Introduction - Verifiable Credentials in the DOME Ecosystem

Verifiable Credentials are used in the DOME ecosystem as a trusted mechanism for identity, authentication, and authorization.
They ensure that both individuals and services can interact securely across the different DOME components — such as the Issuer, the Marketplace, and external integrations — while maintaining verifiable trust and data integrity.

Credential Issuance and Management

Credentials are issued through the Issuer application and retrieved and stored in the Wallet application.
When a new company joins the DOME ecosystem, it must complete the onboarding process, which concludes with the issuance of a LEAR Credential for the company’s Legal Representative (LEAR).

This credential acts as the company’s primary identity within DOME and grants the holder the authority to create and manage additional credentials for employees or services using the Issuer.

Types of Verifiable Credentials

~~Currently, 3 different types of Verifiable Credentials are used in the DOME ecosystem:~~

~~LEAR Credential Employee~~~~: identifies an individual and is mainly used to log in to the public applications within the ecosystem. Different applications require different~~ ~~powers~~ (permission sets) to grant access to specific features. For example, the Issuer requires the "Onboarding - Execute" power, while the Marketplace allows login with either "Onboarding - Execute" (admins) or "Product Offering" powers (non-admins). For more details, see the "LEAR Credential powers" below and:
- ~~LEAR Credential Employee issuance guide~~
- ~~DOME Marketplace~~

~~LEAR Credential Machine~~~~: identifies a machine or service and is used for M2M authentication flows. For more details, see:~~
- ~~LEAR Credential Machine issuance guide~~
- ~~DOME Marketplace~~
- ~~Integration Developer's guide~~

~~Gx:Label Credential:~~ ~~they are used to certify products in the DOME Marketplace. For more details, see:~~
- ~~Gx:Label Credential issuance guide~~
- ~~Certification process~~

LEAR Credential powers

~~LEAR Credential Employee~~ ~~and~~ ~~LEAR Credential Machine~~ ~~credentials grant specific permissions known as~~ ~~“powers.”~~
~~Each power consists of a~~ ~~function~~ ~~and one or more~~ ~~actions~~~~, which enable specific capabilities.~~

~~For example, the power “Onboarding – Execute” (i.e., function:~~ ~~Onboarding~~~~, action:~~ ~~Execute~~~~) in a LEAR Credential Employee allows the user to log in to the Issuer and also to the Marketplace as an Administrator.~~

~~Below is a list of available powers and their corresponding functionalities:~~

"Onboarding" function

"Execute" action

~~-A LEAR Credential Employee with this power allows to login to the Issuer UI and to issue credentials for other employees. Check the~~ ~~login guide~~.

~~-A LEAR Credential Machine with this power allows to perform the M2M authentication process. See this guides:~~

~~Verifier M2M Integration guide:~~ ~~https://knowledgebase.dome-marketplace.eu/books/verifier-m2m-integration-guide/page/1-introduction~~

~~Authorization Code Flow + PKCE (public client)~~

~~Authorization Code Flow withclient_secret_jwt (confidential client~~

"Product Offering" function

"Create" action

"Update" action

"Delete" action

"Certification" function

"Attest" action

~~A LEAR Credential Employee or LEAR Credential Machine with this power can be used to issue a Gx:Label:Credential~~

"Upload" action

~~A LEAR Credential Employee or LEAR Credential Machine with this power can be used to upload a Gx:Label:Credential to certify a product in the DOME Marketplace.~~