Role Taxonomy Overview
Role Taxonomy
Six roles. Each is bounded by a credential. AI agents are first-class participants.
Roles & Permissions · R-00Every actor in the framework — human, organisation, or AI agent — operates under one of six defined roles. Roles are not just labels: each role is a Verifiable Credential issued by CTH (or by the community for the Sovereign role) that gates API permissions. You cannot perform an action without the credential that authorises it.
Permissions Matrix
| Permission | Submitter | Validator | Sovereign | Steward | Auditor | AI Agent |
|---|---|---|---|---|---|---|
| Submit polygon / emissions data | ✅ Own data | — | — | — | — | ⚡ If delegated by Submitter |
| Issue VALIDATED event / DCC | — | ✅ | — | — | — | ⚡ If delegated by Validator |
| Issue / revoke FPIC credential | — | — | ✅ | — | — | — |
| Read own submitted data | ✅ | ✅ | ✅ (own territory) | ✅ | ✅ Public only | ⚡ Delegated scope |
| Read all non-restricted data | — | ✅ | ✅ Own territory | ✅ | ✅ Public only | ⚡ Public scope |
| Manage schemas / framework | — | — | — | ✅ | — | — |
| Call POST /policy/evaluate | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ Mandatory before write |
| Override FPIC consent block | 🚫 Never | 🚫 Never | N/A | 🚫 Never | 🚫 Never | 🚫 Never |
Key principle: An AI agent inherits the permissions of the human role that delegated it —
never more. An agent acting for a Submitter can write polygon data but cannot validate it.
Agents cannot combine permissions from multiple delegating roles.
No hay comentarios para mostrar
No hay comentarios para mostrar