Architecture Overview

The Issuer Service is designed as a modular, independently deployed component. Each instance represents a single issuer entity. Key elements include:

• Issuer Service Instance: Runs as a standalone server. Deployed via the One-Click Deployment Portal, it maintains data isolation from other issuers.

• EMPE Blockchain Integration: Automatically registers and updates the issuer’s DID Document on the EMPE Blockchain, ensuring resolvability and trust.

• Schema Management Engine: Handles credential schemas, supporting versioning for evolving credential definitions.

• Credential Issuance and Storage: Issues credentials upon request, stores them, and supports listing, revoking, or deleting as needed.

• Wallet Interaction Layer: Uses OAuth2-like authorization code flows for wallets to claim credentials securely.

• Security and Access Controls: Enforces authentication (x-client-secret, bearer tokens) and access controls to protect resources.

This layered approach supports scalability, clarity, and strong security guarantees, enabling easy integration of new capabilities like Zero-Knowledge Proofs or Selective Disclosure.