LEAR Credential powers

LEAR Credential Employee and LEAR Credential Machine credentials grant specific permissions known as “powers.”
Each power ~~consists of~~combines a function ~~and~~(the logical area of capability) with one or more actions, ~~which enable~~(the specific ~~capabilities.~~operations permitted within that area).

For ~~example,~~instance, the power “Onboarding – Execute” ~~(i.e.,~~authorizes ~~function:~~its ~~Onboarding~~,holder ~~action:~~to ~~Execute~~)perform inonboarding-related processes within the ecosystem.

Depending on the credential type, the same power may be exercised by a human user (LEAR Credential ~~Employee~~Employee) ~~allows~~or ~~the user to log in to the Issuer and also to the Marketplace as an Administrator.~~

~~Below is~~by a ~~list~~backend ofservice ~~available~~(LEAR ~~powers~~Credential ~~and their corresponding functionalities:~~Machine).

"Onboarding" function

"Execute" action

-Allows the execution of the onboarding process for an organization, including the initial registration. This power is reserved to holders of a LEAR Credential (Employee or Machine) who formally represent the organization in DOME.

-A LEAR Credential Employee with this power allows to login to the Issuer UI and to issue credentials for other employees. Check the login guide.

-A LEAR Credential Machine with this power allows to perform the M2M authentication process. See this guides:

Verifier M2M Integration guide: https://knowledgebase.dome-marketplace.eu/books/verifier-m2m-integration-guide/page/1-introduction
Authorization Code Flow + PKCE (public client)
Authorization Code Flow withclient_secret_jwt (confidential client

"Product Offering" function

"Create" action

-Authorizes the creation of a new Product Offering in the Catalog Service Component (CSC). Typically issued to personnel authorized by the organization’s LEAR or legal representative.

"Update" action

-Grants the ability to modify an existing Product Offering (e.g., description, pricing, or availability). Commonly assigned to Employee Credentials with operational management roles.

"Delete" action

-Enables deletion of an existing Product Offering. As this action has business impact, it is usually restricted to formal representatives or administrators.

"Certification" function

"Attest" action

Authorizes the attestation (verification or validation) of information, ensuring authenticity and integrity of the data. This power is associated with credentials that have extended authority over certifications. Holders can issue Gx:Label:Credential.
A LEAR Credential Employee or LEAR Credential Machine with this power can be used to issue a Gx:Label:Credential

"Upload" action

Allows the upload or publication of Verifiable Credentials containing certified information. Used to certify a product within the DOME Marketplace using a Gx:Label:Credential.
A LEAR Credential Employee or LEAR Credential Machine with this power can be used to upload a Gx:Label:Credential to certify a product in the DOME Marketplace.