GITBOOK-322: Update Trust Registries

SUMMARY.md

@@ -43,9 +43,12 @@
   * [Create Verifier pays Issuer flow](studio/payments/verifier-pays-issuer.md)
   * [Bulk Update or Rotate Encryption Keys](studio/payments/update.md)
 * [🤝 Build Trust Registries](studio/trust-registries/README.md)
-  * [Verifiable Accreditation Trust Chain Model](studio/trust-registries/verifiable-accreditation-trust-chain-model.md)
+  * [Verifiable Accreditation Trust Chain Model](studio/trust-registries/verifiable-accreditation-trust-chain-model/README.md)
+    * [RTAO -> TAO](studio/trust-registries/verifiable-accreditation-trust-chain-model/rtao-greater-than-tao.md)
+    * [TAO -> SubTAO](studio/trust-registries/verifiable-accreditation-trust-chain-model/tao-greater-than-subtao.md)
+    * [TAO -> TI](studio/trust-registries/verifiable-accreditation-trust-chain-model/tao-greater-than-ti.md)
+    * [Referencing Trust Registry within a Verifiable Credential](studio/trust-registries/verifiable-accreditation-trust-chain-model/referencing.md)
   * [Create Verifiable Accreditation](studio/trust-registries/create-accreditation.md)
-  * [Referencing Trust Registry within a Verifiable Credential](studio/trust-registries/referencing.md)
 * [🎋 Create Status Lists](studio/status-lists/README.md)
   * [Status List v2021](studio/status-lists/status-list-v2021/README.md)
     * [Create Status List v2021](studio/status-lists/status-list-v2021/create-status-list.md)

studio/trust-registries/README.md

@@ -14,7 +14,7 @@ cheqd supports multiple Trust Registry Data Models, using its flexible DID and D
 
 Learn about a data model below:
 
-<table data-card-size="large" data-view="cards"><thead><tr><th></th><th></th><th></th><th data-hidden data-card-cover data-type="files"></th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td><mark style="color:blue;"><strong>Verifiable Accreditation Trust Chain Model</strong></mark></td><td>Build our Trust Registry solution using DIDs and DID-Linked Resources based on the EBSI Trust Chain model.</td><td></td><td><a href="../../.gitbook/assets/cheqd_logo_card.jpg">cheqd_logo_card.jpg</a></td><td><a href="verifiable-accreditation-trust-chain-model.md">verifiable-accreditation-trust-chain-model.md</a></td></tr><tr><td><mark style="color:blue;"><strong>OpenID Federation on cheqd</strong></mark></td><td>Deploy an OpenID Federation ecosystem on cheqd, using DIDs and DID-Linked Resources for Entity IDs and Entity Statements.</td><td><strong>Contact us</strong></td><td><a href="../../.gitbook/assets/OpenIDforWebsite.png">OpenIDforWebsite.png</a></td><td><a href="https://cheqd.io/contact/">https://cheqd.io/contact/</a></td></tr></tbody></table>
+<table data-card-size="large" data-view="cards"><thead><tr><th></th><th></th><th></th><th data-hidden data-card-cover data-type="files"></th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td><mark style="color:blue;"><strong>Verifiable Accreditation Trust Chain Model</strong></mark></td><td>Build our Trust Registry solution using DIDs and DID-Linked Resources based on the EBSI Trust Chain model.</td><td></td><td><a href="../../.gitbook/assets/cheqd_logo_card.jpg">cheqd_logo_card.jpg</a></td><td><a href="verifiable-accreditation-trust-chain-model/">verifiable-accreditation-trust-chain-model</a></td></tr><tr><td><mark style="color:blue;"><strong>OpenID Federation on cheqd</strong></mark></td><td>Deploy an OpenID Federation ecosystem on cheqd, using DIDs and DID-Linked Resources for Entity IDs and Entity Statements.</td><td><strong>Contact us</strong></td><td><a href="../../.gitbook/assets/OpenIDforWebsite.png">OpenIDforWebsite.png</a></td><td><a href="https://cheqd.io/contact/">https://cheqd.io/contact/</a></td></tr></tbody></table>
 
 ## Get started
 

studio/trust-registries/verifiable-accreditation-trust-chain-model.md → studio/trust-registries/verifiable-accreditation-trust-chain-model/README.md

@@ -28,7 +28,7 @@ To solve this industry-wide challenge, cheqd introduces a **Verifiable Trust Inf
 
 The Trust Infrastructure Model also includes **permissions and policies** set via "**Verifiable Accreditations**" and an overall "**Governance Framework**". Herein, permissions govern the scope of , while policies are used to define who made the accreditation; which Trust Framework is followed; and, the legal basis of the credential. 
 
-cheqd Trust Infrastructure users **make the whole Verifiable Trust Model publicly available by registering it as a collection of** [**DID-Linked Resources**](../../architecture/adr-list/adr-002-did-linked-resources.md) on cheqd. cheqd's Trust Infrastructure therefore enables verifiers to automatically resolve and establish trust in hierarchies of trust without needing to know each organisation directly, using industry-standard resolution mechanisms defined in the W3C DID-Core and the DID Resolution Spec.
+cheqd Trust Infrastructure users **make the whole Verifiable Trust Model publicly available by registering it as a collection of** [**DID-Linked Resources**](../../../architecture/adr-list/adr-002-did-linked-resources.md) on cheqd. cheqd's Trust Infrastructure therefore enables verifiers to automatically resolve and establish trust in hierarchies of trust without needing to know each organisation directly, using industry-standard resolution mechanisms defined in the W3C DID-Core and the DID Resolution Spec.
 
 ## Glossary[​](https://hub.ebsi.eu/vc-framework/trust-model/issuer-trust-model-v3#glossary) <a href="#glossary" id="glossary"></a>
 
@@ -69,6 +69,8 @@ The **Root TAO** is the owner of a **Trust Chain**, responsible for the **govern
 
 The RTAO permission is defined by `VerifiableAuthorisationForTrustChain`, and the policies are contained in `termsOfUse` as `TrustFrameworkPolicy`.
 
+<table data-card-size="large" data-view="cards"><thead><tr><th></th><th></th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td><mark style="color:blue;"><strong>RTAO -> TAO</strong></mark></td><td>Learn about how Root TAOs can accredit other TAOs in the trust ecosystem with permissions and Trust Framework Policies.</td><td><a href="rtao-greater-than-tao.md">rtao-greater-than-tao.md</a></td></tr></tbody></table>
+
 ### **Trusted Accreditation Organisation (TAO)**[**​**](https://hub.ebsi.eu/vc-framework/trust-model/issuer-trust-model-v4#trusted-accreditation-organisation-tao)
 
 A TAO governs an accredited segment on behalf of the RTAO. It may:
@@ -80,6 +82,8 @@ A TAO governs an accredited segment on behalf of the RTAO. It may:
 
 The TAO permission is defined by `VerifiableAccreditationToAccredit`, and the policies are contained in `termsOfUse` as `AccreditationPolicy`.
 
+<table data-card-size="large" data-view="cards"><thead><tr><th></th><th></th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td><mark style="color:blue;"><strong>TAO -> SubTAO</strong></mark></td><td>Learn about how TAOs can accredit other SubTAOs in the trust ecosystem with permissions and Accreditation Policies.</td><td><a href="tao-greater-than-subtao.md">tao-greater-than-subtao.md</a></td></tr><tr><td><mark style="color:blue;"><strong>TAO - TI</strong></mark></td><td>Learn about how TAOs can accredit Trusted Issuers to issue credentials within the trust ecosystem, using permissions and Accreditation Policies.</td><td><a href="tao-greater-than-ti.md">tao-greater-than-ti.md</a></td></tr></tbody></table>
+
 ### **Trusted Issuer (TI)**[**​**](https://hub.ebsi.eu/vc-framework/trust-model/issuer-trust-model-v4#trusted-issuer-ti)
 
 A Trusted Issuer represents the Issuer in a Trust Chain. It may issue domain-specific Verifiable Credential types defined by the received accreditation.&#x20;
@@ -90,13 +94,15 @@ Note that issuers may issue Verifiable Credentials outside the Trust Chain, but
 
 The TI permission is defined by `VerifiableAccreditationToAttest`, and the policies are contained in `termsOfUse` as `AccreditationPolicy`. When the Trusted Issuer is using their accreditation to issue a domain-specific VC, the issued domain VC must contain a `termsOfUse` property with `AttestationPolicy` type, which links to the Trusted Issuer's accreditation and into Root TAO's accreditation, where both are located in TIR.
 
+<table data-card-size="large" data-view="cards"><thead><tr><th></th><th></th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td><mark style="color:blue;"><strong>Referencing Trust Registry within a Verifiable Credential</strong></mark></td><td>Learn how a Trusted Issuer can reference a Trust Registry in an issued credential, enabling a relying party to traverse the Trust Chain.</td><td><a href="referencing.md">referencing.md</a></td></tr></tbody></table>
+
 ## Policies Overview[​](https://hub.ebsi.eu/vc-framework/trust-model/issuer-trust-model-v4#policies-overview) <a href="#policies-overview" id="policies-overview"></a>
 
 The **Governance Framework Policy** is a document, written by a **Governance Authority**,  that defines requirements that must be met for the Trust Ecosystem. These requirements may include security, legal, operational, or functional requirements and may relate to regulation, directives, national policy, or similar documents.
 
 All Trust Model policies are located in the `termsOfUse` property of the corresponding  Accreditation or credential that contains the permissions related to the policy.
 
-<figure><img src="../../.gitbook/assets/image.png" alt="" width="375"><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image.png" alt="" width="375"><figcaption></figcaption></figure>
 
 ### Trust Types[​](https://hub.ebsi.eu/vc-framework/trust-model/issuer-trust-model-v3#concepts) <a href="#glossary" id="glossary"></a>
 
@@ -116,7 +122,7 @@ End Users (legal entities or natural persons) can accumulate multiple Verifiable
 
 The following diagram show how a Root TAO accredits two TAOs lower in the hierarchy:
 
-<figure><img src="../../.gitbook/assets/Trust Chain Model.png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/Trust Chain Model.png" alt=""><figcaption></figcaption></figure>
 
 where:
 

studio/trust-registries/referencing.md → studio/trust-registries/verifiable-accreditation-trust-chain-model/referencing.md

@@ -23,7 +23,8 @@ Within the body of the Verifiable Credential, issuers will need to configure the
     "type": "AccreditationPolicy",
     "parentAccreditation": "did:cheqd:testnet:c2f18b6b-32e2-48d1-a5a8-5f5d2d9798f0/resources/58c01595-f884-4a3b-add4-8c691e16b8ee",
     "rootAuthorisation": "did:cheqd:testnet:c2f18b6b-32e2-48d1-a5a8-5f5d2d9798f0/resources/58c01595-f884-4a3b-add4-8c691e16b8ee",
-    "trustFramework": "cheqd Governance Framework"
+    "trustFramework": "cheqd Governance Framework",
+    "trustFrameworkId": "https://learn.cheqd.io/governance/start"
   }
 }
 ```

studio/trust-registries/verifiable-accreditation-trust-chain-model/rtao-greater-than-tao.md

@@ -0,0 +1,64 @@
+# RTAO -> TAO
+
+As a Root of Trust (RTAO) entity, it is possible to accredit Trusted Accreditation Organisations to issue Verifiable Accreditations or Verifiable Attestations.
+
+The Verifiable Accreditation should include:
+
+| Field              | Description                                                                                                         | Example                                                |
+| ------------------ | ------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ |
+| Issuer             | DID of the Root of Trust (RTAO)                                                                                     | did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c |
+| Subject            | DID of the TAO that is being accredited                                                                             | did:cheqd:testnet:a2b675de-33d0-4044-8183-0d74f210cceb |
+| Credential Subject | A set of structured permissions around what credentials the TAO is accredited to issue, and in which jurisdiction.  | See below                                              |
+| Terms of use       | A set of policies setting out the Governance Framework for the ecosystem                                            | See below                                              |
+
+## Permissions
+
+Root TAOs can set permissions under which TAOs must abide. This creates a level of codified governance for the trust ecosystem.
+
+```json
+"credentialSubject": {
+    "id": "did:cheqd:testnet:a2b675de-33d0-4044-8183-0d74f210cceb",
+    "accreditedFor": [
+      {
+        "schemaId": "did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c/resources/b10146d7-0d0f-41e0-8ee3-c76db64890be",
+        "types": [
+          "VerifiableCredential",
+          "VerifiableAccreditation",
+          "VerifiableAttestation",
+          "VerifiableAccreditationToAccredit"
+        ],
+        "limitJurisdiction": "https://publications.europa.eu/resource/authority/atu/FIN"
+      }
+    ]
+  },
+
+```
+
+Whereby:
+
+| Field             | Description                                                                                                   |
+| ----------------- | ------------------------------------------------------------------------------------------------------------- |
+| schemaId          | Schema of the Verifiable Accreditation that the TAO is accredited to issue themselves                         |
+| types             | Types of Credential that the TAO is accredited to issue                                                       |
+| limitJurisdiction | Permission that the RTAO can set to limit the jurisdictional scope of the credentials issued in the ecosystem |
+
+## Policies
+
+The Root TAO can also set polices known as the `TrustFrameworkPolicy` within the `termsOfUse` section of the Verifiable Accreditation.
+
+```json
+"termsOfUse": {
+    "type": "TrustFrameworkPolicy",
+    "trustFramework": "Name of the Ecosystem Governance Framework (GF)",
+    "trustFrameworkId": "https://example.com/governance-framework/125"
+  },
+
+```
+
+Whereby:
+
+| Field            | Description                                                     |
+| ---------------- | --------------------------------------------------------------- |
+| type             | Must be `TrustFrameworkPolicy`                                  |
+| trustFramework   | Name of Governance Framework set by the Governance Authority    |
+| trustFrameworkId | URL linking to where the written Governance Framework is stored |

studio/trust-registries/verifiable-accreditation-trust-chain-model/tao-greater-than-subtao.md

@@ -0,0 +1,69 @@
+# TAO -> SubTAO
+
+As a Trusted Accreditation Organisation (TAO), it is possible to accredit Sub-Trusted Accreditation Organisations (SubTAOs) to issue Verifiable Accreditations or Verifiable Attestations.
+
+The Verifiable Accreditation should include:
+
+| Field              | Description                                                                                                            | Example                                                |
+| ------------------ | ---------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ |
+| Issuer             | DID of the TAO                                                                                                         | did:cheqd:testnet:a2b675de-33d0-4044-8183-0d74f210cceb |
+| Subject            | DID of the SubTAO that is being accredited                                                                             | did:cheqd:testnet:e66a9416-d03e-4ced-95e3-07af16e25bc5 |
+| Credential Subject | A set of structured permissions around what credentials the SubTAO is accredited to issue, and in which jurisdiction.  | See below                                              |
+| Terms of use       | A set of policies setting out the scope of Trust Chain for Relying parties to validate against.                        | See below                                              |
+
+## Permissions
+
+Root TAOs can set permissions under which TAOs must abide. This creates a level of codified governance for the trust ecosystem.
+
+```json
+"credentialSubject": {
+    "id": "did:cheqd:testnet:e66a9416-d03e-4ced-95e3-07af16e25bc5",
+    "accreditedFor": [
+      {
+        "schemaId": "did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c/resources/b10146d7-0d0f-41e0-8ee3-c76db64890be",
+        "types": [
+          "VerifiableCredential",
+          "VerifiableAccreditation",
+          "VerifiableAttestation",
+          "VerifiableAccreditationToAccredit"
+        ],
+        "limitJurisdiction": "https://publications.europa.eu/resource/authority/atu/FIN"
+      }
+    ]
+  },
+
+```
+
+Whereby:
+
+| Field             | Description                                                                                                  |
+| ----------------- | ------------------------------------------------------------------------------------------------------------ |
+| schemaId          | Schema of the Verifiable Accreditation that the SubTAO is accredited to issue themselves                     |
+| types             | Types of Credential that the SubTAO is accredited to issue                                                   |
+| limitJurisdiction | Permission that the TAO can set to limit the jurisdictional scope of the credentials issued in the ecosystem |
+
+## Policies
+
+The Root TAO can also set polices known as the `AccreditationPolicy` within the `termsOfUse` section of the Verifiable Accreditation.
+
+```json
+"termsOfUse": {
+    "type": "AccreditationPolicy",
+    "parentAccreditation": "did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c/resources/18de60ec-bed1-42e5-980c-601c432bc60b",
+    "rootAuthorisation": "did:cheqd:testnet:8ea036da-f340-480d-8952-f5561ea1763c/resources/18de60ec-bed1-42e5-980c-601c432bc60b",
+    "trustFramework": "Name of the Governance Framework (GF)",
+    "trustFrameworkId": "https://example.com/governance-framework/124"
+  }
+
+```
+
+Whereby:
+
+| Field               | Description                                                                       |
+| ------------------- | --------------------------------------------------------------------------------- |
+| type                | Must be `AccreditationPolicy`                                                     |
+| parentAccreditation | The DID URL of the Accreditation issued by another TAO or the Root TAO to the TAO |
+| rootAuthoroisation  | The DID URL of the Root of Trust Verifiable Authorsation                          |
+| trustFramework      | Name of Governance Framework set by the Governance Authority                      |
+| trustFrameworkId    | URL linking to where the written Governance Framework is stored                   |
+