Empeiria Documentation
  • Getting Started
    • Welcome to Empeiria
    • 5 minutes Quickstart
    • Tutorial: Credential Issuance & Verification
      • Overview
      • Understanding Key Concepts
      • Project Setup
      • Deploying the Issuer
      • Uploading the Credential Schema
      • Issuing Credentials
      • Frontend for Credential Issuance
      • Testing Credential Issuance
      • Deploying the Verifier
      • Setting Up the Verification Flow
      • Creating a Verification Endpoint
      • Creating a Protected Dashboard
      • Testing the Verification Flow
      • Summary & Next Steps
  • Understand
    • EVDI Architecture
    • Self-Sovereign Identity
      • Technical Foundations
      • Roles in the SSI framework
      • Protocols and Standards
  • Develop
    • One-click deployment
      • Introduction
      • Registration
      • Login
      • Creating an Issuer
      • Issuer Data Description
      • Creating a Verifier
      • Verifier Data Description
    • Issuer
      • Terminology and Concepts
      • DID Document Management
      • Schema Management
      • Issuing Credentials and Interacting With Wallets
      • Revocations
      • Security Considerations
      • Error Handling and Troubleshooting
      • Future Enhancements
      • References and Standards
      • MCP Server Integration
      • FAQ
      • API Reference
        • Token
        • Schema
        • Offering
        • Metadata
        • Credential
        • Blockchain
        • Authorization
    • Verifier
      • Terminology and Concepts
      • Architecture Overview
      • Core Responsibilities
      • Query Language
      • Client Configuration
      • Frontend Integration
      • Revocations
      • Server-Side VP Queries
      • Security Considerations
      • Error Handling and Troubleshooting
      • Future Enhancements
      • References and Standards
      • MCP Server Integration
      • FAQ
      • API Reference
        • VP Query
        • QR Code
        • Authorization
    • Wallet SDK (Coming soon)
    • Introduction to cosmwasm
  • Empe Blockchain
    • Overview
    • Chain Architecture
      • Auth
      • Authz
      • Bank
      • Distribution
      • Governance
      • Staking
      • IBC
      • DidDoc
      • Vesting
      • Minter
      • Stablefee
      • LinkedResources
    • Important links
    • Validators Guide
      • New validator
      • Hardware requirements
      • Required software installation
      • Go installation
      • Install prebuild binary
      • Install binary from source code (option B)
      • Configure a node
      • Cosmovisor setup
      • Install wasmvm
      • Sync with state-sync
      • Full state sync from archive snapshot
      • Latest snapshot
      • Run a Validator
      • Migration to v0.2.2
      • Migration to v0.3.0
      • Migration to v0.4.0
      • FAQ
  • User Guide
    • Empe DID Wallet
      • Intro
      • Download and first launch
      • Create or import did
      • Main screen overview
      • How to claim credential from issuer
      • How to use credential with verifier
      • Settings and other options
    • Keplr Wallet and Blockchain Operations
      • How to Connect Keplr Wallet
    • Ping Pub operation
    • Staking Tokens Guide
    • Voting on Governance Proposals Guide
    • Sending Tokens Guide
    • Airdrop
      • On-Chain Testnet Airdrop
      • Faucet Guide: How to Claim Testnet Tokens?
  • Appendix
    • Glossary
Powered by GitBook
On this page
  1. Develop

Issuer

The Issuer Service is a foundational component of the Self-Sovereign Identity (SSI) ecosystem, enabling the creation, issuance, and management of Verifiable Credentials (VCs). Each instance represents a single issuer entity, deployed independently via the One-Click Deployment Portal, and integrated with the EMPE Blockchain and interoperable wallets.

Key Highlights:

  • Verifiable Credentials on the EMPE Blockchain Registers and manages Decentralized Identifiers (DIDs) on the EMPE Blockchain, issuing W3C-compliant VCs. Issued credentials include a credentialStatus field of type StatusList2021Entry, referencing an on-chain Status List VC and an index in a compressed bitstring for revocation status.

  • Schema Management and Versioning The Schema Management Engine handles credential schemas as JSON-based templates, ensuring consistent credential structures. It supports versioning and iterative updates, allowing evolving credential definitions.

  • Flexible Credential Offerings Supports both Targeted Offerings (tied to a specific recipient DID) and Open Offerings (accessible by anyone scanning the QR code). Targeted offerings require the wallet to prove DID ownership before claiming.

  • Secure, Standards-Based Wallet Interactions Wallets claim credentials through OAuth2-like authorization code flows. For targeted offerings, wallets submit Verifiable Presentations to prove DID ownership. Access tokens (JWTs) are issued for secure credential retrieval.

  • Lifecycle Management Beyond issuance, the service lists, revokes (via an on-chain revocation list), and deletes credentials. Revocation flips a bit in the compressed bitstring and republishes the updated Status List VC to the EMPE Blockchain, ensuring verifiers can reliably determine credential status at verification time.

  • Architecture Overview

    • Issuer Service Instance Runs as a standalone server with isolated data per issuer. Deployed via the One-Click Deployment Portal, which automates DID registration and initial configuration.

    • EMPE Blockchain Integration Automatically registers and updates the issuer’s DID Document on-chain, ensuring resolvability and trust. Revocation lists are published as Verifiable Credentials conforming to W3C Status List 2021, anchored on the EMPE Blockchain for tamper-evident proofs.

    • Credential Issuance and Storage Issues credentials upon request, stores them, and supports listing, revoking, and deleting. Each credential includes a credentialStatus field referencing the on-chain Status List VC.

    • Wallet Interaction Layer Implements QR code–based flows and OAuth2-like authorization code flows for secure credential claiming.

    • Security and Access Controls Enforces HTTPS for all endpoints, cryptographic signing and verification of credentials, and access controls using x-client-secret and bearer tokens.

PreviousVerifier Data DescriptionNextTerminology and Concepts

Last updated 9 days ago