Issuer

The Issuer Service is a foundational component of the Self-Sovereign Identity (SSI) ecosystem, enabling the creation, issuance, and management of Verifiable Credentials (VCs). Each instance represents a single issuer entity, deployed independently via the One-Click Deployment Portal, and integrated with the EMPE Blockchain and interoperable wallets.

Key Highlights:

  • Verifiable Credentials on the EMPE Blockchain Registers and manages Decentralized Identifiers (DIDs) on the EMPE Blockchain, issuing W3C-compliant VCs. Issued credentials include a credentialStatus field of type StatusList2021Entry, referencing an on-chain Status List VC and an index in a compressed bitstring for revocation status.

  • Schema Management and Versioning The Schema Management Engine handles credential schemas as JSON-based templates, ensuring consistent credential structures. It supports versioning and iterative updates, allowing evolving credential definitions.

  • Flexible Credential Offerings Supports both Targeted Offerings (tied to a specific recipient DID) and Open Offerings (accessible by anyone scanning the QR code). Targeted offerings require the wallet to prove DID ownership before claiming.

  • Secure, Standards-Based Wallet Interactions Wallets claim credentials through OAuth2-like authorization code flows. For targeted offerings, wallets submit Verifiable Presentations to prove DID ownership. Access tokens (JWTs) are issued for secure credential retrieval.

  • Lifecycle Management Beyond issuance, the service lists, revokes (via an on-chain revocation list), and deletes credentials. Revocation flips a bit in the compressed bitstring and republishes the updated Status List VC to the EMPE Blockchain, ensuring verifiers can reliably determine credential status at verification time.

  • Architecture Overview

    • Issuer Service Instance Runs as a standalone server with isolated data per issuer. Deployed via the One-Click Deployment Portal, which automates DID registration and initial configuration.

    • EMPE Blockchain Integration Automatically registers and updates the issuer’s DID Document on-chain, ensuring resolvability and trust. Revocation lists are published as Verifiable Credentials conforming to W3C Status List 2021, anchored on the EMPE Blockchain for tamper-evident proofs.

    • Credential Issuance and Storage Issues credentials upon request, stores them, and supports listing, revoking, and deleting. Each credential includes a credentialStatus field referencing the on-chain Status List VC.

    • Wallet Interaction Layer Implements QR code–based flows and OAuth2-like authorization code flows for secure credential claiming.

    • Security and Access Controls Enforces HTTPS for all endpoints, cryptographic signing and verification of credentials, and access controls using x-client-secret and bearer tokens.

Last updated