LEAR Credential powers

LEAR Credentials (LEAR Credential Employee and LEAR Credential Machine) credentials grant specific permissions known as “powers.”
Each power combines a function (the logical area of capability) with one or more actions (the specific operations permitted within that area).

For instance, the power “Onboarding – Execute” authorizes its holder to perform onboarding-related processes within the ecosystem.

Depending on the credential type, the same power may be exercised by a human user (LEAR Credential Employee) or by a backend service (LEAR Credential Machine).

"Onboarding" function

"Execute" action

-Allows the execution of the onboarding process for an organization, including the initial registration. This power is reserved to holders of a LEAR Credential (Employee or Machine) who formally represent the organization in DOME.

-A LEAR Credential Employee with this power allows to login to the Issuer UI and to issue credentials for other employees. Check the login guide.

-A LEAR Credential Machine with this power allows to perform the M2M authentication process. See this guides:

• Verifier M2M Integration guide: https://knowledgebase.dome-marketplace.eu/books/verifier-m2m-integration-guide/page/1-introduction 
• Authorization Code Flow + PKCE (public client) 
• Authorization Code Flow withclient_secret_jwt (confidential client

"Product Offering" function

"Create" action

-Authorizes the creation of a new Product Offering in the Catalog Service Component (CSC). Typically issued to personnel authorized by the organization’s LEAR or legal representative.

"Update" action

-Grants the ability to modify an existing Product Offering (e.g., description, pricing, or availability). Commonly assigned to Employee Credentials with operational management roles.

"Delete" action

-Enables deletion of an existing Product Offering. As this action has business impact, it is usually restricted to formal representatives or administrators.

"Certification" function

"Attest" action

• Authorizes the attestation (verification or validation) of information, ensuring authenticity and integrity of the data. This power is associated with credentials that have extended authority over certifications. Holders can issue Gx:Label:Credential.
• A LEAR Credential Employee or LEAR Credential Machine with this power can be used to issue a Gx:Label:Credential

"Upload" action

• Allows the upload or publication of Verifiable Credentials containing certified information. Used to certify a product within the DOME Marketplace using a Gx:Label:Credential.
• A LEAR Credential Employee or LEAR Credential Machine with this power can be used to upload a Gx:Label:Credential to certify a product in the DOME Marketplace.