Skip to main content

System design

CommonsDB Trust model - Verifying the identity of data suppliers

At the core of CommonsDB is a fundamental principle: the rights information published in our registry must be verifiable and reliable. CommonsDB is a public registry that records rights information for Public Domain and openly licensed works. We achieve this through transparent, cryptographically signed declarations made by trusted data providers, enabling anyone to identify and reuse registered works with confidence.

This page outlines the CommonsDB trust model — how we establish the identity of entities submitting declarations to the registry. A follow-up post will explain how we ensure the accuracy of the rights information contained in those declarations.

To ensure that rights information is submitted by trusted parties, CommonsDB employs a multi-layered trust architecture, based on the interaction of three key roles:

  • A Qualified Trust Service Provider (QTSP)
  • A legal entity that issues Verifiable Credentials
  • Verified Data Suppliers

Here’s how each role contributes to the system’s integrity:

1. Qualified Trust Service Provider (QTSP)

Halcom, a Slovenian QTSP accredited under the European Union’s eIDAS Regulation, serves as the foundational trust anchor. Halcom has issued a Qualified Certificate for Electronic Seal (QCert for eSeal) to Open Future. As part of the certification process, Open Future has generated a cryptographic key pair (public and private keys). The public key is certified by Halcom and published in the QCert for eSeal.

This certificate confirms Open Future’s identity — including its legal name, VAT ID, and public key (in the form of a decentralized did:web identifier) — thereby establishing a cryptographically verifiable link to Open Future.

2. Verifiable Credential Issuer

With this certified identity, Open Future acts as the issuer of Verifiable Credentials (VCs) to CommonsDB’s data providers. VCs are tamper-proof, cryptographically signed assertions that verify the identity of a data supplier and bind a public key to that identity. In this model, VCs are signed by Open Future and issued to data providers after their identity has been verified. These credentials also confirm the recipient’s role as an authorized data supplier to CommonsDB.

3. Verified Data Suppliers

Verified data suppliers use the private keys corresponding to the public keys in their Verifiable Credentials to digitally sign declarations submitted to the CommonsDB registry. Each declaration associates rights information and metadata with ISCC codes identifying the corresponding digital assets (works).

As a result, every declaration in the CommonsDB registry is:

  • Cryptographically signed to prevent tampering
  • Machine-verifiable to support automated trust checks
  • Linked to a verifiable identity to ensure provenance and accountability

Thanks to this trust model, anyone who has access to a digital asset that has been registered in the CommonsDB registry can independently verify by whom the rights information about the asset was contributed.