Skip to main content
European CommissionEBSI European Blockchain

Design your trust chain

Last updated on

The following subsection guides you through designing a Trust Chain for your use case. The goal here is to identify all possible actors and their interaction, and to design your trust chain accordingly.

A Trust Chain is a hierarchical relationship among different entities, where trust flows downwards and is inherited from the top of the chain. Establishing trust between entities that do not necessarily know each other, this framework allows for the secure and decentralised exchange of Verifiable Credentials. A Trust Chain must contain at least one of each of the following three roles:

  • Root Trusted Accreditation Organisation (Root TAO), which represents the foundation of the Trust Model and has full control of the Trust Chain.
  • Trusted Accreditation Organisation(s) (TAOs), which govern an accreditation segment on behalf of the RTAO.
  • Trusted Issuer(s) (TIs), which represents the Issuers of the credentials in a trust chain.
info

Please visit our current Issuer Trust Model for a deep dive into the inner workings of the trust chain (employed by EBSI).

The following figure provides an illustration of a Trust Chain for an example use case in the education domain, where the first link, or RTAO, is a National Government.

Trust Model

Diagram 2.1.1

Overview - Trust Chain definition

By completing this subsection, you will:

  • Identify all actors and map out their roles and relationships.
  • Define the rules and policies of your use case.
  • Define the legal identities involved.
  • Define accreditations issued by the Trusted Accreditation Organisation.

To do this, in the Hands on! section below, we will begin from bottom to top. We will start by defining the bottom level of Diagram 2.1.1 (Level 3) first, making our way up the Trust Chain.

Hands on!

It's time to define your own Trust Chain. The following templates will help you define your project's Trust Chain and be well-equipped for the following sections of this Toolkit.

1 - Identify domain-specific Verifiable Credentials

List any domain-specific Verifiable Credentials that the Trusted Issuer(s) will issue.

  1. Identify the Verifiable Credentials you will issue in your project.
  2. Visit the (existing) EBSI Data Models page and check if data models for your use case already exist. For an introduction to data models, see section Create your Data Model.
  3. List the Verifiable Credentials that you will issue in your project in Section 2 Template #1.
  4. Define a data model and JSON schema according to section Create your Data Model and open a ticket through our Support Office (SO) to publish them in the JSON Schemas Registry.
  5. (Optional) Prepare representative examples and open a ticket to publish them in the JSON Schemas Registry Support Office (SO).

Section 2 Template #1

Verifiable Credential NameLink to the JSON Schema (if it already exists)Link to Examples (examples)

To register a JSON Schema please open a ticket at our Support Office (SO).

Hands on!

2 - Trusted Issuers

Identify the Trusted Issuer(s).

  1. List the organisations that will issue the Verifiable Credentials (VCs) part of your project in Section 2 Template #2.
  2. List the type of VC a given organisation will issue.

Section 2 Template #2

Trusted IssuerVerifiable Credential to be issuedDoes it require accreditation?
Hands on!

3 - Accrediting organisations

Identify the Trusted Issuer(s).

Identify the accrediting organisations.

  1. List which issuers must be accredited to be eligible to issue Verifiable Credentials in Section 2 Template #3.
  2. List the accrediting organisations in Template: Accrediting Organisations
  3. List the accreditation frameworks in Template: Accrediting Organisations

Section 2 Template #3

Accrediting OrganisationAccreditation for VC (list a VC)Related legislation/regulation
Hands on!

4 - Put it all together

Identify the actors and map out the relationship between the different actors, their roles and their relationships by filling out Section 2 Template #4.

Hands on!

Collect information about the legal entities involved. Do so by filling in Section 2 Template #5 for every actor that is part of your trust chain.

S2 Template #5

PropertyDescriptionValue
idREQUIRED. Defines unique identifier of the credential subject.
legalPersonalIdentifierOPTIONAL. National/Legal Identifier of Credential Subject (constructed by the sending Member State in accordance with the technical specifications for the purposes of cross-border identification and which is as persistent as possible in time).
legalNameREQUIRED. Official legal name of Credential Subject.
legalAddressOPTIONAL. Official legal address of Credential Subject.
VATRegistrationOPTIONAL. VAT number of Credential Subject.
taxReferenceOPTIONAL. Official tax reference number of Credential Subject.
LEIOPTIONAL. Official legal entity identifier (LEI) of Credential Subject (referred to in Commission Implementing Regulation (EU) No 1247/2012).
EORIOPTIONAL. Economic Operator Registration and Identification (EORI) of Credential Subject (referred to in Commission Implementing Regulation (EU) No 1352/2013).
SEEDOPTIONAL. System for Exchange of Excise Data (SEED) of Credential Subject (i.e. excise number provided in Article 2(12) of Council Regulation (EC) No 389/2012).
SICOPTIONAL. Standard Industrial Classification (SIC) of Credential Subject (Article 3(1) of Directive 2009/101/EC of the European Parliament and of the Council.)
domainNameREQUIRED. Domain name of Credential Subject.

Congratulations! Having identified all actors, their roles, and relationships, and defined the rules, policies, and legal identities for your use case, you're now ready to proceed to Create your Data Model.