An operator is an entity that sits at the root of a chain of provenance or an authorization tree. Operators grant legitimacy to accounts by signing their JWTs, and in turn accounts grant legitimacy to actors by signing their JWTs.

The JWTs of an authorization tree are not tightly coupled, and it is entirely up to the ecosystem how to use them. Provenance is verified by traversing the authorization tree by following an issuer chain until reaching the root, which terminates at an operator.