filling in Section 2 Template #5 for every actor that is part of your trust chain.
S2 Template #5
| Property | Description | Value |
|---|---|---|
| id | REQUIRED. Defines unique identifier of the credential subject. | |
| legalPersonalIdentifier | OPTIONAL. National/Legal Identifier of Credential Subject (constructed by the sending Member State in accordance with the technical specifications for the purposes of cross-border identification and which is as persistent as possible in time). | |
| legalName | REQUIRED. Official legal name of Credential Subject. | |
| legalAddress | OPTIONAL. Official legal address of Credential Subject. | |
| VATRegistration | OPTIONAL. VAT number of Credential Subject. | |
| taxReference | OPTIONAL. Official tax reference number of Credential Subject. | |
| LEI | OPTIONAL. Official legal entity identifier (LEI) of Credential Subject (referred to in Commission Implementing Regulation (EU) No 1247/2012). | |
| EORI | OPTIONAL. Economic Operator Registration and Identification (EORI) of Credential Subject (referred to in Commission Implementing Regulation (EU) No 1352/2013). | |
| SEED | OPTIONAL. System for Exchange of Excise Data (SEED) of Credential Subject (i.e. excise number provided in Article 2(12) of Council Regulation (EC) No 389/2012). | |
| SIC | OPTIONAL. Standard Industrial Classification (SIC) of Credential Subject (Article 3(1) of Directive 2009/101/EC of the European Parliament and of the Council.) | |
| domainName | REQUIRED. Domain name of Credential Subject. |
Congratulations! Having identified all actors, their roles, and relationships, and defined the rules, policies, and legal identities for your use case, you're now ready to proceed to Create your Data Model.