§ Verifiable Public Registry v1 Specification

Specification Status: Approved

Latest Draft: verana-labs/verifiable-trust-vpr-spec

Editors:
Fabrice Rochette (The Verana Foundation, 2060.io)
Participate:

GitHub repo

File a bug

Commit history

§ Abstract

The internet is broken. Existing communication channels are insecure and outdated. Because they rely on public identifiers — like email addresses, usernames, or phone numbers — anyone who knows your identifier can reach you, whether you invited them or not.

Worse, there’s no reliable way to verify the identity of either service providers or users. This leaves the door wide open to spam, phishing, fraud, and identity theft.

On the service side, each provider imposes its own fragmented registration process, often with complex password requirements or forced reliance on federated login systems—effectively handing control over to large third-party platforms.

Although the World Wide Web was originally built for openness and interoperability, dominant players have reshaped it into a closed, centralized system that most people and organizations now depend on. Privacy has become an afterthought, and personal data is routinely harvested, exploited, or leaked.

To rebuild a trustworthy internet, we need new communication channels — channels that are secure by design, based on mutual verification, and governed by decentralized trust.

Connecting to a service, proving who you are, or creating an account should be as simple and safe as presenting a verifiable credential.

A universal, open trust layer is essential for this vision to succeed.

That’s the purpose of Verifiable Trust. The concept of Verifiable Trust is specified in the Verifiable Trust spec.

This specification deals with the Verifiable Public Registry (VPR), part of the Verifiable Trust concept.

§ About this Document

In order to fully understand the concepts developed in this document, you should have some basic knowledge of DID, DIDComm, VS, trust registry, ledger-based applications, and more generally, all terms present in the Terminology section.

§ Introduction

§ What is a Trust Registry?

This section is non-normative.

A trust registry, or verifiable data registry, is an approved list of issuers and verifiers that are authorized to issue/verify certain credentials in an ecosystem.

A trust registry typically expose APIs that are consumed by services that would like to query its database, and take decisions based on the returned result:

§ What is a Verifiable Public Registry?

This section is non-normative.

A Verifiable Public Registry (VPR) is a public “registry of trust registries” service, which provides:

§ Conformance

As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative. The key words MAY, MUST, MUST NOT, OPTIONAL, RECOMMENDED, REQUIRED, SHOULD, and SHOULD NOT in this document are to be interpreted as described in BCP 14 RFC2119 RFC8174 when, and only when, they appear in all capitals, as shown here.

§ Terminology

account:
A verifiable public registry account. An account has one or more controller, that can be a user, groups…
applicant:
A controller that starts a validation process.
controller:
An account which is the controller of a specific resource in an VPR.
credential schema:
An VPR resource which represents a verifiable credential definition and the associated permissions and business rules for issuing, verifying or holding a credential linked to this credential schema.
credential schema permission:
A permission, linked to a credential schema, that represent a grant for being issuer, verifier, issuer grantor, or verifier grantor of a credential schema.
decentralized identifier:
A decentralized identifier, as specified in [DID-CORE].
decentralized identifier communication:
DIDComm uses DIDs to establish confidential, ongoing connections.
decentralized identifier document:
A DID Document, as specified in [DID-CORE].
verifiable public registry:
a public, normally decentralized, ledger-based network, which provides: trust registry features, that can be used by all its participants: create trust registries, for each trust registry, define its credential schemas, who can issue, verify credential of a specific credential schema,… and a tokenized business model for charging/rewarding participants.
verifiable service:
A service, identified by a resolvable DID that can be deployed anywhere by its owner, and that is conforming to this spec and has a resolvable proof of trust. See DT Spec.
verifiable user agent:
A user agent for accessing and using VSs. To be considered a VUA, a user agent must conform and enforce this spec, such as presenting a proof of trust to end user before accepting connecting to VS compliant services, and refuse connecting to not compliant services. See DT Spec.
Verifiable Trust Specification:
see DT Spec.
denom:
Native token of a VPR, example: VNA.
DID Directory:
A repository of DIDs in an VPR.
entity:
An account, a group, or the governance authority.
essential credential schema:
Default credential schema, created at genesis of an VPR, that provide the basis for a trust layer to exist in the ecosystem so that VUA can generate a proof of trust.
estimated transaction fees:
Estimated fees required, in denom, that is passed when execute a transaction in an VPR. Usually, a estimated transaction fees are always slightly greater than transaction fees, to make sure the execution of the transaction will not be aborted for an out-of-gas situation. Unused gas is refunded to account.
governance framework:
The governance framework (GF) of a VPR.
governance authority:
The governance authority (GA) of a VPR.
group:
A group.
holder:
A role an entity might perform by possessing one or more verifiable credentials and generating verifiable presentations from them. A holder is often, but not always, a subject of the verifiable credentials they are holding. Holders store their credentials in credential repositories. Example holders include organizations, persons, things.
issuer:
A role an entity can perform by asserting claims about one or more subjects, creating a verifiable credential from these claims, and transmitting the verifiable credential to a holder. Example issuers include corporations, non-profit organizations, trade associations, governments, and individuals.
issuer grantor:
A role an entity can perform in a credential schema by adding or revoking issuers.
json schema
a Json Schema, as specified in https://json-schema.org/specification.
keeper:
A storage map(key, value) in the ledger of an VPR.
linked-vp:
A presentation of a verifiable credential as specified in LINKED-VP.
participant:
An entity that uses an VPR and its trust layer to provide or use services.
proof of trust:
Visual representation using essential credential schemas of a trust resolution process of a VS, for identifying the VS, its owner, and the issuer of the verifiable credential of its owner.
query:
A read-only action that perform some reading in an VPR and returns value.
subject:
A thing about which claims are made. Example subjects include human beings, animals, things, and organization, a DID
transaction:
An action that modifies the ledger of an VPR and which execution requires transaction fees.
transaction fees:
Fees required, in denom, to execute a transaction in an VPR.
trust deposit:
A financial deposit that is used as a trust guarantee. For a given controller, its trust deposit is increased when running validation process (either as an applicant or as a validator), or when registering DID in the DID directory.
trust fees:
Fees paid by an applicant when running a validation process and/or when registering DID in the DID directory.
trust registry governance framework:
The ecosystem governance framework (EGF) of a Trust Registry.
trust unit:
Price, in denom, of one unit of trust.
trust registry
An approved list of issuers and verifiers that are authorized to issue/verify certain credentials in an ecosystem.
trust resolution:
Process run by, for example a VUA or a VS, which purpose is to recursively resolve DID by digging into DID Documents and look for linked-vp entries and their issuer DIDs, and trust-registry entries to gather whether the service provided by the DID is trustable (and legitimate), or not.
URI
An Universal Resource Identifier, as specified in rfc3986.
valid permission:
For a given country code, a credential schema permission of a given type, which (country attribute is null or equals to the given country code), and effective_from timestamp is lower than current timestamp, and (effective_until timestamp is null or greater than current timestamp), and revoked is null and terminated is null.
validation process:
A process run by applicants that want to, for a specific credential schema, be a issuer, be a verifier, or simply hold a verifiable credential linked to the credential schema.
validator:
A role an entity performs by participating in validation processes with applicants in order to register them as issuer, or verifier of a credential schema, or to deliver a verifiable credential to them.
verifier:
A role an entity performs by receiving one or more verifiable credentials, optionally inside a verifiable presentation for processing. Example verifiers include service providers.
verifier grantor:
A role an entity can perform in a credential schema by adding or revoking verifiers.
verifiable credential:
A verifiable credential as defined in [VC-DATA-MODEL].

§ Naming Conventions

§ In this spec

§ In Implementations

§ High Level VPR Features

§ Trust Registry Management

This section is non-normative.

In an VPR, any account can create (and become the controller of) a TrustRegistry entry that represents a trust registry. TrustRegistry entry includes human readable trust registry governance framework that defines the ecosystem rules that will be enforced by using the VPR features.

§ Credential Schema, Permissions, and Validation process

This section is non-normative.

Owner of a TrustRegistry entry can create credential schema(s).

A credential schema contain information, such as the json schema that issued credentials of this schema must conform to, and sets of permissions for controlling the use of the credential schema.

More specifically, controller can configure, for a credential schema:

For being an issuer, issuer grantor, verifier, or verifier grantor, it is needed to have an account in the VPR and run a validation process. A validation process is run between an applicant (the one that would like to obtain a permission for a given schema) and a validator (the one that has granted permission(s) for validating applicants and create them permissions). Running a validation process usually involve the payment of fees.

§ Issuers

This section is non-normative.

Let’s dig into the possible cases for an applicant that wishes to become an issuer of a credential schema. Here are some credential schema configuration modes that can be set by the controller of the schema, to define the rules for being an issuer:

§ Verifiers

This section is non-normative.

Similar to issuer: Here are some credential schema configuration modes that can be set by the controller of the schema, to define the rules for being an verifier:

§ Issuer Grantors

This section is non-normative.

Based on the issuer configuration mode of the credential schema, issuer grantors are needed or not:

§ Verifier Grantors

This section is non-normative.

Based on the verifier configuration mode of the credential schema, issuer grantors are needed or not:

§ Holders

This section is non-normative.

To get issued a verifiable credential from a given schema, it is usually not needed to have an account, because the finality of the operation is the delivery of a credential, not the creation of a permission in the VPR. However, if the issuer would like to charge the holder for issuing the credential to it, an account is needed.

§ Examples

Example with GRANTOR_VALIDATION mode for both issuer and verifier participants:

uml diagram

Example of a candidate issuer (applicant) that would like to be granted an ISSUER permission by a validator that has a ISSUER_GRANTOR permission:

uml diagram

§ DID Directory Management

This section is non-normative.

The DID directory is a public database of DID that can be used by crawlers to index the metadata of the VS provided by these DID.

Search engines simply need to iterate over the DID Directory and index VSs based on VS metadata (DID Document, presented credentials,…) For example, the DID directory is essential to Verifiable User Agents (VUAs), such as social browsers, cdn browsers,… but can although be used by a general classic form-based search engine that would return simple link(s) for accessing VSs.

Any participant can register a DID in the DID directory by passing some trust fees and/or trust deposit .

uml diagram

§ Business models

§ Trust Deposit

This section is non-normative.

In a VPR, each participant account has a corresponding trust deposit.

This trust deposit is automatically funded when executing transactions that involve trust: creation of entities such as trust registries, credential schemas, did in did directory; fees transferred from one participant to other participant(s) for the execution of a service, presentation or issuance of a credential…

Fundamentally, the trust deposit enables the so called “Proof-of-Trust” (PoT) feature of the VPR:

§ Entity creation

This section is non-normative.

The following network fees are not directly sent to a specific participant but are distributed using the normal distribution principle of a VPR.

Creating an instance of one of the following entities implies paying network fees and sending funds to the trust deposit:

Other operations that just imply paying network fees:

§ Pay per execution of the validation process

This section is non-normative.

The validation fees are partially sent to specific participant(s), the remaining fees are sent to trust deposits or treated as normal network fees and distributed using the normal distribution principle of a VPR.

Payee → Payer ↓ Trust Registry Issuer Grantor Verifier Grantor Issuer Verifier Holder
Issuer Grantor renewable subscription (1)
Verifier Grantor renewable subscription (2)
Issuer renewable subscription (3) renewable subscription (1)
Verifier renewable subscription (4) renewable subscription (2)
Holder renewable subscription

§ Pay per issued credential

This section is non-normative.

The Pay per issued credential fees are partially sent to specific participant(s), the rest is sent to trust deposits or distributed using the normal distribution principle of a VPR.

Example:

uml diagram

§ Pay per verified credential

This section is non-normative.

The Pay per issued credential fees are partially sent to specific participant(s), the rest is sent to trust deposits or distributed using the normal distribution principle of a VPR.

Example:

uml diagram

§ Governance of a VPR

This section is non-normative.

A governance framework must define the governance rules of an VPR. A governance authority will ensure the application of the governance framework rules and if necessary apply some financial sanctions.

§ Data model

For simplicity, data model is presented using a object relational model, which would not be always optimal depending on implementation choices, that may require organizing data differently. It’s the role of implementors to adapt the data model so it will be suitable for a given implementation (for example, a keymap-like based storage would be probably a better choice for a ledger-based implementation).

uml diagram

§ TrustRegistry

TrustRegistry:

§ GovernanceFrameworkVersion

GovernanceFrameworkVersion:

§ GovernanceFrameworkDocument

GovernanceFrameworkDocument

§ CredentialSchema

CredentialSchema:

General Info:

§ Permission

Permission:

§ PermissionSession

PermissionSession:

§ DIDDirectory

DidDirectory:

§ TrustDeposit

TrustDeposit:

§ GlobalVariables

GlobalVariables:

Trust Unit:

Credential Schema:

Validation:

Trust Registry:

DID Directory:

Trust Deposit:

§ Module Requirements

All VPR modules MUST, at least, provide:

Note about Query REST API:

Examples:

Get a Trust Registry

"trust_registry": {
  {
    "active_version": 0,
    "aka": "string",
    "controller": "string",
    "created": "2025-01-14T19:40:37.967Z",
    "deposit": "string",
    "did": "string",
    "id": "string",
    "language": "string",
    "modified": "2025-01-14T19:40:37.967Z",
    "versions": [
      {
        "active_since": "2025-01-14T19:40:37.967Z",
        "created": "2025-01-14T19:40:37.967Z",
        "id": "string",
        "tr_id": "string",
        "version": 0,
        "documents": [
          {
            "created": "2025-01-14T19:40:37.967Z",
            "gfv_id": "string",
            "digest_sri": "string",
            "id": "string",
            "language": "string",
            "url": "string"
          }
        ]
      }
    ]  
  }

"trustRegistries": [ {
  {
    "active_version": 0,
    "aka": "string",
    "controller": "string",
    "created": "2025-01-14T19:40:37.967Z",
    "deposit": "string",
    "did": "string",
    "id": "string",
    "language": "string",
    "modified": "2025-01-14T19:40:37.967Z",
    "versions": [
      {
        "active_since": "2025-01-14T19:40:37.967Z",
        "created": "2025-01-14T19:40:37.967Z",
        "id": "string",
        "tr_id": "string",
        "version": 0,
        "documents": [
          {
            "created": "2025-01-14T19:40:37.967Z",
            "gfv_id": "string",
            "digest_sri": "string",
            "id": "string",
            "language": "string",
            "url": "string"
          }
        ]
      }
    ]  
  }, {
    "active_version": 0,
    "aka": "string",
    "controller": "string",
    "created": "2025-01-14T19:40:37.967Z",
    "deposit": "string",
    "did": "string",
    "id": "string",
    "language": "string",
    "modified": "2025-01-14T19:40:37.967Z",
    "versions": [
      {
        "active_since": "2025-01-14T19:40:37.967Z",
        "created": "2025-01-14T19:40:37.967Z",
        "id": "string",
        "tr_id": "string",
        "version": 0,
        "documents": [
          {
            "created": "2025-01-14T19:40:37.967Z",
            "gfv_id": "string",
            "digest_sri": "string",
            "id": "string",
            "language": "string",
            "url": "string"
          }
        ],
      }
    ]  
  }
]
WARNING

For Msg methods, all precondition checks MUST be verified first for accepting the Msg, and MUST be verified again upon method execution

A VPR implementation MUST implement all the following requirements.

NOTE

The relative REST path is the path suffix. Implementer can set any prefix, like http://1.2.3.4/verana/tr/v1/get.

Module Method Name Relative REST API path Type Requirements
Trust Registry Create a Trust Registry Msg [MOD-TR-MSG-1]
Add Governance Framework Document Msg [MOD-TR-MSG-2]
Increase Active Version Msg [MOD-TR-MSG-3]
Update Trust Registry Msg [MOD-TR-MSG-4]
Archive Trust Registry Msg [MOD-TR-MSG-5]
Update TR Module Parameters Msg [MOD-TR-MSG-6]
Get Trust Registry /tr/v1/get Query [MOD-TR-QRY-1]
List Trust Registries /tr/v1/list Query [MOD-TR-QRY-2]
List TR Module Parameters /tr/v1/params Query [MOD-TR-QRY-3]
Credential Schema Create a Credential Schema Msg [MOD-CS-MSG-1]
Update a Credential Schema Msg [MOD-CS-MSG-2]
Archive Credential Schema Msg [MOD-CS-MSG-3]
Update CS Module Parameters Msg [MOD-CS-MSG-4]
List Credential Schemas /cs/v1/list Query [MOD-CS-QRY-1]
Get a Credential Schema /cs/v1/get Query [MOD-CS-QRY-2]
Render Json Schema /cs/v1/js Query [MOD-CS-QRY-3]
List CS Module Parameters /cs/v1/params Query [MOD-TR-QRY-3]
Permission Start Permission VP Msg [MOD-PERM-MSG-1]
Renew a Permission VP Msg [MOD-PERM-MSG-2]
Set Permission VP to Validated Msg [MOD-PERM-MSG-3]
Request Permission VP Termination Msg [MOD-PERM-MSG-4]
Confirm Permission VP Termination Msg [MOD-PERM-MSG-5]
Cancel Permission VP Last Request Msg [MOD-PERM-MSG-6]
Create Root Permission Msg [MOD-PERM-MSG-7]
Extend Permission Msg [MOD-PERM-MSG-8]
Revoke Permission Msg [MOD-PERM-MSG-9]
Create or update Permission Session Msg [MOD-PERM-MSG-10]
Update Permission Module Parameters Msg [MOD-PERM-MSG-11]
List Permissions /perm/v1/list Query [MOD-PERM-QRY-1]
Get a Permission /prem/v1/get Query [MOD-PERM-QRY-2]
Find Permissions With DID /perm/v1/find_with_did Query [MOD-PERM-QRY-3]
Find Beneficiaries /perm/v1/beneficiaries Query [MOD-PERM-QRY-4]
Get Permission Session /perm/v1/get_session Query [MOD-PERM-QRY-5]
List Permission Module Parameters Query [MOD-PERM-QRY-6]
List Permission Sessions Query [MOD-PERM-QRY-7]
DID Directory Add a DID Msg [MOD-DD-MSG-1]
Renew a DID Msg [MOD-DD-MSG-2]
Remove a DID Msg [MOD-DD-MSG-3]
Touch a DID Msg [MOD-DD-MSG-4]
Update TD Module Parameters Msg [MOD-DD-MSG-5]
List DIDs /dd/v1/list Query [MOD-DD-QRY-1]
Get a DID /dd/v1/get Query [MOD-DD-QRY-2]
List DD Module Parameters /dd/v1/params Query [MOD-DD-QRY-3]
Trust Deposit Adjust Trust Deposit Msg [MOD-TD-MSG-1]
Reclaim Trust Deposit Interests Msg [MOD-TD-MSG-2]
Reclaim Trust Deposit Msg [MOD-TD-MSG-3]
Update TD Module Parameters Msg [MOD-TD-MSG-4]
Get Trust Deposit /td/v1/get Query [MOD-TD-QRY-1]
List TD Module Parameters /td/v1/params Query [MOD-TD-QRY-2]
NOTE

Any method failure in the precondition/basic checks SHOULD lead to a CLI ERROR / HTTP BAD REQUEST error with a human readable message giving a clue of the reason why method failed.

§ Trust Registry Module

§ [MOD-TR-MSG-1] Create New Trust Registry

Any account CAN execute this method.

§ [MOD-TR-MSG-1-1] Create New Trust Registry parameters

An account that would like to create a trust registry MUST call this method by specifying:

Provided document must be of the same language that the primary language of the trust registry.

§ [MOD-TR-MSG-1-2] Create New Trust Registry precondition checks

If any of these precondition checks fail, method MUST abort.

§ [MOD-TR-MSG-1-2-1] Create New Trust Registry basic checks
NOTE

It is not a problem if several Trust Registries are created with the same did. Identifier of a Trust Registry is its id, and the Verifiable Trust Spec includes the id of the Trust Registry in the DID Document. DID unique constraint is then not needed.

§ [MOD-TR-MSG-1-2-2] Create New Trust Registry fee checks

Applicant MUST have an available balance in its account, to cover the following:

NOTE

Trust Registry trust deposit is not reclaimable.

§ [MOD-TR-MSG-1-3] Create New Trust Registry execution

If all precondition checks passed, method is executed.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

§ [MOD-TR-MSG-2] Add Governance Framework Document

Any account CAN execute this method.

§ [MOD-TR-MSG-2-1] Add Governance Framework Document parameters

An account that would like to add a governance framework document MUST call this method by specifying:

If for a given language, a document already exists, the execution of this transaction would replace the corresponding entry. Else, a new entry is created.

§ [MOD-TR-MSG-2-2] Add Governance Framework Document precondition checks

If any of these precondition checks fail, method MUST abort.

§ [MOD-TR-MSG-2-2-1] Add Governance Framework Document basic checks
§ [MOD-TR-MSG-2-2-2] Add Governance Framework Document fee checks

Account MUST have the required estimated transaction fees in its account.

§ [MOD-TR-MSG-2-3] Add Governance Framework Document execution

If all precondition checks passed, method is executed.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

load GovernanceFrameworkVersion entry gfv for the requested version, or create a new GovernanceFrameworkVersion gfv if required:

§ [MOD-TR-MSG-3] Increase Active Governance Framework Version

Any account CAN execute this method.

§ [MOD-TR-MSG-3-1] Increase Active Governance Framework Version parameters

An account that would like to add a governance framework document MUST call this method by specifying:

§ [MOD-TR-MSG-3-2] Increase Active Governance Framework Version precondition checks

If any of these precondition checks fail, method MUST abort.

§ [MOD-TR-MSG-3-2-1] Increase Active Governance Framework Version basic checks
§ [MOD-TR-MSG-3-2-2] Increase Active Governance Framework Version fee checks

Account MUST have the required estimated transaction fees in its account.

§ [MOD-TR-MSG-3-3] Increase Active Governance Framework Version execution

If all precondition checks passed, method is executed.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

§ [MOD-TR-MSG-4] Update Trust Registry

Any account CAN execute this method.

§ [MOD-TR-MSG-4-1] Update Trust Registry parameters

An account that would like to update a trust registry MUST call this method by specifying:

§ [MOD-TR-MSG-4-2] Update Trust Registry precondition checks

If any of these precondition checks fail, method MUST abort.

§ [MOD-TR-MSG-4-2-1] Update Trust Registry basic checks
§ [MOD-TR-MSG-4-2-2] Update Trust Registry fee checks

Applicant MUST have an available balance in its account, to cover the required transaction fees.

§ [MOD-TR-MSG-4-3] Update Trust Registry execution

If all precondition checks passed, method is executed.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

§ [MOD-TR-MSG-5] Archive Trust Registry

Any account CAN execute this method.

§ [MOD-TR-MSG-5-1] Archive Trust Registry parameters

An account that would like to archive or unarchive a trust registry MUST call this method by specifying:

§ [MOD-TR-MSG-5-2] Archive Trust Registry precondition checks

If any of these precondition checks fail, method MUST abort.

§ [MOD-TR-MSG-5-2-1] Archive Trust Registry basic checks
§ [MOD-TR-MSG-5-2-2] Archive Trust Registry fee checks

Account MUST have an available balance in its account to cover the required transaction fees.

§ [MOD-TR-MSG-5-3] Archive Trust Registry execution

If all precondition checks passed, method is executed.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

§ [MOD-TR-MSG-6] Update Module Parameters

Update Module Parameters.

Can only be executed through a governance proposal.

§ [MOD-TR-MSG-6-1] Update Module Parameters parameters
§ [MOD-TR-MSG-6-2] Update Module Parameters precondition checks

If any of these precondition checks fail, transaction MUST abort.

§ [MOD-TR-MSG-6-2-1] Update Module Parameters basic checks
§ [MOD-TR-MSG-6-2-2] Update Module Parameters fee checks

provided transaction fees MUST be sufficient for execution

§ [MOD-TR-MSG-6-3] Update Module Parameters execution

If all precondition checks passed, transaction is executed.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

for each parameter param <key, value> in parameters:

§ [MOD-TR-QRY-1] Get Trust Registry

Anyone CAN execute this method.

§ [MOD-TR-QRY-1-1] Get Trust Registry parameters
§ [MOD-TR-QRY-1-2] Get Trust Registry checks
§ [MOD-TR-QRY-1-3] Get Trust Registry execution

return found TrustRegistry entry (if any), as well as all its nested GovernanceFrameworkVersion and GovernanceFrameworkDocument entries. If latest_gf_only is true, return only nested GovernanceFrameworkVersion and GovernanceFrameworkDocument entries for the active version.

§ [MOD-TR-QRY-2] List Trust Registries

This method is used to query the DID Directory keeper. Returned result MUST be ordered by TrustRegistry.modified asc.

§ [MOD-TR-QRY-2-1] List Trust Registries query parameters

The following parameters are optional:

§ [MOD-TR-QRY-2-2] List Trust Registries query checks

If any of these checks fail, query MUST fail.

§ [MOD-TR-QRY-2-3] List Trust Registries execution of the query

If all precondition checks passed, query is executed and result (may be empty) returned. If modified_after is specified, order by modified_after desc.

§ [MOD-TR-QRY-3] List Module Parameters

Anyone CAN run this query.

§ [MOD-TR-QRY-3-2] List Module Parameters parameters
§ [MOD-TR-QRY-3-2] List Module Parameters query checks
§ [MOD-TR-QRY-3-3] List Module Parameters execution of the query

Return the list of the existing parameters and their values.

§ [MOD-TR-QRY-3-4] List Module Parameters API result example
{
  "params": {
    "key1": "value1",
    "key2": "value2",
    ...
    ...
  }
}

§ Credential Schema Module

§ [MOD-CS-MSG-1] Create New Credential Schema

Any account CAN execute this method.

§ [MOD-CS-MSG-1-1] Create New Credential Schema parameters

An account that would like to create a credential schema MUST call this method by specifying:

§ [MOD-CS-MSG-1-2] Create New Credential Schema precondition checks

If any of these precondition checks fail, method MUST abort.

§ [MOD-CS-MSG-1-2-1] Create New Credential Schema basic checks
§ [MOD-CS-MSG-1-2-2] Create New Credential Schema fee checks

Applicant MUST have an available balance in its account, to cover the following fees:

NOTE

Credential Schema trust deposit is not reclaimable.

§ [MOD-CS-MSG-1-3] Create New Credential Schema execution

If all precondition checks passed, method is executed.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

NOTE

If needed, depending on configuration mode, Trust Registry controller MAY need to create a TRUST_REGISTRY Permission so that validation processes can be run.

§ [MOD-CS-MSG-2] Update Credential Schema

Any account CAN execute this method.

§ [MOD-CS-MSG-2-1] Update Credential Schema parameters

An account that would like to update a credential schema MUST call this method by specifying:

other attributes are immutables and cannot be updated.

§ [MOD-CS-MSG-2-2] Update Credential Schema precondition checks

If any of these precondition checks fail, method MUST abort.

§ [MOD-CS-MSG-2-2-1] Update Credential Schema basic checks
§ [MOD-CS-MSG-2-2-2] Update Credential Schema fee checks

Account MUST have an available balance in its account to cover the required transaction fees.

§ [MOD-CS-MSG-2-3] Update Credential Schema execution

If all precondition checks passed, method is executed.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

§ [MOD-CS-MSG-3] Archive Credential Schema

Any account CAN execute this method.

§ [MOD-CS-MSG-3-1] Archive Credential Schema parameters

An account that would like to archive or unarchive a credential schema MUST call this method by specifying:

§ [MOD-CS-MSG-3-2] Archive Credential Schema precondition checks

If any of these precondition checks fail, method MUST abort.

§ [MOD-CS-MSG-3-2-1] Archive Credential Schema basic checks
§ [MOD-CS-MSG-3-2-2] Archive Credential Schema fee checks

Account MUST have an available balance in its account to cover the required transaction fees.

§ [MOD-CS-MSG-3-3] Archive Credential Schema execution

If all precondition checks passed, method is executed.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

§ [MOD-CS-MSG-4] Update Module Parameters

Update Module Parameters.

Can only be executed through a governance proposal.

§ [MOD-CS-MSG-4-1] Update Module Parameters parameters
§ [MOD-CS-MSG-4-2] Update Module Parameters precondition checks

If any of these precondition checks fail, transaction MUST abort.

§ [MOD-CS-MSG-4-2-1] Update Module Parameters basic checks
§ [MOD-CS-MSG-4-2-2] Update Module Parameters fee checks

provided transaction fees MUST be sufficient for execution

§ [MOD-CS-MSG-4-3] Update Module Parameters execution

If all precondition checks passed, transaction is executed.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

for each parameter param <key, value> in parameters:

§ [MOD-CS-QRY-1] List Credential Schemas

Anyone CAN execute this method. Returned result MUST be ordered by CredentialSchema.created asc.

§ [MOD-CS-QRY-1-1] List Credential Schemas parameters
§ [MOD-CS-QRY-1-2] List Credential Schemas checks
§ [MOD-CS-QRY-1-3] List Credential Schemas execution

return a list of found entry, or an empty list if nothing found. Results MUST be ordered by modified ASC.

§ [MOD-CS-QRY-2] Get Credential Schema

Anyone CAN execute this method.

§ [MOD-CS-QRY-2-1] Get Credential Schema parameters
§ [MOD-CS-QRY-2-2] Get Credential Schema checks
§ [MOD-CS-QRY-2-3] Get Credential Schema execution

return found entry (if any).

§ [MOD-CS-QRY-3] Render Json Schema

Anyone CAN execute this method.

§ [MOD-CS-QRY-3-1] Render Json Schema parameters
§ [MOD-CS-QRY-3-2] Render Json Schema checks
§ [MOD-CS-QRY-3-3] Render Json Schema execution

Render found entry (if any). In case value is returned by a REST API, content type MUST be set to “application/schema+json”.

§ [MOD-CS-QRY-4] List Module Parameters

Anyone CAN run this query.

§ [MOD-CS-QRY-4-2] List Module Parameters parameters
§ [MOD-CS-QRY-4-2] List Module Parameters query checks
§ [MOD-CS-QRY-4-3] List Module Parameters execution of the query

Return the list of the existing parameters and their values.

§ [MOD-CS-QRY-4-4] List Module Parameters API result example
{
  "params": {
    "key1": "value1",
    "key2": "value2",
    ...
    ...
  }
}

§ Permission Module

§ Permission Module Overview

This section is non-normative.

Permission are linked to a Credential Schema and representable as a tree.

uml diagram

The TRUST_REGISTRY type permissions are created by the Credential Schema owner. All other permissions are created by running a Validation Process.

A Validation Process (VP) is a process which involves an applicant (which is the controller of validation entry stored in a validation keeper), a validator permission, and optional fees plus transaction fees.

Validation is used by applicants that want to:

In all cases, the process is very similar. Example execution of a validation process:

  1. Applicant starts a validation process by running the [start new validation] transaction. Validation process may be subject to paying validation fees, as defined by validator.
  2. Validation process usually requires that applicant connects to a validation VS identified by its DID, and execute a some validation steps, required for the validation process to conclude.
  3. If applicant qualifies, validator updates the validation entry by running the [set to validated] transaction, and applicant is granted new permissions, and/or gets issued a credential.

Validation is valid for a specific period, for example 365 days, as configured in the credential schema for credential schema related validations, or set by trust registry for user-agent validation.

NOTE

In some cases, even if the validation is valid for a period of time, the resulting created permission or issued credential might have a shorter expiration timestamp because the validated attribute(s) might expire before validation expiration: in this case, the applicant must provide updated information to the validator before attribute expiration, in order to get issued an updated new permission and/or an updated credential.

If validation is set to expire, applicant that wishes to extend the expiration timestamp must renew its validation.

At any time, applicant can cancel the validation process.

Some special unexpected situation may arise and must be mitigated. Examples:

§ [MOD-PERM-MSG-1] Start Permission VP

Any account CAN execute this method.

§ [MOD-PERM-MSG-1-1] Start Permission VP parameters

An Applicant that would like to start a permission validation process MUST execute this method by specifying:

Available compatible perms can be found by using [MOD-PERM-QRY-1] and presented in a front-end so applicant can choose its validator.

§ [MOD-PERM-MSG-1-2] Start Permission VP precondition checks

If any of these precondition checks fail, transaction MUST abort.

§ [MOD-PERM-MSG-1-2-1] Start Permission VP basic checks

if a mandatory parameter is not present, transaction MUST abort.

NOTE

A holder MAY directly connect to the DID VS of an issuer in order to get issued a credential. It’s up to the issuer to decide if running the validation process (for charging fees) is REQUIRED or not.

§ [MOD-PERM-MSG-1-2-2] Start Permission VP permission checks

At the end, if a valid permission validator_perm is not found, transaction MUST abort.

§ [MOD-PERM-MSG-1-2-3] Start Permission VP fee checks

Load Permission entry validator_perm of the selected validator.

Applicant MUST have an available balance in its account, to cover the following fees:

§ [MOD-PERM-MSG-1-3] Start Permission VP execution

If all precondition checks passed, transaction is executed.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

§ Connecting to the VS of the Validator

This section is non-normative, and provided for understanding only.

This action can only be initiated by the applicant.

For a validation process, if the validator_perm associated has a specified did, applicant should connect to the validation VS of the validator by using the DIDComm protocol in order to continue with the validation process.

By connecting to the VS, applicant might be required by validator to perform some tasks, such as:

  1. Prove to the VS that it controls the controller account that started the validation process (ej blind sign).
  2. Provide the information requested by the validation VS, by filling-in forms, sharing documents, …
  3. In case the requested permission includes a VS DID, applicant should prove to the validator VS that it controls the DID.

When validator considers process is finished, validator can set the permission validation process as terminated, and configure the permission based on what has been agreed with the applicant, such as validation_fees, issuance_fees, verification_fees, country, and permission expiration. Validator can build a file with a summary of the process, exchanged information, proofs… and share it back to the applicant using the VS connection, or other means, and register a file digest_sri in applicant_perm.vp_summary_digest_sri for audit or governance purpose.

§ [MOD-PERM-MSG-2] Renew Permission VP

This section is non-normative.

§ [MOD-PERM-MSG-2-1] Renew Permission VP parameters

An account controller of a permission entry that would like to renew a validation process for this permission MUST execute this method by specifying:

§ [MOD-PERM-MSG-2-2] Renew Permission VP precondition checks

If any of these precondition checks fail, transaction MUST abort.

§ [MOD-PERM-MSG-2-2-1] Renew Permission VP basic checks

if a mandatory parameter is not present, transaction MUST abort.

§ [MOD-PERM-MSG-2-2-2] Renew Permission VP permission checks
§ [MOD-PERM-MSG-2-2-3] Renew Permission VP fee checks

Applicant MUST have an available balance in its account, to cover the following fees:

§ [MOD-PERM-MSG-2-3] Renew Permission VP execution

If all precondition checks passed, transaction is executed.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

§ [MOD-PERM-MSG-3] Set Permission VP to Validated

Any account CAN execute this method.

§ [MOD-PERM-MSG-3-1] Set Permission VP to Validated parameters

An account that would like to set a validation entry to VALIDATED MUST execute this method by specifying:

§ [MOD-PERM-MSG-3-2] Set Permission VP to Validated precondition checks

If any of these precondition checks fail, transaction MUST abort.

§ [MOD-PERM-MSG-3-2-1] Set Permission VP to Validated basic checks

if a mandatory parameter is not present, transaction MUST abort.

Calculation of vp_exp, the validation process expiration timestamp, required to verify provided effective_until:

Now, let’s verify effective_until:

§ [MOD-PERM-MSG-3-2-2] Set Permission VP to Validated validator perms

This section is non-normative.

If validator_perm is not a valid permission (expired, revoked,…) then applicant should start a new validation process.

§ [MOD-PERM-MSG-3-2-3] Set Permission VP to Validated fee checks

Validator MUST have the required estimated transaction fees in its account, else transaction MUST abort.

§ [MOD-PERM-MSG-3-3] Set Permission VP to Validated execution

If all precondition checks passed, transaction is executed.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

Calculate vp_exp:

Change value of provided effective_until if needed, and abort if needed:

Update Permission applicant_perm:

Fees and Trust Deposits:

§ [MOD-PERM-MSG-4] Request Permission VP Termination

This section is non-normative.

At any time, applicant may request termination of the validation process current action.

Requesting termination of the validation process set permission entry to the TERMINATION_REQUESTED state so that corresponding permissions can be terminated. Then, the applicant or the validator (if type is not HOLDER) or the validator (if type is HOLDER) MUST confirm termination transaction for the validation entry to be set to TERMINATED and trust deposits to be freed.

§ [MOD-PERM-MSG-4-1] Request Permission VP Termination parameters

An account that would like to set a Permission entry to TERMINATION_REQUESTED MUST execute this method by specifying:

§ [MOD-PERM-MSG-4-2] Request Permission VP Termination precondition checks

If any of these precondition checks fail, transaction MUST abort.

§ [MOD-PERM-MSG-4-2-1] Request Permission VP Termination basic checks

if a mandatory parameter is not present, transaction MUST abort.

If validation process already expired, either party can terminate the validation process to reclaim the deposit. Else, only the grantee can terminate the vp.

§ [MOD-PERM-MSG-4-2-2] Request Permission VP Termination fee checks

Applicant MUST have the required estimated transaction fees in its account, else transaction MUST abort.

§ [MOD-PERM-MSG-4-3] Request Permission VP Termination execution

If all precondition checks passed, transaction is executed.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

Define vars:

Update perm:

Update deposits if state is TERMINATED:

If applicant_perm.vp_state has been set to TERMINATED:

NOTE

if applicant_perm.type is HOLDER, then validator SHOULD revoke the corresponding credential and then call the confirm validation method to free the trust deposits.

§ [MOD-PERM-MSG-5] Confirm Permission VP Termination

This method is called by a validator to confirm the termination of a vp when permission type is HOLDER, usually after revoking (or not) the verifiable credential of the holder. It can be although called by the grantee after a timeout, defined in GlobalVariables.validation_term_requested_timeout_days.

§ [MOD-PERM-MSG-5-1] Confirm Permission VP Termination parameters

An account that would like to set confirm validation entry termination MUST execute this method by specifying:

§ [MOD-PERM-MSG-5-2] Confirm Permission VP Termination precondition checks

If any of these precondition checks fail, transaction MUST abort.

§ [MOD-PERM-MSG-5-2-1] Confirm Permission VP Termination basic checks

if a mandatory parameter is not present, transaction MUST abort.

§ [MOD-PERM-MSG-5-2-2] Confirm Permission VP Termination permission checks

Timeout not reached: only validator can call the method:

if applicant_perm.term_requested + GlobalVariables.validation_term_requested_timeout_days is after or equal to current timestamp:

Timeout reached: either the validator or the applicant can call the method:

if applicant_perm.term_requested + GlobalVariables.validation_term_requested_timeout_days is before now:

Else MUST abort.

NOTE

For HOLDER type validation, if validation has not expired, only the validator can terminate the validation, unless GlobalVariables.validation_term_requested_timeout_days have passed since termination request and validator did not answered.

§ [MOD-PERM-MSG-5-2-3] Confirm Permission VP Termination fee checks

Account executing the method MUST have the required estimated transaction fees.

§ [MOD-PERM-MSG-5-3] Confirm Permission VP Termination execution

If all precondition checks passed, transaction is executed.

Define vars:

Update:

If account executing the method is the validator:

NOTE

If account executing the method is the grantee (timeout), validator is punished and its trust deposit is not freed.

§ [MOD-PERM-MSG-6] Cancel Permission VP Last Request

At any time, applicant of a permission validation process may request cancellation of the process, provided state is PENDING. Upon method execution, the pending validation is cancelled and paid trust fees are refunded. If vp_exp is not null, vp_state is set back to VALIDATED, else vp_state is set to TERMINATED.

§ [MOD-PERM-MSG-6-1] Cancel Permission VP Last Request parameters

An account that would like to set cancel a validation entry MUST execute this method by specifying:

§ [MOD-PERM-MSG-6-2] Cancel Permission VP Last Request precondition checks

If any of these precondition checks fail, transaction MUST abort.

§ [MOD-PERM-MSG-6-2-1] Cancel Permission VP Last Request basic checks

if a mandatory parameter is not present, transaction MUST abort.

§ [MOD-PERM-MSG-6-2-2] Cancel Permission VP Last Request fee checks

Account executing the method MUST have the required estimated transaction fees in its account, else transaction MUST abort.

§ [MOD-PERM-MSG-6-3] Cancel Permission VP Last Request execution

If all precondition checks passed, transaction is executed.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

§ [MOD-PERM-MSG-7] Create Root Permission

This method is used by controllers of Trust Registries. When they create a Credential Schema, they need to create (a) permission(s) of type TRUST_REGISTRY so that other participants can run validation processes.

§ [MOD-PERM-MSG-7-1] Create Root Permission parameters

An account that would like to create a Permission entry MUST call this method by specifying:

§ [MOD-PERM-MSG-7-2] Create Root Permission precondition checks

If any of these precondition checks fail, transaction MUST abort.

§ [MOD-PERM-MSG-7-2-1] Create Root Permission basic checks

if a mandatory parameter is not present, transaction MUST abort.

§ [MOD-PERM-MSG-7-2-2] Create Root Permission permission checks

To execute this method, account MUST match at least one these rules, else transaction MUST abort.

NOTE

HOLDER permission are used so that it is possible to identify grantee account for paying rewards.

§ [MOD-PERM-MSG-7-2-3] Create Root Permission fee checks

Account MUST have the required estimated transaction fees available.

§ [MOD-PERM-MSG-7-3] Create Root Permission execution

If all precondition checks passed, method is executed.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

A new entry Permission perm MUST be created:

§ [MOD-PERM-MSG-8] Extend Permission

This method can only be called by a validator.

§ [MOD-PERM-MSG-8-1] Extend Permission parameters

An account that would like to extend the effective_until timestamp of a permission MUST call this methid by specifying:

§ [MOD-PERM-MSG-8-2] Extend Permission precondition checks

If any of these precondition checks fail, transaction MUST abort.

§ [MOD-PERM-MSG-8-2-1] Extend Permission basic checks

if a mandatory parameter is not present, transaction MUST abort.

§ [MOD-PERM-MSG-8-2-2] Extend Permission validator perms
§ [MOD-PERM-MSG-8-2-3] Extend Permission fee checks

Validator MUST have the required estimated transaction fees in its account, else transaction MUST abort.

§ [MOD-PERM-MSG-8-3] Extend Permission execution

If all precondition checks passed, transaction is executed.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

§ [MOD-PERM-MSG-9] Revoke Permission

This method can only be called by a validator.

§ [MOD-PERM-MSG-9-1] Revoke Permission parameters

An account that would like to extend the effective_until timestamp of a permission MUST call this methid by specifying:

§ [MOD-PERM-MSG-9-2] Revoke Permission precondition checks

If any of these precondition checks fail, transaction MUST abort.

§ [MOD-PERM-MSG-9-2-1] Revoke Permission basic checks

if a mandatory parameter is not present, transaction MUST abort.

§ [MOD-PERM-MSG-9-2-2] Revoke Permission validator perms
§ [MOD-PERM-MSG-9-2-3] Revoke Permission fee checks

Validator MUST have the required estimated transaction fees in its account, else transaction MUST abort.

§ [MOD-PERM-MSG-9-3] Revoke Permission execution

If all precondition checks passed, transaction is executed.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

§ [MOD-PERM-MSG-10] Create or Update Permission Session

Any credential exchange that requires issuer or verifier to pay fees implies the creation of a PermissionSession.

The agent, the Verifiable User Agent or Verifiable Service that receive the request, MUST send to issuer/verifier:

If the peer wants to issue a credential, agent must send to peer:

If the peer wants to verify a credential, agent must send to peer:

payer MUST create a Permission Session using the above information, then, agent MUST check session has been created and is valid before accepting the action (receive and store issued credential, or accept a presentation request).

uml diagram

See [TR-RESOL] in [VS-SPECS].

§ [MOD-PERM-MSG-10-1] Create or Update Permission Session parameters

An account that would like to create or update a PermissionSession entry MUST send a Msg by specifying:

§ [MOD-PERM-MSG-10-2] Create or Update Permission Session precondition checks

If any of these precondition checks fail, transaction MUST abort.

if issuer_perm_id is null AND verifier_perm_id is null, MUST abort.

if issuer_perm_id is no null:

if verifier_perm_id is no null:

agent:

wallet_agent:

:::warn we might want to check that credential schema of agent and wallet_agent perms is an ECS of type UserAgent. At the moment there is no way of doing it. We consider User Agent will not report a permission that is not controlled by its owner. :::

§ [MOD-PERM-MSG-10-3] Create or Update Permission Session fee checks

Account MUST have sufficient available balance for:

To calculate the required beneficiary fees, use “Find Beneficiaries” query method below to get the set of beneficiary permission found_perm_set. Now that we have the set with all ancestors, we can calculate the required fees:

Total required fees including Trust Deposit:

trust_fees = beneficiary_fees * GlobalVariables.trust_unit_price * (GlobalVariables.trust_deposit_rate), plus wallet and user agent rewards rewards = beneficiary_fees * GlobalVariables.trust_unit_price * (GlobalVariables.user_agent_reward_rate + GlobalVariables.wallet_user_agent_reward_rate).

§ [MOD-PERM-MSG-10-4] Create or Update Permission Session execution

If all precondition checks passed, method is executed.

If new, create entry PermissionSession session:

Else update:

:::warn session.authz[] can contain null issuer_perm_id OR verifier_perm_id :::

§ [MOD-PERM-MSG-11] Update Permission Module Parameters

Update Permission Module Parameters.

Can only be executed through a governance proposal.

§ [MOD-PERM-MSG-11-1] Update Permission Module Parameters parameters
§ [MOD-PERM-MSG-11-2] Update Permission Module Parameters precondition checks

If any of these precondition checks fail, transaction MUST abort.

§ [MOD-PERM-MSG-11-2-1] Update Permission Module Parameters basic checks
§ [MOD-PERM-MSG-11-2-2] Update Permission Module Parameters fee checks

provided transaction fees MUST be sufficient for execution

§ [MOD-PERM-MSG-11-3] Update Permission Module Parameters execution

If all precondition checks passed, transaction is executed.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

for each parameter param <key, value> in parameters:

§ [MOD-PERM-QRY-1] List Permissions

Anyone CAN execute this method.

§ [MOD-PERM-QRY-1-1] List Permissions parameters
§ [MOD-PERM-QRY-1-2] List Permissions checks
§ [MOD-PERM-QRY-1-3] List Permissions execution

return a list of found entries, or an empty list if nothing found. Ordered by last modified asc.

§ [MOD-PERM-QRY-2] Get Permission

Anyone CAN execute this method.

§ [MOD-PERM-QRY-2-1] Get Permission parameters
§ [MOD-PERM-QRY-2-2] Get Permission checks
§ [MOD-PERM-QRY-2-3] Get Permission execution

return found entry (if any).

§ [MOD-PERM-QRY-3] Find Permissions With DID

Usually, Verifiable Trust verification flow will work as in the example below. To simplify, we suppose VUAa is both a User Agent and a Verifiable Credential Wallet.

§ [MOD-PERM-QRY-3-1] Find Permission With DID parameters
§ [MOD-PERM-QRY-3-2] Find Permission With DID checks
§ [MOD-PERM-QRY-3-3] Find Permission With DID execution

This method should use an index per cs.id and insert any new entry hash(perm.did;perm.type) when perm.effective_from and perm.did are not null (updated when perm is modified). Index example:

SchemaId => hash(did;type) => Perm id list => (load perms one by one and filter other query attributes such as country, effective_from, effective_until, revoked, terminated)

Using example index, calculate hash(did;type) to get the list of matching permissions perms[].

return found_perms.

§ [MOD-PERM-QRY-4] Find Beneficiaries

Anyone can execute this method.

To calculate the fees required for paying the beneficiaries, it is needed to recurse all involved perms until the root of the permission tree (which is the trust registry perm), starting from the 2 branches issuer_perm and verifier_perm. As both branches may have common ancestors, we can create a Set (unordered collection with no duplicates), and recurse over the 2 branches, adding found perms. If verifier_perm is null, issuer_perm is never added to the set. If verifier_perm is NOT null, issuer_perm is added to the set if it exists but verifier_perm is not added to the set.

Example 1: verifier_perm: is not set: it’s a credential offer, schema configured to have Issuer Grantors.

uml diagram

Example 2: verifier_perm: is not set: it’s a credential offer. Schema configured to NOT have Issuer Grantors.

uml diagram

Example 3: verifier_perm is set, it’s a presentation request. Schema configured to have Verifier and Issuer Grantors.

uml diagram
§ [MOD-PERM-QRY-4-1] Find Beneficiaries parameters
§ [MOD-PERM-QRY-4-2] Find Beneficiaries checks
§ [MOD-PERM-QRY-4-3] Find Beneficiaries execution

Let’s build the set. Revoked and terminated permissions will not be added to the set. Expired permissions, if not revoked/terminated, will be considered.

if issuer_perm is not null:

Additionally, if verifier_perm is not null:

return found_perms.

NOTE

This works even is schema is open to any issuer or open to any verifier.

§ [MOD-PERM-QRY-5] Get PermissionSession

§ [MOD-PERM-QRY-5-1] Get PermissionSession parameters
§ [MOD-PERM-QRY-5-2] Get PermissionSession checks
§ [MOD-PERM-QRY-5-3] Get PermissionSession execution

return PermissionSession entry if found, else return not found.

§ [MOD-PERM-QRY-6] List Permission Module Parameters
§ [MOD-PERM-QRY-6-2] List Permission Module Parameters parameters
§ [MOD-PERM-QRY-6-2] List Permission Module Parameters query checks
§ [MOD-PERM-QRY-6-3] List Permission Module Parameters execution of the query

Return the list of the existing parameters and their values.

§ [MOD-PERM-QRY-6-4] List Permission Module Parameters API result example
{
  "params": {
    "key1": "value1",
    "key2": "value2",
    ...
    ...
  }
}

§ [MOD-PERM-QRY-7] List Permission Sessions

Anyone CAN execute this method.

§ [MOD-PERM-QRY-7-1] List Permission Sessions parameters
§ [MOD-PERM-QRY-7-2] List Permission Sessions checks
§ [MOD-PERM-QRY-7-3] List Permission Sessions execution

return a list of found entries, or an empty list if nothing found, ordered by last modified asc.

§ Validation Examples

§ Getting a Credential from an Authorized Issuer

This section is non-normative.

Example of an Applicant that would like to get issued a credential (HOLDER):

uml diagram
§ Add a DID to the List of Granted Issuers of a Credential Schema

This section is non-normative.

uml diagram

§ DID Directory Module

The DID Directory is a keystore of DIDs.

§ DID Directory Module Overview

This section is non-normative.

Registering a DID in the DID Directory makes the DID, its presented credentials and its related services, such as VSs, publicly “findable” by crawlers and then by users. It is not mandatory to register a DID, nor needed for Trust Resolution, but it might desirable for some use cases. For example, a Social Browser will need the DID Directory in order to crawl and index all the DIDs that refers to Social Channel VSs, so that users will be able to search the indexed VSs in the Social Browser App.

Anyone can register any DID. That mean, as there are no way of verifying from an VPR that the account that registers a DID is the controller of the DID, there might be some case of DID registered by someone that is not the DID controller. This is inevitable, as an VPR does not know how to resolve DIDs and then cannot verify who is the controller.

To make sure a VS provider will have the control and decide if a DID and its related services, linked credentials… should be indexed or not, registering the VS in the DID Directory will not be enough for the information to be indexed by a crawler. DID Document will optionally include crawler rules (index, do not index…) so the indexation control reminds on hands of the DID controller, even if someone that does not control a DID registers it in the DID Directory.

Note that it is possible to register any DID from any method.

§ [MOD-DD-MSG-1] Add a DID

Add a DID to the DID Directory, with expiration timestamp set to current timestamp + years years.

Any account CAN run this method.

§ [MOD-DD-MSG-1-1] Add a DID transaction parameters
§ [MOD-DD-MSG-1-2] Add a DID precondition checks

If any of these precondition checks fail, transaction MUST abort.

§ [MOD-DD-MSG-1-2-1] Add a DID basic checks
§ [MOD-DD-MSG-1-2-2] Add a DID fee checks

Applicant MUST have an available balance (not blocked by trust deposit nor staked) in its account, to cover the following fees:

§ [MOD-DD-MSG-1-3] Add a DID execution

If all precondition checks passed, transaction is executed.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

§ [MOD-DD-MSG-2] Renew a DID

Renew a DID, by adding years years to current expiration timestamp.

This method MUST be run by controller of the DID entry.

§ [MOD-DD-MSG-2-1] Renew a DID transaction parameters
§ [MOD-DD-MSG-2-2] Renew a DID precondition checks

If any of these precondition checks fail, transaction MUST abort.

§ [MOD-DD-MSG-2-2-1] Renew a DID basic checks

if any of the following conditions is not satisfied, transaction MUST abort.

§ [MOD-DD-MSG-2-2-2] Renew a DID fee checks

Applicant MUST have an available balance (not blocked by trust deposit nor staked) in its account, to cover the following fees:

§ [MOD-DD-MSG-2-3] Renew a DID execution of the transaction

If all precondition checks passed, transaction is executed.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

§ [MOD-DD-MSG-3] Remove a DID

Remove a DID and unlock the corresponding trust deposit.

§ [MOD-DD-MSG-3-1] Remove a DID transaction parameters
§ [MOD-DD-MSG-3-2] Remove a DID precondition checks

If any of these precondition checks fail, transaction MUST abort.

§ [MOD-DD-MSG-3-2-1] Remove a DID basic checks

if any of the following conditions is not satisfied, transaction MUST abort.

§ [MOD-DD-MSG-3-2-2] Remove a DID fee checks

Account running the transaction MUST have the required estimated transaction fees in its account, else transaction MUST abort.

§ [MOD-DD-MSG-3-3] Remove a DID execution of the transaction

If all precondition checks passed, transaction is executed.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

§ [MOD-DD-MSG-4] Touch a DID

This method is used to update the modified of a given entry so that crawlers will know DID should be immediately reindexed.

§ [MOD-DD-MSG-4-1] touch a DID transaction parameters
§ [MOD-DD-MSG-4-2] Touch a DID precondition checks

If any of these precondition checks fail, transaction MUST abort.

§ [MOD-DD-MSG-4-2-1] Touch a DID basic checks
§ [MOD-DD-MSG-4-2-2] Touch a DID fee checks

Account running the transaction MUST have the required estimated transaction fees in its account, else transaction MUST abort.

§ [MOD-DD-MSG-4-3] Touch a DID execution of the transaction

If all precondition checks passed, transaction is executed.

Transaction execution MUST perform the following tasks, and rollback if any error occurs.

§ [MOD-DD-MSG-5] Update Module Parameters

Update Module Parameters.

Can only be executed through a governance proposal.

§ [MOD-DD-MSG-5-1] Update Module Parameters parameters
§ [MOD-DD-MSG-5-2] Update Module Parameters precondition checks

If any of these precondition checks fail, transaction MUST abort.

§ [MOD-DD-MSG-5-2-1] Update Module Parameters basic checks
§ [MOD-DD-MSG-5-2-2] Update Module Parameters fee checks

provided transaction fees MUST be sufficient for execution

§ [MOD-DD-MSG-5-3] Update Module Parameters execution

If all precondition checks passed, transaction is executed.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

for each parameter param <key, value> in parameters:

§ [MOD-DD-QRY-1] List DIDs

This method is used to query the DID Directory keeper. Returned data MUST be ordered by modified asc.

§ [MOD-DD-QRY-1-1] List DIDs query parameters

The following parameters are optional:

§ [MOD-DD-QRY-1-2] List DIDs query checks

If any of these checks fail, query MUST fail.

§ [MOD-DD-QRY-1-3] List DIDs execution of the query

If all precondition checks passed, query is executed and result (may be empty) returned.

§ [MOD-DD-QRY-2] Get a DID

This method is used to read a DID from the DID Directory keeper. As this method does not modify data, it does not require a transaction.

§ [MOD-DD-QRY-2-1] Get a DID query parameters
§ [MOD-DD-QRY-2-2] Get a DID query checks

did MUST conform to the DID Syntax, as specified [DID-CORE].

§ [MOD-DD-QRY-2-3] Get a DID execution of the query

If DID is found, return the corresponding entry, else empty result is returned.

§ [MOD-DD-QRY-3] List Module Parameters

Anyone CAN run this query.

§ [MOD-DD-QRY-3-2] List Module Parameters parameters
§ [MOD-DD-QRY-3-2] List Module Parameters query checks
§ [MOD-DD-QRY-3-3] List Module Parameters execution of the query

Return the list of the existing parameters and their values.

§ [MOD-DD-QRY-3-4] List Module Parameters API result example
{
  "params": {
    "key1": "value1",
    "key2": "value2",
    ...
    ...
  }
}

§ Trust deposit module

§ Trust deposit module overview

This section is non-normative.

Concept: the trust deposit is used to lock trust value as a stake. To process application messages that perform state changes, several modules methods are requiring a trust deposit to be sent, from the executing account, to the trust deposit module.

Example: an account wants to create a new DIDDirectory entry, to execute the transaction it will need:

Execution of the method will perform the following (we ignore anything that does not have to do with the trust deposit, and we consider this account had no TrustDeposit entry yet):

Fee distribution: let’s suppose 70% of transaction fees are distributed to validators, and 30% of transaction fees are distributed to trust deposit holder. For this specific transaction:

Now, account can reclaim the difference between the GlobalVariables.trust_deposit_share_value * tt.share minus tt.denom, which represents the trust (stake) gains.

§ [MOD-TD-MSG-1] Adjust Trust Deposit

This method is used to increase or decrease the trust deposit of a specific account.

Only the following modules can call this method:

§ [MOD-TD-MSG-1-1] Adjust Trust Deposit method parameters
§ [MOD-TD-MSG-1-2] Adjust Trust Deposit precondition checks

If any of these precondition checks fail, transaction MUST abort.

§ [MOD-TD-MSG-1-2-1] Adjust Trust Deposit basic checks

Value checks:

§ [MOD-TD-MSG-1-2-2] Adjust Trust Deposit fee checks

Account running the transaction MUST have the required estimated transaction fees in its account plus needed_deposit, else transaction MUST abort.

§ [MOD-TD-MSG-1-3] Adjust Trust Deposit execution of the method

If all precondition checks passed, method is executed in a transaction.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

§ [MOD-TD-MSG-2] Reclaim Trust Deposit Interests

This method is used to reclaim interests.

Any account MAY call this method.

For a given TrustDeposit entry td, claimable interest is calculated like this:

claimable_interest = td.share * GlobalVariables.trust_deposit_share_value - td.deposit.

If claimable_interest is positive, they can be claimed.

§ [MOD-TD-MSG-2-1] Reclaim Trust Deposit Interests method parameters

N/A

§ [MOD-TD-MSG-2-2] Reclaim Trust Deposit Interests precondition checks

If any of these precondition checks fail, transaction MUST abort.

§ [MOD-TD-MSG-2-2-1] Reclaim Trust Deposit Interests basic checks
§ [MOD-TD-MSG-2-2-2] Reclaim Trust Deposit Interests fee checks

Account running the transaction MUST have the required estimated transaction fees in its account, else transaction MUST abort.

§ [MOD-TD-MSG-2-3] Reclaim Trust Deposit Interests Value execution of the method

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

For the TrustDeposit entry td linked to account:

§ [MOD-TD-MSG-3] Reclaim Trust Deposit

This method is used to reclaim claimable trust deposit value, td.claimable.

Any account MAY call this method.

In order to discourage user from using this method:

§ [MOD-TD-MSG-3-1] Reclaim Trust Deposit method parameters
§ [MOD-TD-MSG-3-2] Reclaim Trust Deposit precondition checks

If any of these precondition checks fail, transaction MUST abort.

§ [MOD-TD-MSG-3-2-1] Reclaim Trust Deposit basic checks

if any of these conditions is not satisfied, transaction MUST abort.

§ [MOD-TD-MSG-3-2-2] Reclaim Trust Deposit fee checks

Account running the transaction MUST have the required estimated transaction fees in its account, else transaction MUST abort.

§ [MOD-TD-MSG-3-3] Reclaim Trust Deposit execution of the method

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

For the TrustDeposit entry td linked to account:

§ [MOD-TD-MSG-4] Update Module Parameters

Update Module Parameters.

Can only be executed through a governance proposal.

§ [MOD-TD-MSG-4-1] Update Module Parameters parameters
§ [MOD-TD-MSG-4-2] Update Module Parameters precondition checks

If any of these precondition checks fail, transaction MUST abort.

§ [MOD-TD-MSG-4-2-1] Update Module Parameters basic checks
§ [MOD-TD-MSG-4-2-2] Update Module Parameters fee checks

provided transaction fees MUST be sufficient for execution

§ [MOD-TD-MSG-4-3] Update Module Parameters execution

If all precondition checks passed, transaction is executed.

Method execution MUST perform the following tasks in a transaction, and rollback if any error occurs.

for each parameter param <key, value> in parameters:

§ [MOD-TD-QRY-1] Get Trust Deposit

Any account CAN run this query. As this method does not modify data, it does not require a transaction.

§ [MOD-TD-QRY-1-1] Get Trust Deposit query parameters
§ [MOD-TD-QRY-1-2] Get Trust Deposit query checks

If any of these checks fail, query MUST fail.

§ [MOD-TD-QRY-1-3] Get Trust Deposit execution of the query

If found, returns trust deposit, else return not found.

§ [MOD-TD-QRY-2] List Module Parameters

Anyone CAN run this query.

§ [MOD-TD-QRY-2-2] List Module Parameters parameters
§ [MOD-TD-QRY-2-2] List Module Parameters query checks
§ [MOD-TD-QRY-2-3] List Module Parameters execution of the query

Return the list of the existing parameters and their values.

§ [MOD-TD-QRY-2-4] List Module Parameters API result example
{
  "params": {
    "key1": "value1",
    "key2": "value2",
    ...
    ...
  }
}

§ ToIP Trust Registry QueryProtocol version 2.0 (NOT TO BE IMPLEMENTED)

TODO

Due to the pre-draft status of the trqp-2.0 spec, everything dealing with the trqp-2.0 MUST be ignored for now.

The following requirements of the ToIP Trust Registry QueryProtocol version 2.0 MUST be implemented:

[TRQP-1], [TRQP-2], [TRQP-3], [TRQP-4], [TRQP-5].

Be aware that data answered by API MUST comply with data format defined in ToIP Trust Registry QueryProtocol version 2.0 which sometimes is different from data in VPR (at least for timestamp datatype).

Base API for QueryProtocol is /${tr.did}/trqp-2.0 where tr_did is the did of the TrustRegistry entry. So to consume the /metadata service below, one MUST query /${tr.did}/trqp-2.0/metadata

method documentation is available here:

Method Requirement
/entities/ [MOD-TRQP-1]
/entities/{entityVID}/authorization [MOD-TRQP-2]
/entities/{entityVID}/authorizations [MOD-TRQP-3]
/registries/recognized-registries [MOD-TRQP-4]
/registries/{registryVID}/recognized-registries/ [MOD-TRQP-5]
/registries/{registryVID}/ [MOD-TRQP-6]
/lookup/authorizations [MOD-TRQP-7]
/lookup/namespaces [MOD-TRQP-8]
/lookup/vidmethods [MOD-TRQP-9]
/lookup/assurancelevels [MOD-TRQP-10]
/metadata [MOD-TRQP-11]
/offline/exportfile [MOD-TRQP-12]
/offline/trustestablishmentdocument [MOD-TRQP-13]

§ [MOD-TRQP-1] /entities/

TODO

This section MUST be ignored for now.

GET /${tr.did}/trqp-2.0/entities/{did}

Build response object, if found:

Find Permission entries where did matches the query.

Building the authorizations array:

for each perm, create an “authorization” object with:

Building the participatingNamespaces array:

for each CredentialSchema cs with cs.tr_vid = $tr.vid, create a participatingNamespace object:

Example:

GET /did:gf:abc/trqp-2.0/entities/did:example:123

{
   "entityVID":"did:example:123",
   "governanceFrameworkVID":"did:gf:abc",
   "primaryTrustRegistryVID":"did:gf:abc",
   "authorizations": [ {
      "entityId": "did:example:123",
      "simplename": "fr.77626adc-784c-4816-9249-834822263711.ISSUER",
      "description": "ISSUER granted permission for fr country on credential schema 77626adc-784c-4816-9249-834822263711 on trust registry did:gf:abc on public verifiable data registry Verana",
      "authorizationUniqueString":"8611f5fc-b243-4871-8e63-d44279b57c73",
      "authorizationStatus":"current",
      "authorizationValidity": {
          "validFromDT": "2024-08-24T14:15:22Z",
          "validUntilDT": "2025-08-24T14:15:22Z",
      }
   }
   ],
   "participatingNamepaces":[
      {
         "identifier":"did:example:123",
         "canonicalString":"verana:77626adc-784c-4816-9249-834822263711",
         "egfURI":"did:gf:abc",
         "description":"credential schema 77626adc-784c-4816-9249-834822263711 of trust registry did:gf:abc on public verifiable data registry Verana"
      }
   ],
   "registrationStatus":{
      "status":"current",
      "detail":"did:example:123 is participating to did:gf:abc"
   }
}

§ [MOD-TRQP-2] /entities/{entityVID}/authorization

GET /{$tr.did}/trqp-2.0/entities/{did}/authorization?authorizationVID={authorizationVID}

For authorizationVID, we use the concatenation of the trust registry did, the credential schema full path, and a fragment that must be the concatenation of either ISSUER, VERIFIER, ISSUER_GRANTOR, VERIFIER_GRANTOR plus an optional -{countrycode}.

Example check if issuer did:web:service-credential-issuer is granted issuance of credential schema f4524751-8617-40de-bbe6-b2e0fef63c7a owned by trust registry did:web:service-credential-issuer for country fr:

GET /did:web:trust-registry/trqp-2.0/entities/did:web:service-credential-issuer/authorization?authorizationVID=did:web:trust-registry/cs/js/f4524751-8617-40de-bbe6-b2e0fef63c7a#ISSUER-fr

Response:

{
  "entityId": "did:web:service-credential-issuer",
  "authorizationID": "did:web:trust-registry/cs/js/f4524751-8617-40de-bbe6-b2e0fef63c7a#ISSUER-fr",
  "description": "ISSUER granted permission for fr country on credential schema f4524751-8617-40de-bbe6-b2e0fef63c7a on trust registry did:web:trust-registry",
  "authorizationUniqueString":"8611f5fc-b243-4871-8e63-d44279b57c73",
  "authorizationStatus":"current",
  "authorizationValidity": {
     "validFromDT": "2024-08-24T14:15:22Z",
     "validUntilDT": "2025-08-24T14:15:22Z",
}

§ [MOD-TRQP-3] /entities/{entityVID}/authorizations

TODO

This section MUST be ignored for now.

§ [MOD-TRQP-4] /registries/recognized-registries

TODO

This section MUST be ignored for now.

§ [MOD-TRQP-5] /registries/{registryVID}/recognized-registries/

TODO

This section MUST be ignored for now.

§ [MOD-TRQP-6] /registries/{registryVID}/

TODO

This section MUST be ignored for now.

§ [MOD-TRQP-7] /lookup/authorizations

TODO

This section MUST be ignored for now.

§ [MOD-TRQP-8] /lookup/namespaces

TODO

This section MUST be ignored for now.

§ [MOD-TRQP-9] /lookup/vidmethods

TODO

This section MUST be ignored for now.

§ [MOD-TRQP-10] /lookup/assurancelevels

TODO

This section MUST be ignored for now.

§ [MOD-TRQP-11] /metadata

TODO

This section MUST be ignored for now.

GET /trqp/$uint64/metadata response:

{
   "lastupdated":"2019-08-24T14:15:22Z",
   "primaryEGFURI":[
      "did:example:GlobalDriverLicenseDID"
   ],
   "additionalEGFURIs":[
      "http://example.com"
   ],
   "participatingNamepaces":[
      {
         "identifier":"did:example:123",
         "canonicalString":"ca.issuer.driverlicense",
         "egfURI":"did:example:GlobalDriverLicenseDID",
         "description":"string"
      }
   ],
   "languages":"en"
}

Definitions:

Mapping (unmentioned are omitted):

§ [MOD-TRQP-12] /offline/exportfile

TODO

This section MUST be ignored for now.

§ [MOD-TRQP-13] /offline/trustestablishmentdocument

TODO

This section MUST be ignored for now.

§ Initial Data Requirements

§ [GLO] Global Variables

Global variables CAN only be changed by the governance authority through proposals.

Default values MUST be set at VPR initialization (genesis). Below you’ll find some possible values. These values will have to be defined in the governance framework.

Trust Unit:

Credential Schema:

Validation:

Trust Registry:

DID Directory:

Trust Deposit:

§ [DISTRIB] Fee Distribution

This section is non-normative.

Fee must be distributed as follows:

§ References

§ Normative References

DID-CORE
Decentralized Identifiers (DIDs) v1.0. Manu Sporny; Amy Guy; Markus Sabadello; Drummond Reed; 2022-07-19. Status: REC.
RFC3986
Uniform Resource Identifier (URI): Generic Syntax. T. Berners-Lee; R. Fielding; L. Masinter; 2005-01. Status: Internet Standard.
VC-DATA-MODEL
Verifiable Credentials Data Model v1.1. Manu Sporny; Grant Noble; Dave Longley; Daniel Burnett; Brent Zundel; Kyle Den Hartog; 2022-03-03. Status: REC.

Table of Contents
undefined