# Core Responsibilities

The Verifier streamlines key operations in verifying credential-based assertions:

1. **Verification Request Management**:
   * Generates OIDC4VP-compatible requests, including unique state and nonce values.
   * Specifies required credential attributes using a configurable query language.
   * **(Optional policy)** Accepts issuer allow-list as `issuerAllowedDomains` in requests or stored VP Queries (canonical HTTPS URLs; scheme required; optional `:port`; no query/fragment).
2. **Credential Validation**:
   * Checks cryptographic signatures of VCs and VPs.
   * Validates credential issuers against DID Documents anchored on the EMPE Blockchain.
   * Ensures compliance with schemas, expiration checks, and revocation lists.
   * **W3C Domain Linkage**: When an issuer DID advertises `LinkedDomains`, verifies control of each origin by fetching and validating Domain Linkage Credentials from `/.well-known/did-configuration.json`.
   * **Allowed Domains (optional)**: Enforces `issuerAllowedDomains` by **origin** (paths accepted in config but ignored for linkage match); inputs are normalized (host case, trailing slashes) and de-duplicated.
3. **Real-Time Communication and Feedback**:
   * Uses SSE to provide immediate status updates throughout the verification process.
   * Enhances user experience by showing progress and final outcomes in real-time.
4. **Session and Access Control**:
   * Upon successful verification, issues tokens or triggers application-specific logic.
   * Supports passwordless login flows and credential-based access control.
5. **Integration Support**:
   * Offers both server-side and client-side libraries for easy integration with existing applications.
   * Adapts to diverse use cases, from simple access checks to complex multi-condition verifications.

By fulfilling these responsibilities, the Verifier simplifies the implementation of secure, privacy-respecting, and flexible authentication workflows.