Role Taxonomy Overview

Role Taxonomy
  
Six roles. Each is bounded by a credential. AI agents are first-class participants.
  Roles & Permissions · R-00
Every actor in the framework — human, organisation, or AI agent — operates under one of six defined
roles. Roles are not just labels: each role is a Verifiable Credential issued by CTH (or by the
community for the Sovereign role) that gates API permissions. You cannot perform an action without
the credential that authorises it.
Permissions Matrix
  
    
Permission
    
Submitter
Validator
Sovereign
    
Steward
Auditor
AI Agent
  
  
    
Submit polygon / emissions data
    
✅ Own data
—
—
    
—
—
⚡ If delegated by Submitter
  
  
    
Issue VALIDATED event / DCC
    
—
✅
—
    
—
—
⚡ If delegated by Validator
  
  
    
Issue / revoke FPIC credential
    
—
—
✅
    
—
—
—
  
  
    
Read own submitted data
    
✅
✅
✅ (own territory)
    
✅
✅ Public only
⚡ Delegated scope
  
  
    
Read all non-restricted data
    
—
✅
✅ Own territory
    
✅
✅ Public only
⚡ Public scope
  
  
    
Manage schemas / framework
    
—
—
—
    
✅
—
—
  
  
    
Call POST /policy/evaluate
    
✅
✅
✅
    
✅
✅
✅ Mandatory before write
  
  
    
Override FPIC consent block
    
🚫 Never
🚫 Never
N/A
    
🚫 Never
🚫 Never
🚫 Never
  
  Key principle: An AI agent inherits the permissions of the human role that delegated it —
  never more. An agent acting for a Submitter can write polygon data but cannot validate it.
  Agents cannot combine permissions from multiple delegating roles.
Roles & Permissions · R-00 · Framework version 1.0 · CleantechHUB · CC-BY 4.0