Skip to main content
European CommissionEBSI European Blockchain

Design your Trust chain

Last updated on

The following subsection is to guide you on how to design a Trust Chain for your use case. The goal here is to understand what all the possible actors are and what interactions are possible, designing your trust chain accordingly.

A Trust Chain is a hierarchical relationship between different entities, where trust flows downwards, inherited from the top of the chain. This allows for the secure, and decentralised, exchange of Verifiable Credentials. It is a way of establishing trust between entities that do not necessarily know each other. A Trust Chain must contain at least one of each of the following three roles:

  • Root Trusted Accreditation Organisation (Root TAO), which represents a Trust Model and has full control of the Trust Chain.
  • Trusted Accreditation Organisation(s) (TAOs), which govern an accreditation segment on behalf of the RTAO.
  • Trusted Issuer(s) (TIs), which represents the Issuers of the credentials in a trust chain.

The following figure provides an illustration of a Trust Chain for an example education use case, where the first link is a National Government, with trust flowing down.

Trust Model

Diagram 2.1.1

Overview - Trust Chain definition

The outcome of this subsection will be to:

  • Identify all actors and map out their roles and relationships.
  • Define the rules and policies of your use case.
  • Define the legal identities.
  • Define accreditations that will be issued by the Trusted Accreditation Organisation.

To do this, in the Hands on! section below we will begin from bottom to top, by defining the bottom level of Diagram 2.1.1 (Level 3) first and move our way up the Trust Chain.

Hands on!

It's time to define your own Trust Chain. The following templates will help you define your project's Trust Chain and be well-equipped for the following sections of this Toolkit.

1 - Identify domain-specific Verifiable Credentials

List any domain-specific Verifiable Credentials that the Trusted Issuer(s) will issue.

  1. Identify the Verifiable Credentials you will issue in your project.
  2. Visit the (existing) EBSI Data Models page and check if data models for your use case already exist. For an introduction to data models, see section Create your Data Model.
  3. List the Verifiable Credentials that you will issue in your project in Section 2 Template #1.
  4. Define a data model and JSON schema according to section Create your Data Model and open a ticket through our Support Office (SO) to publish them in the JSON Schemas Registry.
  5. (Optional) Prepare representative examples and open a ticket to publish them in the JSON Schemas Registry Support Office (SO).

Section 2 Template #1

Verifiable Credential NameLink to the JSON Schema (if it already exists)Link to Examples (examples)

To register a JSON Schema please open a ticket at our Support Office (SO).

Hands on!

2 - Trusted Issuers

Identify the Trusted Issuer(s).

  1. List the organisations that will issue the Verifiable Credentials (VCs) part of your project in Section 2 Template #2.
  2. List which VC a given organization will issue.

Section 2 Template #2

Trusted IssuerVerifiable Credential to be issuedDoes it require accreditation?
Hands on!

3 - Accrediting organisations

Identify the Trusted Issuer(s).

Identify the accrediting organisations.

  1. List which issuers must be accredited to be eligible to issue Verifiable Credentials in Section 2 Template #3.
  2. List the accrediting organisations in Template: Accrediting Organisations
  3. List the accreditation frameworks in Template: Accrediting Organisations

Section 2 Template #3

Accrediting OrganisationAccreditation for VC (list a VC)Related legislation/regulation
Hands on!

4 - Put it all together

Identify the actors and map out the relationship between the different actors, their roles and their relationships by filling out Section 2 Template #4.

Hands on!

Collect information about the legal entities involved. Please do so by filling in Section 2 Template #5 for every actor part of your trust chain.

S2 Template #5

PropertyDescriptionValue
idREQUIRED. Defines unique identifier of the credential subject.
legalPersonalIdentifierOPTIONAL. National/Legal Identifier of Credential Subject (constructed by the sending Member State in accordance with the technical specifications for the purposes of cross-border identification and which is as persistent as possible in time).
legalNameREQUIRED. Official legal name of Credential Subject.
legalAddressOPTIONAL. Official legal address of Credential Subject.
VATRegistrationOPTIONAL. VAT number of Credential Subject.
taxReferenceOPTIONAL. Official tax reference number of Credential Subject.
LEIOPTIONAL. Official legal entity identifier (LEI) of Credential Subject (referred to in Commission Implementing Regulation (EU) No 1247/2012).
EORIOPTIONAL. Economic Operator Registration and Identification (EORI) of Credential Subject (referred to in Commission Implementing Regulation (EU) No 1352/2013).
SEEDOPTIONAL. System for Exchange of Excise Data (SEED) of Credential Subject (i.e. excise number provided in Article 2(12) of Council Regulation (EC) No 389/2012).
SICOPTIONAL. Standard Industrial Classification (SIC) of Credential Subject (Article 3(1) of Directive 2009/101/EC of the European Parliament and of the Council.)
domainNameREQUIRED. Domain name of Credential Subject.

Congratulations! You have now identified all actors part of your use case and mapped out their roles and relationships. Defined the rules and policies of your use case and their legal identities.

Now that you have defined and designed the Trust Chain for your solution, it is time to Create your Data Model.