# The Credential Attestation Process A Decentralized Identity (DID) is the starting point for building reputation on the Toto Chain, but it's the **credentials** attached to that DID that give it meaning and trust. The process of formally linking a verified credential to a user's account on the blockchain is called **attestation**. This document outlines the step-by-step process for credential attestation on the Toto Chain. ### The Participants The attestation process involves two primary parties: 1. **The User (or Claimer):** The individual who wants to add a verifiable credential to their DID to build their reputation. 2. **The Attestation Provider (AP):** A trusted entity, approved by the Technical Committee, that is responsible for verifying the user's claim and recording it on the chain. ### The Attestation Flow: From Claim to On-Chain Record The process involves both off-chain communication and a final on-chain transaction. **Step 1: Off-Chain Verification** The process begins off-chain, directly between the User and the Attestation Provider's service (e.g., their website or application). 1. **User Initiates a Claim:** The user navigates to an Attestation Provider's service and requests to have a credential verified. For example, they might want to prove they own a specific email address. 2. **Provider Verifies the Claim:** The Attestation Provider uses its own methods to verify the user's claim. For an email, this typically involves sending a confirmation link to that address, which the user must click. 3. **Provider Prepares the Attestation:** Once the claim is verified, the Attestation Provider's service prepares the necessary data for the on-chain transaction. This includes generating a hash of the claim's content (`claimHash`). **Step 2: On-Chain Attestation** After off-chain verification, the Attestation Provider submits a transaction to the Toto Chain to formally record the attestation. This is done by calling a specific function, or **extrinsic**, on the chain. The primary extrinsic for this is `attestation.add()`. This function takes several important parameters: * **`claimHash`**: A cryptographic hash of the content of the user's credential. This allows the chain to store a unique reference to the claim without storing the private details of the claim itself (like the actual email address). * **`ctypeHash`**: The hash of the Credential Type (cType) that defines the structure of this claim. This tells the chain what *kind* of credential is being attested (e.g., "Email," "Social Media," etc.). * **`authorization`**: (Optional) This field can be used for more complex scenarios, but for a standard attestation, it is often left empty. * **`account`**: The on-chain account ID (DID) of the **user** for whom the credential is being attested. When the Attestation Provider calls this function, the chain performs a crucial check: **it verifies that the transaction is being sent from a trusted, official Attestation Provider account.** If the sender is a recognized AP, the transaction succeeds. The chain then creates an official, on-chain record linking the `claimHash` to the user's `account`, and the user's reputation score is updated according to the `ctypeWeight` associated with that `ctypeHash`. This process creates a secure and privacy-preserving system where verifiable credentials can be added to a user's digital identity, forming the building blocks of a robust, decentralized reputation. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://totochain.gitbook.io/totochain/knowledge-base/the-credential-attestation-process.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.