Core Responsibilities

The Verifier streamlines key operations in verifying credential-based assertions:

1. Verification Request Management:

   • Generates OIDC4VP-compatible requests, including unique state and nonce values.

   • Specifies required credential attributes using a configurable query language.

   • (Optional policy) Accepts issuer allow-list as issuerAllowedDomains in requests or stored VP Queries (canonical HTTPS URLs; scheme required; optional :port; no query/fragment).

2. Credential Validation:

   • Checks cryptographic signatures of VCs and VPs.

   • Validates credential issuers against DID Documents anchored on the EMPE Blockchain.

   • Ensures compliance with schemas, expiration checks, and revocation lists.

   • W3C Domain Linkage: When an issuer DID advertises LinkedDomains, verifies control of each origin by fetching and validating Domain Linkage Credentials from /.well-known/did-configuration.json.

   • Allowed Domains (optional): Enforces issuerAllowedDomains by origin (paths accepted in config but ignored for linkage match); inputs are normalized (host case, trailing slashes) and de-duplicated.

3. Real-Time Communication and Feedback:

   • Uses SSE to provide immediate status updates throughout the verification process.

   • Enhances user experience by showing progress and final outcomes in real-time.

4. Session and Access Control:

   • Upon successful verification, issues tokens or triggers application-specific logic.

   • Supports passwordless login flows and credential-based access control.

5. Integration Support:

   • Offers both server-side and client-side libraries for easy integration with existing applications.

   • Adapts to diverse use cases, from simple access checks to complex multi-condition verifications.

By fulfilling these responsibilities, the Verifier simplifies the implementation of secure, privacy-respecting, and flexible authentication workflows.