Distributed Compliance Ledger

The CSA’s DCL (Distributed Compliance Ledger) is a distributed store of information used for tracking certification status and Vendor maintained information such as, but not limited to, product name, product description, and firmware URL. This information is cryptographically secured by digital signatures and is made available via CSA approved synchronized servers or nodes that are geographically distributed. As a device maker, information about devices should be added to the ledger before shipping the devices to market. Without this step, Matter ecosystems might not allow commissioning devices into the home network. During the Device Attestation procedure, the DCL acts as the secure distribution point of the list of active and revoked Product Attestation Authority root certificates. The ledger is publicly available at the Distributed Compliance Ledger website.

Information in DCL

Ledger data is available in following schemas:

• Vendor Schema

  Provide general information about a Vendor such as Company legal name, Preferred brand

  name associated with Vendor ID, Landing page URL for vendor, etc.
• PAA Schema

  Provide a list of Product Attestation Authorities Certificates for the approved PAAs.
• Device Model Schema

  Provide general information about a device, and the information is shared across all software versions.

  e.g Product Name, Product Label, Part Number, Commissioning info, etc.
• Device Software Version Model Schema

  Provide software version specific information.

  e.g Release Notes URL, Firmware Information, OTA Software Image URL, etc.
• Device Software Compliance / Compliance Test Result Schema

  Provide compliance and test result data about a software version.

DCL Roles

The DCL roles refer to the way of interaction with the database. As the CSA member is granted access to the DCL, it receives the basic Vendor role, and can be assigned multiple roles over time if certain requirements are met.

• Trustee

  A role in DCL that is assigned to an individual of a member company who is tasked to execute approval and revocation tasks.
• Vendor

  A role in DCL that publishes Vendor and Device Model information.
• Node Admin

  A role in DCL that is needed to start a Validator Node server.
• Certificate Center

  The CSA Certificate Center submits certification status to the DCL based on the test results submitted by an authorized Test House.

DCL Nodes

The DCL is a server that contains the Validator Nodes (VNs) and Observer Nodes (ONs). The main difference between them is the type of access to the DCL database.

• Validator Node (VN)

  DCL server that participates in creating a “consensus” process to add information into the DCL database.
• Observer Node (ON)

  DCL server that is optimized for reads. ON does not participate in creating a “consensus” process to add information into the DCL database.

DCL Usage

The DCL stores and makes available information about the CSA members’ products and their compliance status. Vendors can provide information about their products.

Reading from the DCL

Reading from the DCL is open to all parties who need to obtain the following compliance-related information:

• Device Model info, including firmware and hardware versions

• Device compliance state

• Product Attestation Authorities certificates

Writing to the DCL

Writing to the DCL is restricted to the parties who participate in the certification process:

• Vendors role can add new device models that belong to the VendorID that is associated with the public key of that vendor. VendorID is associated with the vendor public key during the vendor account creation process.

• Vendor role can update a subset of existing device model information, such as product name, product description, firmware, and hardware info. Updates are only allowed if the device is associated with the same vendor account.

• Test Houses can update the test status of each device on the ledger.

• CSA can add information about the vendor’s certification status.

• CSA Certification Centers can add or revoke the compliance status of a device.

Working with the DCL as a Vendor

The CSA provides two ways to access the DCL:

• Access DCL by DCL Web UI

• Install and set up DCL CLI Client. Complete the steps listed in the DCL Quick Start Guide

Note

The CLI Client is platform specific to either Linux or MacOS.

To write a certifiable product to the DCL, an Approved Vendor account is required. This can be done by creating a DCL account and sending a request to the CSA. Once an approved vendor account holder, the following schemas can be entered: Vendor Schema, Device Model, and the Device Software Version into the DCL.