Skip to main content

Describe a Zone

Reading time: 9 min

A zone is a conceptual framework defined by a set of rules, within which the recognized digital resources are compatible with these rules, taking into account the associated consents. A resource is not attached to a zone. The recognition of resources within a Zone relies on the dynamic evaluation of the conformity of the rules and consents of the resources.

All the workflows initiated within the Axone protocol must be defined in the context of a specific Zone. When the workflow is submitted, the protocol will check if all rules of the zone and of the engaged resources are respected and will apply the business model of the zone.

Let's see how to describe and register a zone in the Axone Protocol. Here are the four steps involved:

Steps to describe a resource in the Dataverse

We'll take the example of the Collaborative AI Zone in this tutorial.



  • Install the Axone CLI to interact with the protocol
  • Ensure you have npm installed on your system. You can follow the installation guide here.
  • Install the json-cli with the following command:
npm install -g jsonld-cli

Step 1: Create keys

The first step consists of creating keys and related DID for the issuer of the credentials and the resource itself.

The Axone Protocol can provide you keys (also called a wallet) and DID. A key pair is created to obtain a wallet to establish secure ownership and control over your assets on the Axone blockchain. The key pair consists of two cryptographic keys: public and private keys. When creating a wallet, you're typically provided with a mnemonic consisting of 12, 24, or sometimes more words. This mnemonic acts as a human-readable representation of the underlying cryptographic information. It is easier to remember and write down than the complex numbers and characters representing the private key. The mnemonic serves as a backup mechanism for the wallet. You can regenerate the key pair by inputting the mnemonic into any compatible wallet software to recover access to your funds.

Here, we don't create a wallet for cryptocurrency storage but for secure storage of identifiers: A wallet can securely store digital identifiers, such as proofs of identity, certificates, or other personal identification information.


A keyring is a secure software utility designed to store and manage credentials, such as passwords, cryptographic keys, and API tokens, in a centralized and encrypted form. The --keyring-backend test command parameter is intended for use in testing environments. However, it is not recommended for production applications where the security of private keys is a highest priority.

For secure keyring setup in production environments, refer to the Cosmos SDK doc. This documentation provides a comprehensive guide to establishing a secure keyring configuration suitable for production use.

Avoid using the --keyring-backend test option in production, as it leaves private keys unencrypted on the file system, posing a potential security risk.

​​# Create a new key. Replace "collab-ai-zone" with another name
okp4d keys add collab-ai-zone --keyring-backend test

If you create a new key pair, the terminal displays a list of 24 words. Store this mnemonic phrase in a safe place.

Get the list of all your keys stored locally especially the new one. You can see that the DID related to this key is did:key:zQ3shunN7us5oKNYKKzprW8nP5HAoTf4t2Fxyudho5zMAR1PQ.

okp4d keys list --keyring-backend test

- address: okp41e48vdzvv5j337f6z5h93lyg5jth9ckn94cagzt
did: did:key:zQ3shunN7us5oKNYKKzprW8nP5HAoTf4t2Fxyudho5zMAR1PQ
name: collab-ai-zone
pubkey: '{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"A+D85xM279HkiCCqONveag2X4QLKA0cyliClJbsS2fsj"}'
type: local

You can also use the command okp4d show to directly find information about a particular wallet.

# Replace "collab-ai-zone" with your wallet name
okp4d keys show collab-ai-zone --keyring-backend test

- address: okp41e48vdzvv5j337f6z5h93lyg5jth9ckn94cagzt
name: collab-ai-zone
pubkey: '{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"A+D85xM279HkiCCqONveag2X4QLKA0cyliClJbsS2fsj"}'
type: local

Reiterate the command to create a wallet to store the identity of the issuer.

So now we have the following information:

Collaborative AI zone
Name of the walletcollab-ai-zone
Public keyokp41e48vdzvv5j337f6z5h93lyg5jth9ckn94cagzt
Name of the walletissuer-okp4
Public keyokp41ysl9yllv40kfygcdfqj7c9n2a5c5zpmgku8ufg

In the future, you will be able to use any key provider, such as Cheqd.

Step 2: Create the credentials

Find the credential templates you need in the Ontology documentation according to the nature of the resource you describe.

For the zone, instantiate the template credential-zone-description.


Would you like to describe your zone with other properties? You can create your template of credentials. Don't directly add these properties in the ZoneDescriptionCredential as defined in the Ontology.

Description of the Zone

Here are the following metadata of the zone Collaborative AI Zone

TitleCollaborative AI Zone
DescriptionCollaborative AI Zone is dedicated to training AI models in a collaborative and open way.
TagsAI, Collaboration, Machine learning

Let's fill in the template.

"@context": [
"type": ["VerifiableCredential","ZoneDescriptionCredential"],
"id": "",
"credentialSubject": {
"id": "did:key:zQ3shunN7us5oKNYKKzprW8nP5HAoTf4t2Fxyudho5zMAR1PQ",
"hasDescription": "Collaborative AI Zone is dedicated to train AI models in a collaborative and open way.",
"hasTag": [
"Machine Learning"
"hasTitle": "Collaborative AI Zone",
"hasTopic": ""
"issuanceDate": "2024-02-02T15:40:43.475304+01:00",
"issuer": {
"id": "did:key:zQ3shs7auhJSmVJpiUbQWco6bxxEhSqWnVEPvaBHBRvBKw6Q3",
"name": "OKP4"

Fields to modify:

  • id (in @context): change the UUID at the end of the URI. You can generate a new UUID with this tool.
  • id: copy the did:key of the zone
  • hasDescription: fill in the description of the zone
  • hasTag: fill in a list of tags
  • hasTitle: fill in the title of the zone
  • hasTopic: select the topic concerned by your zone in the Thesaurus Topic. Put the URI of the selected topic in the jsonld.
  • issuanceDate: update the date for Today
  • id (issuer): copy the did:key of the issuer
  • name: put the issuer's name (string).

You can remove some properties if they are not relevant to your zone.

Step 3: Sign the credentials

Now that you have created the VC, you will sign it.

Signing a verifiable credential involves creating a digital signature using cryptographic techniques. This signature is unique to both the document (in this case, the credential) and the signer's private key, making it nearly impossible to forge. The private key is kept secret by the signer, while the corresponding public key is made available for anyone wishing to verify the signature's authenticity.

By signing the credential, any alteration to the credential's data after it has been signed will invalidate the signature. This ensures the data has not been tampered with and remains as it was when issued.

To sign your VC, use this command:

okp4d credential sign $/MY-DIRECTORY/MY-DATASET.jsonld 
--keyring-backend test
--from $MY_ADDR | jsonld toRdf -q - > $MY-DATASET.nq


  • /MY-DIRECTORY/MY-DATASET.jsonld : credential file address
  • MY_ADDR : issuer address
  • MY-DATASET.nq : name of the file with the signed credential in RDF format


okp4d credential sign collab-ai-zone-description.jsonld 
--keyring-backend test
--from issuer-okp4 | jsonld toRdf -q - > collab-ai-zone-description.nq

You can see that there is new fields in the jsonld with the cryptographic proof.

<did:key:zQ3shunN7us5oKNYKKzprW8nP5HAoTf4t2Fxyudho5zMAR1PQ> <> "Collaborative AI Zone is dedicated to train AI models in a collaborative and open way." .
<did:key:zQ3shunN7us5oKNYKKzprW8nP5HAoTf4t2Fxyudho5zMAR1PQ> <> "AI" .
<did:key:zQ3shunN7us5oKNYKKzprW8nP5HAoTf4t2Fxyudho5zMAR1PQ> <> "Collaboration" .
<did:key:zQ3shunN7us5oKNYKKzprW8nP5HAoTf4t2Fxyudho5zMAR1PQ> <> "Machine Learning" .
<did:key:zQ3shunN7us5oKNYKKzprW8nP5HAoTf4t2Fxyudho5zMAR1PQ> <> "Collaborative AI Zone" .
<did:key:zQ3shunN7us5oKNYKKzprW8nP5HAoTf4t2Fxyudho5zMAR1PQ> <> <> .
<> <> <> .
<> <> <> .
<> <> _:b0 .
<> <> <did:key:zQ3shunN7us5oKNYKKzprW8nP5HAoTf4t2Fxyudho5zMAR1PQ> .
<> <> "2024-02-02T15:40:43.475304+01:00"^^<> .
<> <> <did:key:zQ3shs7auhJSmVJpiUbQWco6bxxEhSqWnVEPvaBHBRvBKw6Q3> .
_:b1 <> "2024-04-03T09:30:58.82844+02:00"^^<> _:b0 .
_:b1 <> <> _:b0 .
_:b1 <> "eyJhbGciOiJ1bmtub3duIiwiYjY0IjpmYWxzZSwiY3JpdCI6WyJiNjQiXX0..-oJCy6SuZM1QmQNOw2_cpdXfqSu3sER_V-j1FfcE-k1pjh-K4TFtNc4EMuHcoTp-FMsCcJoMyR3xphLPo0BLgQ" _:b0 .
_:b1 <> <> _:b0 .
_:b1 <> <did:key:zQ3shs7auhJSmVJpiUbQWco6bxxEhSqWnVEPvaBHBRvBKw6Q3#zQ3shs7auhJSmVJpiUbQWco6bxxEhSqWnVEPvaBHBRvBKw6Q3> _:b0 .

The VC is now in the hands of the Holder. Note that it is possible that the Issuer is also the Holder.

The Axone blockchain can only register VCs in N-Quads format.

Step 4: Register the credentials in the blockchain

The final step is to register the VCs in the Axone blockchain by submitting them to the Dataverse smart contract. It's the role of the Registrant (who can be the Holder or another entity).


Note that as you interact with the Axone blockchain, you must pay fees in $AXONE at each transaction.

okp4d tx wasm execute $CONTRACT_ADDR \ 
--node "" \
--chain-id okp4-drunemeton-1 \
--from $MY_ADDR \
--keyring-backend test
--gas 10000000 \ "{\"submit_claims\":{\"metadata\": \"$(cat $MY-DATASET.nq | base64)\"}}"


  • CONTRACT_ADDR : dataverse contract address (always the same) - For the Drunemeton testnet use okp418cszlvm6pze0x9sz32qnjq4vtd45xehqs8dq7cwy8yhq35wfnn3qvya8du
  • node "" : name of the node for the Drunemeton testnet
  • MY_ADDR : registrant okp4 address
  • $MY-DATASET.nq : name of the file with the signed credential in RDF format


okp4d tx wasm execute okp418cszlvm6pze0x9sz32qnjq4vtd45xehqs8dq7cwy8yhq35wfnn3qvya8du \
--node "" \
--chain-id okp4-drunemeton-1 \
--from issuer-okp4 \
--keyring-backend test
--gas 10000000 "{\"submit_claims\":{\"metadata\": \"$(cat collab-ai-zone-description.nq | base64)\"}}"

The Protocol will check the signature and if the public key corresponds to the proof in the VC, the VC is registered in the smart contract (Cognitarium).

The command returns the hash of the transaction. You can find more details of this transaction in the Explorer. Select the network (Currently Drunemeton-Testnet), click on the Search icon, and paste the transaction hash.

Example: Hash: 213CE6A476776392625981A071E36DD295B1F0BB95F4A29DFCDA8B1F59C9282D

Axone explorer


Remember, the Resource Governance VC ensures the existence of a resource in the protocol: a resource or zone exists in the protocol only if governance is attached to it. Let's do it on the next page.