RFC040: Verifiable Credentials support
Background and rationale
iSHARE originated before the standard for Verifiable Credentials (VC) was defined. But the world is evolving, and the need of more trust in digital transactions across segments are needed more and more. This led to the development of a W3C standard for a standardised way of retrieving verification. iSHARE perceives VC’s as logical next steps strengthening trust in digital transactions.
Proposed change: purpose
Now that VC specifications are stabilizing two things are important to the iSHARE Scheme:
- Ensure interoperability with the W3C standard for Verifiable Credentials; and
- Support hybrid scenario’s where interaction between participants will rely on old and new claims and therewith provide the transition path for organizations further anchoring iSHARE as they trust framework of choice for business
In line with the initiatives like EBSI, DIL would like to add support for using verifiable credentials (VCs) to the iSHARE framework. Conceptually VC’s architecture is inline with how iSHARE's architecture is developed. That way iSHARE specifications could be extended to support the concepts of VCs and over a period of time when all organisations use VCs by default we can completely migrate specifications to be compliant with VCs specifications.
Description and principles
Conceptually VC’s architecture is in line with how iSHARE's architecture is developed. That way iSHARE specifications could be extended to support the concepts of VCs. Furthermore the implementation of VCs in the iSHARE Framework fits with iSHARE's guiding principle 3: Leverage existing (international) building blocks.
About Verifiable Credentials (VCs)
The VC specifications are developed by Verifiable Credentials Working Group within W3C and 2.0 (working draft) is the latest release of their specifications for consideration in this RFC. Credentials like driver’s licenses, degrees, and passports play a vital role in verifying our identity and qualifications. This specification introduces a secure, privacy-respecting, and machine-verifiable way to express such credentials on the Web. While physical credentials serve us well in the real world, their digital counterparts remain hard to use online. Currently, it’s challenging to represent verified personal data—like education, health, and finance—in a machine-readable format, limiting their usefulness on the Web.
The table below describes the most relevant features of VCs.
| Feature | Description |
|---|---|
| Cryptographic Verifiability | Credentials are digitally signed, ensuring authenticity and integrity without needing to contact the issuer. |
| Data Minimization & Selective Disclosure | Allows holders to reveal only necessary parts of a credential, enhancing privacy (e.g., proving age without showing birth date). |
| Privacy-Respecting Architecture | Credentials are stored by the holder and do not require issuer-verifier communication, minimizing surveillance. |
| Interoperability | Built on open standards (like JSON-LD or JWT and DIDs), enabling cross-platform and cross-vendor compatibility. |
| Machine-Readable Format | Uses standardized schemas that allow credentials to be automatically processed and verified by digital systems. |
| Issuer Integrity & Trust | Includes metadata about the issuer, allowing verifiers to assess the trustworthiness of the credential source. |
| Revocation Support | Provides mechanisms to revoke credentials (e.g., via status lists) when they are expired, invalid, or compromised. |
| Holder Control & Portability | Credentials are controlled by the holder and can be reused across different contexts without reissuance. |
A VC is built up in three key parts:
| Part | Description |
|---|---|
| Metadata | A standard header that contains information like the credential type, issuer identity, subject identity and issue date |
| Claims | A set of one or more claims |
| Proof | A cryptographically verifiable proof that the VC has not been tampered with and the issuer (and optionally the subject are who they say they are) |
A single verifiable credential allows an issuer to make one or more verifiable claims about a subject. However, credentials can be chained together to create ‘trust graphs’. There is no dependency to a centralised platform or database. A verifier can enter the graph at any point being presented with a VC and then follow the links to see what is connected.
VCs and iSHARE
A VC provides cryptographic proof that a given claim was made by an identified issuer about an identified subject. The value of the proof depends on how well the verifier knows and trusts the issuer. A government body is institutionalised and needs no further proof to be trusted. But maybe supply chain VCs do not have this quality. In most economies the trust anchors are government agencies and accreditation authorities.
The role of trust anchor is to issue digital credentials to their community members that the members can use to make their own credentials trustworthy. The trust anchor can begin to empower their community members simply by issuing digital VCs to complete existing paper / PDF processes, starting immediately. Uptake might start slowly but the cost is low, and the value is high so most likely the market will quickly find innovative ways to leverage the trusted assertions.
On a high level current iSHARE concepts relate to VC concepts in the following way.
| Current iSHARE concept | Related VC concept |
|---|---|
| Trusted list: contains a list of trusted certificate authorities. The Trusted List is used for verifying parties' identity claims. The iSHARE Foundation is responsible for managing the trusted list. | Verifier uses a list of trusted issuers in the form of a verifiable data registry. In EBSI: the Registry of Issuers and the Trusted Schemas Registry. |
| Verifying a party's adherence status: Party A sends a JWT to party B; Party B verifies adherence to the framework or to a dataspace of Party A with an iSHARE Participant Registry using the /parties endpoint and verifying the response. | Party A obtains a VC from an iSHARE Participant Registry which proves adherence to the framework or a dataspace. Party B sends a Verifiable Presentation Request to Party A, after which the party A provides a VC to Party B, in which it claims adherence. Party B can verify the VC schema and identifiers against the schema in the verifiable data registry. It can verify revocation with the issuer. |
| Delegation: an Entitled Party stores delegation policies in the Authorisation Registry. A Service Consumer collects evidence for delegation from the Authorisation Registry and presents this to the Service Provider. The Service Provider checks the provided evidence using the delegation evidence JWT. | An Entitled Party stores delegation policies in the Authorisation Registry. The Authorisation Registry can be interpreted as the User Agent of the Issuer (the Entitled party is the issuer). A Service Consumer makes an issuance request to the Authorisation Registry for a VC and then presents the VC to the Service Provider. The Service Provider can verify the VC schema and identifiers against the schema in the verifiable data registry. It can verify revocation with the issuer. |
| A human service consumer obtains an identity from an Identity Provider. The Service Consumer has registered information on the authorisation of the human service consumer to act on behalf of a Service Consumer. When the human service consumer starts consuming a service at a Service Provider the Service Provider authenticates the human service consumer. The Identity Provider provides information on whether or not the human service consumer is authorised to consume the service on behalf of the Service Consumer. | A human service consumer obtains an identity and authorisation for consuming services in the form of a VC from an Identity Provider. When the human service consumer starts consuming a service at the Service Provider, the human service provider provides the VC to the Service Provider. The Service Provider can verify the VC schema and identifiers against the schema in the verifiable data registry. It can verify revocation with the issuer. |
Verifiable Credentials Structure
In general the verifiable credentials would require to be compliant to the Verifiable Credentials Data Model v2.0
Basically, every property set of a subject is known as claim.
A credential is a set of claims with proof for verifications. To present a (subset of) credential a participant can prepare a presentation with selected claims in it. Following images represent the basic components of crendentials and `presentations``
Verifiable Credentials issuance standards
Participant Credentials Issuance
Participant registry SHOULD act as issuer of participant credentials to participant and the participant SHOULD use a Credential Store (ex. wallet) to (get the issuance and) store the Verifiable Credential. Following diagram shows the conceptual process:
For the full credential of a participant, please refer to Full party credential section
Participant Registry MUST support the credential types as defined in the section of Participant Registry role. It MAY further support additional credential types as required by the dataspaces, data ecosystems, regulations, or other reasons.
The process for such issuance is depicted on a high level with the mapping to VC roles below:
TODO: Sequence diagrams showing the credentiails issuance process. We currently are looking at both DCP and OID4VCi as first references for protocols and may refer to one or both of them
DataRights Credentials Issuance
Entitled party uses the Authorisation registry to issue DataRights VCs to Service Consumer, which Service Consumer uses its Credential Store (ex. wallet) to get the issuance and store it. Following diagram shows the conceptual process:
TODO: Sequence diagrams showing the credentiails issuance process. We currently are looking at both DCP and OID4VCi as first references for protocols and may refer to one or both of them
Consume service using DataRights Credentials
Service Consumer may present the VCs as an authorisation token when consuming services from a Service Provider. DO note that this pattern is already supported in iSHARE, where Service Consumer can fetch an JWT token of Delegation Evidence from the Authorisation Registry and present it to Service Provider along wiht the service request. The flow is similar, however, the Service Provider must support acceptance of the Delegation Evidence as Verifiable Credentials. The other currently supported flow, i.e. when Service Consumer invoke the service request, the Service Provider through an API call checks with Authorisation Registry for the Delegation Evidence, will change when using it Verifiable Credentials. The flow, would then require the Service Provider to send a Verifiable Presentation request to the Credential Store (ex. wallet) of Service Consumer (or directly to Authorisation Registry of Entitled Party, still under investigation). The Verifiable Presentation request results into the Credential Store (ex. wallet) (or AR) to response with a VC of delegation evidence. Note the conceptual similarity of a Verifiable Presentation Request to that of a Delegation Mask and Verifiable Credentials to that of Delegation Evidence. The following diagram shows the conceptual flow:
TODO: Sequence diagrams showing the presentation process. We currently are looking at both DCP and OID4VP as first references for protocols and may refer to one or both of them
Impact on the ecosystem
The following table lists the impact of this RFC on the formal iSHARE roles (excluding the Scheme Owner role).
| Formal role | Technical impact | Business / legal / functional / operational impact |
|---|---|---|
| Service Consumer | Yes | Yes |
| Service Provider | Yes | Yes |
| Entitled party | Yes | Yes |
| Authorization Registry | Yes | Yes |
| Identity Provider | Yes | Yes |
| Identity Broker | Yes | Yes |
| Participant Registry | Yes | Yes |
Impact on Service Consumer
The Service Consumer would require to posess an Credential Store (ex. wallet) inorder to store the credentials that it receives and to present relevant credentials to other participants when interacting with them
Here we can see two basic interaction patterns
Pattern 1: Service Provider has pre-defined the credentials it would need in order to provide a service
Here the Service Consumer uses the credential store to create a Verifiable Credential as per the requirements set by the Service Provider along with the definition of the service. It then sends it along with the request to invoke the service as per the definition.
The Service Provider can validate the Verifiable Credential and verify that it is issued by correct entity; viz - Participant Credential is issued by Participant Registry and DataRights Credential is issued by the Authorisation Registry and/or Entitled Party
Pattern 2: Service Consumer invokes the service without presenting the credential upfront
Here the Service Consumer simply requests the service while giving pointer to its Credential Store (ex. wallet). The Service Provider sends a presentation request to the Credential Store (ex. wallet) to request the set of credentials it needs. Credential Store (ex. wallet) can then send the Verifiable Credential to the Service Provider.
The Service Provider can validate the Verifiable Credential and verify that it is issued by correct entity; viz - Participant Credential is issued by Participant Registry and DataRights Credential is issued by the Authorisation Registry and/or Entitled Party
Depending on the pattern preffered by the involved participants, Service Consumer must support the implementation requirements of that pattern.
Impact on Service Provider
The Service Provider would require add protocols inline with Verifiable Credentials specifications, also provided as part of this RFC, to support acceptance of Verifiable Credentials to be presented or requested from other participants. It will also act as Verifier (or can outsource it) when it must validate the presented credentials.
In addition, it must support protocol for requesting of the Verifiable Credentials through what is known Verifiable Presentation Request.
Impact on Entitled party
The Entitled party may posess a Credential Store (ex. wallet) to store participation credentials that it receives from the issuers and to present those credentials to other participants when interacting with them.
In addition, the Authorisation Registry it uses, will act as Issuer to issue DataRights credentials and while also act as Verifiable data registry for Service Providers who whish to validate the DataRights VCs.
Impact on Authorization Registry
The Authorisation registry potentially will act as Issuer of the DataRights Credentials on behalf of the Entitled Party as well as Verifiable data reigistry of those credentials for Service Providers. Alternatively, the schemas for datarights credentials are published on public websites of iSHARE foundation and/or dataspaces so verifiers could validate the schemas when needed.
Following is a proposal for Data rights Credentials which is derived from a datarights evidence
{
"@context": [
"https://www.w3.org/ns/credentials/v2",
"https://schemas.ishare.eu/v3/datarights.json"
],
"id": "http://authorisationregistry.example/credentials/e25d402a-d240-48e7-b749-fb5b01546bfd",
"type": [
"VerifiableCredential",
"DatarightsCredential"
],
"issuer": "did:ishare:EU.NL.NTRNL00000000",
"validFrom": "2025-05-10T08:00:00Z",
"credentialSubject": {
"id": "did:ishare:EU.NL.NLNTR-12345678",
"alsoKnownAs": [
"did:elsi:LEIXG-724500AZSGBRY55MNS59",
"did:key:z6MkhfrsD3GUMjGvRxTTSamE1WnS9w3nDJLeZzT1KZVrU5tE",
"did:web:example.com",
"AS.JA.NTA:1234567890123"
],
"datarightsEvidence": {
"notBefore": 1541058939,
"notOnOrAfter": 2147483647,
"policySets": [
{
"maxDelegationDepth": 0,
"target": {
"environment": {
"licenses": [
"https://licenses.ishare.eu/general-unrestricted/1.0"
]
}
},
"policies": [
{
"target": {
"resource": {
"type": "GS1.CONTAINER",
"identifiers": [
"180621.ABC1234"
],
"attributes": [
"GS1.CONTAINER.ATTRIBUTE.ETA"
]
},
"actions": [
"ISHARE.READ"
]
},
"rules": [
{
"effect": "Permit",
"conditions": {
"allOf": [
{
"leftOperand": "serviceProvider",
"operator": "equal",
"rightOperand": "did:ishare:EU.NL.NTRNL-10000003"
}
]
}
}
]
}
]
}
]
}
}
}Impact on Identity Provider
The Identity Provider would act as Issuer of credentials to the Human subjects, who in iSHARE are known as Human Service Consumers. They will need to fully support OID4VC/VP and perhaps also SIOP inline with eIDAS and EUID wallet initiatives.
Impact on Identity Broker
The Identity Broker must also support the protocols defined for the identity providers above.
Impact on Participant Registry
The Participant Registry acts as Issuer for participants credentials as well Dataspace membership credentials.
For participant registries that are connected through blockchain or distributed ledger technologies, the ledger would act as the Verifiable Data Registry. Alternatively, the schemas for participant credentials are published on public websites of iSHARE foundation and dataspaces so verifiers could validate the schemas when needed.
Not only beacuse of this RFC, but also for RFC064 where the participant information model in Participant Registry is being revisited, we that that opportunity to define following credentials that can be issued as Verifiable Credentials by Participant Registry
Full party credential
An example of full party credential is as follows:
{
"@context": [
"https://www.w3.org/ns/credentials/v2",
"https://schemas.ishare.eu/v3/participant.json"
],
"id": "http://participantregistry.example/credentials/NLNTR-10000001",
"type": [
"VerifiableCredential",
"ParticipantCredential"
],
"issuer": "did:ishare:EU.NL.NTRNL00000000",
"validFrom": "2025-05-10T08:00:00Z",
"credentialSubject": {
"id": "did:ishare:EU.NL.NLNTR-10000001",
"alsoKnownAs": [
"did:elsi:LEIXG-724500AZSGBRY55MNS59",
"did:key:z6MkhfrsD3GUMjGvRxTTSamE1WnS9w3nDJLeZzT1KZVrU5tE",
"did:web:example.com",
"AS.JA.NTA:1000000190123"
],
"legalName": "Test Service Consumer",
"claims": [
{
"type": "x509Certificate",
"id": "5ffb4bb9-2020-4045-a922-3bd84e78f709",
"subjectName": "C=NL,O=Test Service Consumer,CN=Test Service Consumer,2.5.4.97=NTRNL-10000001",
"certificateType": "eSeal",
"enabledFrom": "2025-02-12T00:00:00.000Z",
"x5c": "MIIGiDCCBHCgAwIBAgIURMIL+omg6v5pU6qFOMFceG1YjDAwDQYJKoZIhvcNAQELBQAwXTEeMBwGA1UEAwwVZUlEQVNlU0VBTE9JRF9Jc3NDQUc0MRkwFwYDVQRhExBOVFJOTC1pU0hBUkVURVNUMRMwEQYDVQQKEwppU0hBUkVUZXN0MQswCQYDVQQGEwJYWDAeFw0yNDExMDYxNDQ1NDFaFw0yNzExMDYxNDQ1NDBaMGYxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVUZXN0IFNlcnZpY2UgQ29uc3VtZXIxHjAcBgNVBAMMFVRlc3QgU2VydmljZSBDb25zdW1lcjEXMBUGA1UEYQwOTlRSTkwtMTAwMDAwMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYSKOvmB6UxEaYOPT7APgU4mauSh9vbPacJtM3a4cdzN8KippjoWSbgr6Jb4Fc7tGvNk6nvWZHlHzADFe0aQIGl8IDhuq1BhXJTxHZ4krw/6AEbC/GRcgtJdcanlc3WkM5rMEsoDRd8gOvNTnL7m52DIWb3RS8bCitVH6qn3hoWSwX9XeeU6JrGu1kp6lfT19u1zJKZuBaB0Ia4uzmM+QSd1kU6PeCXQ+trEfVUQkP8g/rzZGnSH8u7NqiwwUfFSiaUyq9P4Ip+K0JBTtAuQ9xpQ6wQxt0ioFNFb9ipmc3xxekowMRykZzEdoHO/ynY3W4sbTSl2eN4EmfHzQGRLJLAgMBAAGjggI1MIICMTAOBgNVHQ8BAf8EBAMCBkAwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSzGk9CQOnYeJ1r//wksBCxNDzwiTBXBggrBgEFBQcBAQRLMEkwRwYIKwYBBQUHMAGGO2h0dHBzOi8vY2E3LmlzaGFyZXRlc3QubmV0Ojg0NDIvZWpiY2EvcHVibGljd2ViL3N0YXR1cy9vY3NwMBAGA1UdIAQJMAcwBQYDVR0gMB8GA1UdJQQYMBYGCCsGAQUFBwMEBgorBgEEAYI3CgMMMFsGCCsGAQUFBwEDBE8wTTATBgYEAI5GAQYwCQYHBACORgEGAjA2BggrBgEFBQcBAwwqVGhpcyBpcyB0ZXN0IGVzZWFsIGNlcnRpZmljYXRlIGZvciB0ZXN0aW5nMB4GBWeBDAMBBBUwExMDTlRSEwJOTAwIMTAwMDAwMDEwgccGA1UdHwSBvzCBvDCBuaCBtqCBs4aBsGh0dHBzOi8vY2E3LmlzaGFyZXRlc3QubmV0Ojg0NDIvZWpiY2EvcHVibGljd2ViL3dlYmRpc3QvY2VydGRpc3Q/Y21kPWNybCZpc3N1ZXI9Q04lM0RlSURBU2VTRUFMT0lEX0lzc0NBRzQlMkNvcmdhbml6YXRpb25JZGVudGlmaWVyJTNETlRSTkwtaVNIQVJFVEVTVCUyQ08lM0RpU0hBUkVUZXN0JTJDQyUzRFhYMB0GA1UdDgQWBBRdyUNPiwe2WprwzYgvyZ+6fC1oNDANBgkqhkiG9w0BAQsFAAOCAgEAsXZrFG5ajsFNgTflnbTfD6aL/W0O9uywQ7VTTurZHboHTxDIIL3Gq9Vj/d0vpJJgrfysnR/MBHC9fXonV9WuwSKho91mHquUc7ytlyFwoAN5ROVIR1RBhUosMG0JgTw5PgW9xXBogAZ+7EFDiM70BJUr+ojqlZ2yYS324IDCpgFe9ySXinzTg8+d3jBsQLE0IXnR/+dNNthHhAl1HLfl6wZ9RbPpZgp0AeCcdKbn1IfUzePYMnRyuDjRgnmQYVYD31Qa68gx5Ys1qb/fYwSSpeER0Zf06S0exPUYShtOwRlYqia2z8LgN4TurdwcDcTijmekE9+/oSSITehFroA2eHLsqYte8jQgFBPEcy2syFw1VFDqTa/GnJJkoFCf8jPnlnAHEFJmkhAZ3xeP1Dag30CP+aoCQVNykhO5Z73V6BpNhdpgaYX4B/QRePUhqUoYbHLefAlyO7SFRahycW+o66K5GueptgtQ2DrrjvCtaCG8EtJczihAjBN0OQZsQWnU8vooLss+Rmfg9MXTR8k85cYT9ZMdU/46zlgAMIaJizv8j4eHaKgfRBB1gw71oW97oW5QKQx861UrR1u0DJmSQSUwNYlopKVRnHvXJWUIreOqLfSSB/1uVQfvq0UzsJKdeOCKRLpXXgxB3w7S2+5KFETS7tcbZ6mIxZlJlh0VRSs=",
"x5tS256": "4670551451113b19425f8d63c3d6ce444b58de60831101748e9fb97b3e8766f8",
"status": "Active"
},
{
"type": "idpAssertion",
"id": "6530069d-8517-4755-96c1-c0806fcf7208",
"value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
"status": "Active"
},
{
"type": "frameworkMembership",
"id": "e1585bdd-a1a9-4bd3-bf7e-7fe64300907b",
"registrarId": "did:ishare:EU.NL.NTRNL-10000222",
"capabilityUrl": "",
"status": "Active",
"startDate": "2025-02-12T00:00:00.000Z",
"endDate": "2026-02-13T00:00:00.000Z",
"framework": "iSHARE",
"additionalInfo": {
"description": "description",
"logo": "https://logo.example.com/",
"website": "https://www.example.com/",
"companyPhone": "+310202343458",
"companyEmail": "info@exmaple.com",
"publiclyPublishable": "no",
"countriesOfOperation": [
"Netherlands",
"Germany"
],
"sectorIndustry": [
"Energy"
],
"tags": ""
}
},
{
"type": "authRegistry",
"id": "96a9a443-89cc-43a7-a64a-461a4d508713",
"authRegistryID": "EU.EORI.NL000000004",
"authUrl": "https://some.server.com/abc",
"status": "Active"
},
{
"type": "frameworkAgreement",
"id": "b2be77dc-20c6-4deb-8f2a-855cd34aacca",
"agreementType": "Terms of Use",
"agreementId": "tou",
"title": "Terms of Use",
"status": "Accepted",
"signDate": "2025-02-12T00:00:00.000Z",
"expiryDate": "2026-02-13T00:00:00.000Z",
"verificationHash": "ae1d7d30f5db9497f21a7984a8a6f359"
},
{
"type": "frameworkRole",
"id": "369bb9f3-96e0-47b0-8579-a4d1c6749315",
"roleId": "ServiceConsumer",
"title": "Service Consumer",
"status": "Active",
"startDate": "2025-02-12T00:00:00.000Z",
"endDate": "2026-02-13T00:00:00.000Z",
"framework": "iSHARE",
"loa": "substantial",
"compliancyVerified": "yes",
"legalAdherence": "no"
},
{
"type": "frameworkRole",
"id": "716e3178-36d2-4658-92cb-e2d078ff7f4e",
"roleId": "ServiceProvider",
"title": "Service Provider",
"status": "Active",
"startDate": "2025-02-12T00:00:00.000Z",
"endDate": "2026-02-13T00:00:00.000Z",
"framework": "iSHARE",
"loa": "substaintial",
"compliancyVerified": "yes",
"legalAdherence": "no"
},
{
"type": "dataspaceMembership",
"id": "6fa964e4-f4c8-4dd5-93d6-71afe628b57b",
"registrarId": "did:ishare:EU.NL.NTRNL-10000222",
"capabilityUrl": "https://capabilities.example.com/",
"dataspaceId": "DSP.EU.NL.DutchMobility",
"status": "Active",
"startDate": "2025-02-12T00:00:00.000Z",
"endDate": "2026-02-13T00:00:00.000Z",
"legalAdherence": "no",
"additionalInfo": {
"description": "description",
"logo": "https://logo.example.com/",
"website": "https://www.example.com/",
"companyPhone": "+310202343458",
"companyEmail": "info@exmaple.com",
"publiclyPublishable": "no",
"countriesOfOperation": [
"Netherlands",
"Germany"
],
"sectorIndustry": [
"Energy"
],
"tags": ""
}
},
{
"type": "dataspaceAuthRegistry",
"id": "9d8ce587-d320-42a4-a365-517ff935dc98",
"dataspaceId": "DSP.EU.NL.DutchMobility",
"authRegistryID": "EU.EORI.NL000000004",
"authUrl": "https://some.server.com/abc",
"status": "Active"
},
{
"type": "dataspaceAgreement",
"id": "e65c7982-6f8c-46a9-b32e-e9586850765e",
"dataspaceId": "DSP.EU.NL.DutchMobility",
"agreementType": "Terms of Use",
"agreementId": "dmtou",
"title": "tu",
"status": "Accepted",
"signDate": "2025-02-12T00:00:00.000Z",
"expiryDate": "2026-02-13T00:00:00.000Z",
"verificationHash": "ae1d7d30f5db9497f21a7984a8a6f359"
},
{
"type": "dataspaceRole",
"id": "216b5826-182b-4dec-8a28-f18da9bbab9d",
"dataspaceId": "DSP.EU.NL.DutchMobility",
"roleId": "ServiceBroker",
"title": "Service Broker",
"status": "Active",
"startDate": "2025-02-12T00:00:00.000Z",
"endDate": "2026-02-13T00:00:00.000Z",
"loa": "substantial",
"compliancyVerified": "yes",
"legalAdherence": "no"
}
]
}
}
Alternative way to resovle making it closer to VC specs.
{
"@context": [
"https://www.w3.org/ns/credentials/v2"
],
"id": "https://participantregistry.example/credentials/NTRNL-10000000",
"type": [
"VerifiableCredential",
"ParticipantCredential"
],
"issuer": "did:ishare:EU.NL.NTRNL-TESTeIDASVC1",
"validFrom": "2025-05-10T08:00:00Z",
"credentialSubject": {
"id": "did:ishare:EU.NL.NTRNL-10000000",
"alsoKnownAs": [
"did:elsi:LEIXG-724501AZSGBRY55MNS59",
"did:key:z6MkhfrsD3GUDjGvRxTTSamE1WnS9w3nDJLeZzT1KZVrU5tE",
"did:web:example.com",
"AS.JA.NTA:1234567890122"
],
"legalName": "Test Service Consumer"
},
"claims": {
"type": "frameworkMembership",
"id": "e1585bdd-a1a9-4bd3-bf7e-7fe64300907b",
"registrarId": "did:ishare:EU.NL.NTRNL-10000222",
"capabilityUrl": "",
"status": "Active",
"startDate": "2025-02-12T00:00:00.000Z",
"endDate": "2026-02-13T00:00:00.000Z",
"framework": "iSHARE",
"additionalInfo": {
"description": "description",
"logo": "https://logo.example.com/",
"website": "https://www.example.com/",
"companyPhone": "+310202343458",
"companyEmail": "info@exmaple.com",
"publiclyPublishable": "no",
"countriesOfOperation": [
"Netherlands",
"Germany"
],
"sectorIndustry": [
"Energy"
],
"tags": ""
}
},
"credentialStatus": {
"id": "https://participantregistry.example/credentials/status/3#94567",
"type": "BitstringStatusListEntry",
"statusPurpose": "revocation",
"statusListIndex": "94567",
"statusListCredential": "https://participantregistry.example/credentials/status/3"
},
"termsOfUse": {
"type": "TrustFrameworkPolicy",
"trustFramework": "iSHARE",
"policyId": "https://framework.ishare.eu/detailed-descriptions/legal#adhering-parties",
"legalBasis": "https://framework.ishare.eu/detailed-descriptions/legal"
},
"credentialSchema": [
{
"id": "https://schemas.ishare.eu/v3/participant.json",
"type": "JsonSchema"
}
]
}
Securing Verifiable Credential
Following is preferred method of securing the Verifiable credential by using enveloped method with JWT. This is preferred as JWT is already widely used in general as well as in iSHARE specifications already and has a wider community support.
Protected Headers
{
"alg": "RS256",
"typ": "JWT",
"x5c": [ "MIIGWjCCBEKgAwIBAgIUXgPmHLyB7e7ALgwg0S2vM0ypsJ8wDQYJKoZIhvcNAQELBQAwXTEeMBwGA1UEAwwVZUlEQVNlU0VBTE9JRF9Jc3NDQUc0MRkwFwYDVQRhExBOVFJOTC1pU0hBUkVURVNUMRMwEQYDVQQKEwppU0hBUkVUZXN0MQswCQYDVQQGEwJYWDAeFw0yNTA4MjEwNjMxMTRaFw0yODA4MjAwNjMxMTNaMFgxCzAJBgNVBAYTAk5MMRUwEwYDVQQKDAxURVNUZUlEQVNWQzExFTATBgNVBAMMDFRFU1RlSURBU1ZDMTEbMBkGA1UEYQwSTlRSTkwtVEVTVGVJREFTVkMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAgO4jCELPj4GIkj+C6M1xT4R4jOe0vbt+3UjIpT8tcd6uCm1V4+XwB2rZHfe5bNWvJLhbGE8MYfbOE9vDYq0SlftguofWxQP5zfFxjB89RbP6dr8x4OLRhvE9m7gkn0EAiex6qpzPIt9GeqbuuVC4A8QjdxGsK6MpbwGW+xSgS4VfdXP+n9TKzcGBkf52L+5WBhFfycfh8PpvGN072VTLkEwLeyAyL4TKvAQi/cWDEDJtl3ezAwSTr66w89S+kNQ1a/rzMTf/0CxnHjHZTbm8EP+FVLhlZg4rNCWsm8duVLggToYS7uzItbrah53Fy3Biyp7fcF81KIAE8DTw6ySwIDAQABo4ICFTCCAhEwDgYDVR0PAQH/BAQDAgZAMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUsxpPQkDp2Hida//8JLAQsTQ88IkwVwYIKwYBBQUHAQEESzBJMEcGCCsGAQUFBzABhjtodHRwczovL2NhNy5pc2hhcmV0ZXN0Lm5ldDo4NDQyL2VqYmNhL3B1YmxpY3dlYi9zdGF0dXMvb2NzcDAQBgNVHSAECTAHMAUGA1UdIDAfBgNVHSUEGDAWBggrBgEFBQcDBAYKKwYBBAGCNwoDDDBbBggrBgEFBQcBAwRPME0wEwYGBACORgEGMAkGBwQAjkYBBgIwNgYIKwYBBQUHAQMMKlRoaXMgaXMgdGVzdCBlc2VhbCBjZXJ0aWZpY2F0ZSBmb3IgdGVzdGluZzCBxwYDVR0fBIG/MIG8MIG5oIG2oIGzhoGwaHR0cHM6Ly9jYTcuaXNoYXJldGVzdC5uZXQ6ODQ0Mi9lamJjYS9wdWJsaWN3ZWIvd2ViZGlzdC9jZXJ0ZGlzdD9jbWQ9Y3JsJmlzc3Vlcj1DTiUzRGVJREFTZVNFQUxPSURfSXNzQ0FHNCUyQ29yZ2FuaXphdGlvbklkZW50aWZpZXIlM0ROVFJOTC1pU0hBUkVURVNUJTJDTyUzRGlTSEFSRVRlc3QlMkNDJTNEWFgwHQYDVR0OBBYEFCuY+bIsT1jkIXU2aUHrbFHNPNRyMA0GCSqGSIb3DQEBCwUAA4ICAQCALWZRmMz7pepBj5wC7MiTIgw+8XRqEZoUN0sLHEfetcR2C/lG6xUUmirh426gPU1NzZAhmBsWJB00u0vcpZkmkotSmvJ0tQGWDQNcgWs1sXT4KZeymeGJBr1q+tT/7WmuDISZuy3/j3qiUljtWqXKbNbryVF/ALAfvYG72lq+BE5gSJlpYq2wpBnxlCLHV6PBmX07UOkS+Nk4qcRLYRQ9BepedxOzEW4ojrA5/8tfv8w5F7kbw8tZavt9sqwn+zKU1miEQ/wwdv4IJ9aNRqg+P7znwJtV+y4/E30TpqrV6vrB9E59HZ8CmgvofGcSMdYEVfQbJHOgk1Akgniz9cEWu23+y1kfjdFIRMUQvWfjXTEaafg0Z6ly6cyOgqOntnRHmHDcstCKoSoZ1M2+bwHrilMu5rOB9EACKl4reT66NF+huXOp7OefZ3JwsZ42ojeZYigt4k+Rj17nfcNUOiCLZ47cACCw2AXnSTE62s0Ac7ivCNxBCGXMcwu2ZAHvwIH2x5TuX9Axtol8VYgG8W475RDP3A0EO2scZPhIrX7xMebWKi8xrqs+S9zqecF8OPH+4YjMs+NiRD1dkG7+4+XWx8uiP+49+FdARTUDdLgRr58tsJvemkp4A90iCAhCnfVcYZqzB2tdd+RWeEXKdlYuyceoPZGU8wCLsPy3lsMwvg==",
"MIIF2jCCA8KgAwIBAgIUPG3+TAnxVOBce9NaPt9pTAgm5R4wDQYJKoZIhvcNAQELBQAwQjEeMBwGA1UEAwwVZUlEQVNlU0VBTE9JRF9TdWJDQUczMRMwEQYDVQQKEwppU0hBUkVUZXN0MQswCQYDVQQGEwJYWDAeFw0yMzA4MjUwOTAxMzJaFw00ODA4MjUwOTAwMDVaMF0xHjAcBgNVBAMMFWVJREFTZVNFQUxPSURfSXNzQ0FHNDEZMBcGA1UEYRMQTlRSTkwtaVNIQVJFVEVTVDETMBEGA1UEChMKaVNIQVJFVGVzdDELMAkGA1UEBhMCWFgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDanUgM1/PQyXNTX+UOLGrZjS8HaTWR/P4xD8SMCRxOXHKzHLQqEQOuHD/w+rx9/bEwzH4wVfJ0m6/r56KOg0wLUlVwOyikOXGoITD2u+Ui9t24tYIkx8zjLG7VHVcw4dXOt92svKY1LybvlproWzTHlRwoIO1YQ4hO+rybsw/KEDEXUbkowjlHAPcwnsOW64367EN+ezT1sS8dzFIxmG8qC2LrM2sXJWqq5vJeE/86TfZ2NMO+CUxkjj7uPgbW2V/MOUhYyAtGAjzd/KwOrLMRMYaXOIj61m8R71nh/LV9n8dnj0wTQONTHhuM7mdZQxhqOdkL2ckSrBWi3atEVT1OhBRX4FmmhIhmSWuCtgyKiDCIotyGAsX2o6817fee4Rdtwfw9Q4oN3NAhtod60iOAWApVt+BT5tvdgGOYWPcbMR5pGzbp38dGUyuwYZV4LAnIGSm5yaucNE2E2xrQCbEeZm4RPsx5JleWzipk+42d7vqvWD88IQcQ+bZM2X4rJBZNs166Clx+m6HmKxKALebUtjszsgyH8cq10d+k4Ao8oCaOYjv2IaEbMd+fV/Uf8kPkzTtKlttdqiixoIqycXMEgBaSgkub7XoQ6K26tRPJ0w5Qkuuh3MKtGEWfW7EEGmpnCqjOv6/rAMJiMWyh1IgLgNBUPP7zaVPpDAtC88OSJQIDAQABo4GsMIGpMBIGA1UdEwEB/wQIMAYBAf8CAQEwHwYDVR0jBBgwFoAU4ubX0p6DVjN9DKtOWWMYAs+HxdQwGAYDVR0gBBEwDzAFBgNVHSAwBgYEVR0gADApBgNVHSUEIjAgBggrBgEFBQcDAgYIKwYBBQUHAwQGCisGAQQBgjcKAwwwHQYDVR0OBBYEFLMaT0JA6dh4nWv//CSwELE0PPCJMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAZv5Gukx0PEvVREIt8MTaPfCH4awyiiYyi17h6R5LLk1rerwQsSSSHfVqftdwRF0ocLp2PXJhe075qV406C04CjamNk3ez9ZiNHCNjPtfid6oOxqz1Xk8XPjNYElbAFmP7eKl/441vZhGuk/RhXGNxQbto0Q16g8IRcGDvWgNhtrtB1G2xSmtB1S2uUpSaiZVNOrkdzThiEJseURBoXxUXIqpLyPTRl6MMgVaLGRYRc3vYij4B7M2hBN7/cjnGLsMVtgbOv6CV21g2SXowbgOqzByH51UTR6ObHiGj0kSCALG14IQPkzQPiSpju++9M2jAjPM3o421ZOUDMP246CsqPXrTAbPXJVUR/gi4u53kmzC210jvVq9hHwelxQOTPFhlM6E1Ch4Jb4PQRLKDPFl+5NW4Fy2JADjyupyVHncdLEuPy0PgCL2Yo147HSpPj4u7jc1RmHU7NO12EV2ZCMfFlRwdGv6if8qO7s/6lpZJjpPtLEObA5tD4ahc+aPNAi9WCk0peRm1KE5VGDWKFNSNAiLJNzP7m2Q6y8fOy38cNgFBhGOF/KgEIsT10V+5K5o+ylVVtPVeRRENEvKO9ELkze0IHgsTB/6cwOij4pxM9Jvauj06GglhIhiIA6q0iDUqB1MUR0HziY9BsnWY9kR8hwV3OW+nsmztQwGVEw2kjU=",
"MIIFjjCCA3agAwIBAgIUFj9/3jGORhtIpZ98OLRtRHs0AYswDQYJKoZIhvcNAQELBQAwQTEdMBsGA1UEAwwUZUlEQVNlU0VBTE9JRF9Sb290RzIxEzARBgNVBAoTCmlTSEFSRVRlc3QxCzAJBgNVBAYTAlhYMB4XDTIzMDgyNTA5MDA0NFoXDTQ4MDgyNTA5MDAwNVowQjEeMBwGA1UEAwwVZUlEQVNlU0VBTE9JRF9TdWJDQUczMRMwEQYDVQQKEwppU0hBUkVUZXN0MQswCQYDVQQGEwJYWDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL7nzkyoFXWg1ghdG6fnuzuvAdMWsm/I+mX3Dbz3I/KyqLdWt7XG3OWVSnhosAD2W2SXnlGXqxye0hPtEgkQIdel7FnFosWWrsEOratgXlnM4NWpYDKMWEVYro7hzHgCZ126ZPQULls52NcvpRM8S3dZk+XK1kf3VeS0J2hUSFEAZHLyXCXkhTnUI7qo1ur1TmDWYsNQwxDGOu7CQyZYdKIwKqI9eGsRLgM6PQlg3vZCropOodM7loTuirCl3UKw4HrGk2cOiAf4Id//eaVCafwkjKsJTQuAahuRz4qMsHYA3kDQz+0+hgnR74r+iLr+8lr044glnaWIWvrEGciRR+PectfrLOQQIW7ha13dzWozkT0agnT1Lk/CGrgNXVqhosGC0ruAQPI6DcPNy2INM9JgtCmBsSjMM185FIBX4Cy17m73h9rKjXZMxb6TxX7CIZyesgAS0bBRb6xIpKsZrlrjEazsjC2VHRRWOMJWYqcXLD5ZNzGMZUr6Tt2yCUAtamecDATKN6/Gbsxe0tABN0pk0rx5ic+4TXdBroN9OAZchH4tJCsOCKonCzApPxVThDNMxsooyFq9DmgXhyEUOOoeS+Fr4FgH+jSANm/l178Jh9epfXQ9gE/6aqPxYjNSBgS60S1EVqCpxw2rT1mUYeGfwibVm53ixGptR8kte70nAgMBAAGjfTB7MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU2LubNS1bP+/ha8vMDM+iLrppeowwGAYDVR0gBBEwDzAFBgNVHSAwBgYEVR0gADAdBgNVHQ4EFgQU4ubX0p6DVjN9DKtOWWMYAs+HxdQwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQB8jqYUw7Tv+W4ZH06PraF6zfdCxT03DhRChw4Z/Qm0XVS2gRyRwcMptQFERhPNOA221u9LqozZ1aK3B35wkcGD/dFJgJCJB96SMttQl2Hp/EiQz9PFF02dBSruXhIaraPbM+NIGdmyN2ZywGGXI1aU7JD3XG29Sh2AAdOkv8dI6gEgzt/DHSIIbakbaLdEIc7WB95GUHcHnNj58TzTSyVfBmtb3vBK9JG0Io6NAPWQYx2VP8+fIylja2d128hgh0dsDrXFAM+9AX8hae5vvxVi8TWs/z2ing+k+immtSNfzzKMiO7r5wJAkyjwtUBlBStKIA6Zer22pmSTZZeucHdEThabcWQidVZmMP3If6ix5UeyX8V6OAw0gsI3IUb91Q76d4sLWbzoGNONAYFC1Iyz0xWj47Zd6P7Z2Gfh1ViIbMxViFDlNmbEZflpES87K/yhBUQ/tnCNGQoSdtsuyuWg3NfWbyJoNZzlU96JWxcqSaXkzse9j8wahayKNM6SWKSY1Z05h8JScOCmFB5F8V3bd5nP/uKja7H8O4GOAAPM3OtG+eq37xW/xN0oAsjbvt4ojnUbJs2kiAxEdwXx0K7mcPeS7zWmVt8h4RdcDm/PGTDa9m8OqhQuck80QnuxIUWVr7GWadh1Ly/tl0+bvmkcnO2ybRJ+gbqREHDTe0sxsw==",
"MIIFczCCA1ugAwIBAgIUCvfSvQerjFDmM2LvmjoTDOInLAwwDQYJKoZIhvcNAQELBQAwQTEdMBsGA1UEAwwUZUlEQVNlU0VBTE9JRF9Sb290RzIxEzARBgNVBAoTCmlTSEFSRVRlc3QxCzAJBgNVBAYTAlhYMB4XDTIzMDgyNTA5MDAwNloXDTQ4MDgyNTA5MDAwNVowQTEdMBsGA1UEAwwUZUlEQVNlU0VBTE9JRF9Sb290RzIxEzARBgNVBAoTCmlTSEFSRVRlc3QxCzAJBgNVBAYTAlhYMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxVMKI9RMhnOSA2LorgEC3YDNd2itn72LOdfRRUu45fG70Iev+E4kRrzJ1k23WXH5sHTbcslpETeAZnj0/xKBYdELuwe6HX8kIwd1s6WGlZc0l7ki1fmj4HqSstGJ/BKGj1a7236WwPJEWEHqfx9QMEeuJKlUSVFFyE4jMsfYp87ifIpuwE8oLOw4ykDDOP52Td06vHCIYrqDBrvxFdAuEnFxNxlPXRE4gLsygg62HOxOuGmhWfsy6TccIp5XIOdj2CzeoXJ82m5/imBPJvkefnrjEQXziSE2mi2IBDtGP/AwFWI7WpsEyDXWImMSR0T3CuDmkeQ14pNmcqMp/bqX3i1aetadFTWsuhl0nH2iRqKZDJxZlScu99toq5GrdcFUcxGRQyl+sFhUh3XcBWJV7Y2wnFL2tY7thtQ8ZPmzTO8kPKCbEl5U6gCSIkpRPNZBPG4dT0qu+8Bd71Pu7nAy1iB4U6ys34cFlOlJpGM0FGr35LefbPR8bgz6M9XNjRbgMDQcXDMnfiDJ7E81oVBpCXN9ydHi1blhakuEBaoa9M/kazipGPmAuxrWBMmp2q0wzQp9GS2e8keJIDwJuyzELaRZC4yjVsVZQMK//D+4J3boU5drCmmm6C1rwNRfSZuFGNcIYDZeHteGoCF4EA5jcgdFaIYrDej6VAab42vN5LUCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTYu5s1LVs/7+Fry8wMz6Iuuml6jDAdBgNVHQ4EFgQU2LubNS1bP+/ha8vMDM+iLrppeowwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQBbcHyV2b5mGwHWxCSbDwr5V7PgSZIJa1scrCnIHD3Z/yxG7Xp5cIlBj4My4lRHjZtJVvUfTjFpsEDEv/PAq74OIolN/kPdMfTczFBGpvsZr0x2yUPEJzQsTSLx0gwZ+wvoKHWE0C7GqgkABNrFW8FLqRzNqXsmM5oI4c3V5syxwBYFDUY5MPWdqJEDfRvjjJPCXmKOP1lO+i+E07vsFpDzHS2FKB5c6sTIZkvt+H/CG4hVu6ZvcFXXzv2JK/EoVZ6wUdClt4pLgTQZ/W0qQCJ3GjFe/PZ74mckW1x/zk9z0VQjUpTqz3AjPLIjj60nMLTLp50oFcMLjuXss0vv4tUjCTps2Qg9n0GwLlDR42Nyw2TKcMMB6ycEoNiUEu0lga1JM0SVSsFP7GSU/W9VqatK7xp/XW9/GDvgp3Z/pPM0E3i1tqp/nOU43Yof8Wi4JJ6zOgXBzqQxO6MILZJ4qEfenAtI7o95Ty5yk9vRboUstywsfC6CVsu08NL/ttw4OSXOvbkQ+7zMxCYT9YyQD5l/ltC3bgdj/lBZznsBuGYNOB16wDNcGpuuaeksfQfBDPHT+vR6gPVFZpyVwy/tzH6NTpUGDjoHVsCxUjY870OM4D2Jcj9OIqqdlkCoWO6i4Vec7sTzxiX39oNSr1G7Cobc3sYdhnxg/vlg1BeCJ87p0A=="
]
}Payload application/vc
{
"@context": [
"https://www.w3.org/ns/credentials/v2"
],
"id": "https://participantregistry.example/credentials/NTRNL-10000000",
"type": [
"VerifiableCredential",
"ParticipantCredential"
],
"issuer": "did:ishare:EU.NL.NTRNL-TESTeIDASVC1",
"validFrom": "2025-05-10T08:00:00Z",
"credentialSubject": {
"id": "did:ishare:EU.NL.NTRNL-10000000",
"alsoKnownAs": [
"did:elsi:LEIXG-724501AZSGBRY55MNS59",
"did:key:z6MkhfrsD3GUDjGvRxTTSamE1WnS9w3nDJLeZzT1KZVrU5tE",
"did:web:example.com",
"AS.JA.NTA:1234567890122"
],
"legalName": "Test Service Consumer"
},
"claims": {
"type": "frameworkMembership",
"id": "e1585bdd-a1a9-4bd3-bf7e-7fe64300907b",
"registrarId": "did:ishare:EU.NL.NTRNL-10000222",
"capabilityUrl": "",
"status": "Active",
"startDate": "2025-02-12T00:00:00.000Z",
"endDate": "2026-02-13T00:00:00.000Z",
"framework": "iSHARE",
"additionalInfo": {
"description": "description",
"logo": "https://logo.example.com/",
"website": "https://www.example.com/",
"companyPhone": "+310202343458",
"companyEmail": "info@exmaple.com",
"publiclyPublishable": "no",
"countriesOfOperation": [
"Netherlands",
"Germany"
],
"sectorIndustry": [
"Energy"
],
"tags": ""
}
},
"credentialStatus": {
"id": "https://participantregistry.example/credentials/status/3#94567",
"type": "BitstringStatusListEntry",
"statusPurpose": "revocation",
"statusListIndex": "94567",
"statusListCredential": "https://participantregistry.example/credentials/status/3"
},
"termsOfUse": {
"type": "TrustFrameworkPolicy",
"trustFramework": "iSHARE",
"policyId": "https://framework.ishare.eu/detailed-descriptions/legal#adhering-parties",
"legalBasis": "https://framework.ishare.eu/detailed-descriptions/legal"
},
"credentialSchema": [
{
"id": "https://schemas.ishare.eu/v3/participant.json",
"type": "JsonSchema"
}
]
}Resulting JWS (signed JWT) application/vc+jwt<
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlHV2pDQ0JFS2dBd0lCQWdJVVhnUG1ITHlCN2U3QUxnd2cwUzJ2TTB5cHNKOHdEUVlKS29aSWh2Y05BUUVMQlFBd1hURWVNQndHQTFVRUF3d1ZaVWxFUVZObFUwVkJURTlKUkY5SmMzTkRRVWMwTVJrd0Z3WURWUVJoRXhCT1ZGSk9UQzFwVTBoQlVrVlVSVk5VTVJNd0VRWURWUVFLRXdwcFUwaEJVa1ZVWlhOME1Rc3dDUVlEVlFRR0V3SllXREFlRncweU5UQTRNakV3TmpNeE1UUmFGdzB5T0RBNE1qQXdOak14TVROYU1GZ3hDekFKQmdOVkJBWVRBazVNTVJVd0V3WURWUVFLREF4VVJWTlVaVWxFUVZOV1F6RXhGVEFUQmdOVkJBTU1ERlJGVTFSbFNVUkJVMVpETVRFYk1Ca0dBMVVFWVF3U1RsUlNUa3d0VkVWVFZHVkpSRUZUVmtNeE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBeEFnTzRqQ0VMUGo0R0lraitDNk0xeFQ0UjRqT2UwdmJ0KzNVaklwVDh0Y2Q2dUNtMVY0K1h3QjJyWkhmZTViTld2SkxoYkdFOE1ZZmJPRTl2RFlxMFNsZnRndW9mV3hRUDV6ZkZ4akI4OVJiUDZkcjh4NE9MUmh2RTltN2drbjBFQWlleDZxcHpQSXQ5R2VxYnV1VkM0QThRamR4R3NLNk1wYndHVyt4U2dTNFZmZFhQK245VEt6Y0dCa2Y1MkwrNVdCaEZmeWNmaDhQcHZHTjA3MlZUTGtFd0xleUF5TDRUS3ZBUWkvY1dERURKdGwzZXpBd1NUcjY2dzg5UytrTlExYS9yek1UZi8wQ3huSGpIWlRibThFUCtGVkxobFpnNHJOQ1dzbThkdVZMZ2dUb1lTN3V6SXRicmFoNTNGeTNCaXlwN2ZjRjgxS0lBRThEVHc2eVN3SURBUUFCbzRJQ0ZUQ0NBaEV3RGdZRFZSMFBBUUgvQkFRREFnWkFNQXdHQTFVZEV3RUIvd1FDTUFBd0h3WURWUjBqQkJnd0ZvQVVzeHBQUWtEcDJIaWRhLy84SkxBUXNUUTg4SWt3VndZSUt3WUJCUVVIQVFFRVN6QkpNRWNHQ0NzR0FRVUZCekFCaGp0b2RIUndjem92TDJOaE55NXBjMmhoY21WMFpYTjBMbTVsZERvNE5EUXlMMlZxWW1OaEwzQjFZbXhwWTNkbFlpOXpkR0YwZFhNdmIyTnpjREFRQmdOVkhTQUVDVEFITUFVR0ExVWRJREFmQmdOVkhTVUVHREFXQmdnckJnRUZCUWNEQkFZS0t3WUJCQUdDTndvREREQmJCZ2dyQmdFRkJRY0JBd1JQTUUwd0V3WUdCQUNPUmdFR01Ba0dCd1FBamtZQkJnSXdOZ1lJS3dZQkJRVUhBUU1NS2xSb2FYTWdhWE1nZEdWemRDQmxjMlZoYkNCalpYSjBhV1pwWTJGMFpTQm1iM0lnZEdWemRHbHVaekNCeHdZRFZSMGZCSUcvTUlHOE1JRzVvSUcyb0lHemhvR3dhSFIwY0hNNkx5OWpZVGN1YVhOb1lYSmxkR1Z6ZEM1dVpYUTZPRFEwTWk5bGFtSmpZUzl3ZFdKc2FXTjNaV0l2ZDJWaVpHbHpkQzlqWlhKMFpHbHpkRDlqYldROVkzSnNKbWx6YzNWbGNqMURUaVV6UkdWSlJFRlRaVk5GUVV4UFNVUmZTWE56UTBGSE5DVXlRMjl5WjJGdWFYcGhkR2x2Ymtsa1pXNTBhV1pwWlhJbE0wUk9WRkpPVEMxcFUwaEJVa1ZVUlZOVUpUSkRUeVV6UkdsVFNFRlNSVlJsYzNRbE1rTkRKVE5FV0Znd0hRWURWUjBPQkJZRUZDdVkrYklzVDFqa0lYVTJhVUhyYkZITlBOUnlNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUNBTFdaUm1NejdwZXBCajV3QzdNaVRJZ3crOFhScUVab1VOMHNMSEVmZXRjUjJDL2xHNnhVVW1pcmg0MjZnUFUxTnpaQWhtQnNXSkIwMHUwdmNwWmtta290U212SjB0UUdXRFFOY2dXczFzWFQ0S1pleW1lR0pCcjFxK3RULzdXbXVESVNadXkzL2ozcWlVbGp0V3FYS2JOYnJ5VkYvQUxBZnZZRzcybHErQkU1Z1NKbHBZcTJ3cEJueGxDTEhWNlBCbVgwN1VPa1MrTms0cWNSTFlSUTlCZXBlZHhPekVXNG9qckE1Lzh0ZnY4dzVGN2tidzh0WmF2dDlzcXduK3pLVTFtaUVRL3d3ZHY0SUo5YU5ScWcrUDd6bndKdFYreTQvRTMwVHBxclY2dnJCOUU1OUhaOENtZ3ZvZkdjU01kWUVWZlFiSkhPZ2sxQWtnbml6OWNFV3UyMyt5MWtmamRGSVJNVVF2V2ZqWFRFYWFmZzBaNmx5NmN5T2dxT250blJIbUhEY3N0Q0tvU29aMU0yK2J3SHJpbE11NXJPQjlFQUNLbDRyZVQ2Nk5GK2h1WE9wN09lZlozSndzWjQyb2plWllpZ3Q0aytSajE3bmZjTlVPaUNMWjQ3Y0FDQ3cyQVhuU1RFNjJzMEFjN2l2Q054QkNHWE1jd3UyWkFIdndJSDJ4NVR1WDlBeHRvbDhWWWdHOFc0NzVSRFAzQTBFTzJzY1pQaElyWDd4TWViV0tpOHhycXMrUzl6cWVjRjhPUEgrNFlqTXMrTmlSRDFka0c3KzQrWFd4OHVpUCs0OStGZEFSVFVEZExnUnI1OHRzSnZlbWtwNEE5MGlDQWhDbmZWY1lacXpCMnRkZCtSV2VFWEtkbFl1eWNlb1BaR1U4d0NMc1B5M2xzTXd2Zz09IiwiTUlJRjJqQ0NBOEtnQXdJQkFnSVVQRzMrVEFueFZPQmNlOU5hUHQ5cFRBZ201UjR3RFFZSktvWklodmNOQVFFTEJRQXdRakVlTUJ3R0ExVUVBd3dWWlVsRVFWTmxVMFZCVEU5SlJGOVRkV0pEUVVjek1STXdFUVlEVlFRS0V3cHBVMGhCVWtWVVpYTjBNUXN3Q1FZRFZRUUdFd0pZV0RBZUZ3MHlNekE0TWpVd09UQXhNekphRncwME9EQTRNalV3T1RBd01EVmFNRjB4SGpBY0JnTlZCQU1NRldWSlJFRlRaVk5GUVV4UFNVUmZTWE56UTBGSE5ERVpNQmNHQTFVRVlSTVFUbFJTVGt3dGFWTklRVkpGVkVWVFZERVRNQkVHQTFVRUNoTUthVk5JUVZKRlZHVnpkREVMTUFrR0ExVUVCaE1DV0Znd2dnSWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUURhblVnTTEvUFF5WE5UWCtVT0xHclpqUzhIYVRXUi9QNHhEOFNNQ1J4T1hIS3pITFFxRVFPdUhEL3crcng5L2JFd3pINHdWZkowbTYvcjU2S09nMHdMVWxWd095aWtPWEdvSVREMnUrVWk5dDI0dFlJa3g4empMRzdWSFZjdzRkWE90OTJzdktZMUx5YnZscHJvV3pUSGxSd29JTzFZUTRoTytyeWJzdy9LRURFWFVia293amxIQVBjd25zT1c2NDM2N0VOK2V6VDFzUzhkekZJeG1HOHFDMkxyTTJzWEpXcXE1dkplRS84NlRmWjJOTU8rQ1V4a2pqN3VQZ2JXMlYvTU9VaFl5QXRHQWp6ZC9Ld09yTE1STVlhWE9JajYxbThSNzFuaC9MVjluOGRuajB3VFFPTlRIaHVNN21kWlF4aHFPZGtMMmNrU3JCV2kzYXRFVlQxT2hCUlg0Rm1taElobVNXdUN0Z3lLaURDSW90eUdBc1gybzY4MTdmZWU0UmR0d2Z3OVE0b04zTkFodG9kNjBpT0FXQXBWdCtCVDV0dmRnR09ZV1BjYk1SNXBHemJwMzhkR1V5dXdZWlY0TEFuSUdTbTV5YXVjTkUyRTJ4clFDYkVlWm00UlBzeDVKbGVXemlways0MmQ3dnF2V0Q4OElRY1ErYlpNMlg0ckpCWk5zMTY2Q2x4K202SG1LeEtBTGViVXRqc3pzZ3lIOGNxMTBkK2s0QW84b0NhT1lqdjJJYUViTWQrZlYvVWY4a1BrelR0S2x0dGRxaWl4b0lxeWNYTUVnQmFTZ2t1YjdYb1E2SzI2dFJQSjB3NVFrdXVoM01LdEdFV2ZXN0VFR21wbkNxak92Ni9yQU1KaU1XeWgxSWdMZ05CVVBQN3phVlBwREF0Qzg4T1NKUUlEQVFBQm80R3NNSUdwTUJJR0ExVWRFd0VCL3dRSU1BWUJBZjhDQVFFd0h3WURWUjBqQkJnd0ZvQVU0dWJYMHA2RFZqTjlES3RPV1dNWUFzK0h4ZFF3R0FZRFZSMGdCQkV3RHpBRkJnTlZIU0F3QmdZRVZSMGdBREFwQmdOVkhTVUVJakFnQmdnckJnRUZCUWNEQWdZSUt3WUJCUVVIQXdRR0Npc0dBUVFCZ2pjS0F3d3dIUVlEVlIwT0JCWUVGTE1hVDBKQTZkaDRuV3YvL0NTd0VMRTBQUENKTUE0R0ExVWREd0VCL3dRRUF3SUJCakFOQmdrcWhraUc5dzBCQVFzRkFBT0NBZ0VBWnY1R3VreDBQRXZWUkVJdDhNVGFQZkNINGF3eWlpWXlpMTdoNlI1TExrMXJlcndRc1NTU0hmVnFmdGR3UkYwb2NMcDJQWEpoZTA3NXFWNDA2QzA0Q2phbU5rM2V6OVppTkhDTmpQdGZpZDZvT3hxejFYazhYUGpOWUVsYkFGbVA3ZUtsLzQ0MXZaaEd1ay9SaFhHTnhRYnRvMFExNmc4SVJjR0R2V2dOaHRydEIxRzJ4U210QjFTMnVVcFNhaVpWTk9ya2R6VGhpRUpzZVVSQm9YeFVYSXFwTHlQVFJsNk1NZ1ZhTEdSWVJjM3ZZaWo0QjdNMmhCTjcvY2puR0xzTVZ0Z2JPdjZDVjIxZzJTWG93YmdPcXpCeUg1MVVUUjZPYkhpR2owa1NDQUxHMTRJUVBrelFQaVNwanUrKzlNMmpBalBNM280MjFaT1VETVAyNDZDc3FQWHJUQWJQWEpWVVIvZ2k0dTUza216QzIxMGp2VnE5aEh3ZWx4UU9UUEZobE02RTFDaDRKYjRQUVJMS0RQRmwrNU5XNEZ5MkpBRGp5dXB5VkhuY2RMRXVQeTBQZ0NMMllvMTQ3SFNwUGo0dTdqYzFSbUhVN05PMTJFVjJaQ01mRmxSd2RHdjZpZjhxTzdzLzZscFpKanBQdExFT2JBNXRENGFoYythUE5BaTlXQ2swcGVSbTFLRTVWR0RXS0ZOU05BaUxKTnpQN20yUTZ5OGZPeTM4Y05nRkJoR09GL0tnRUlzVDEwVis1SzVvK3lsVlZ0UFZlUlJFTkV2S085RUxremUwSUhnc1RCLzZjd09pajRweE05SnZhdWowNkdnbGhJaGlJQTZxMGlEVXFCMU1VUjBIemlZOUJzbldZOWtSOGh3VjNPVytuc216dFF3R1ZFdzJralU9IiwiTUlJRmpqQ0NBM2FnQXdJQkFnSVVGajkvM2pHT1JodElwWjk4T0xSdFJIczBBWXN3RFFZSktvWklodmNOQVFFTEJRQXdRVEVkTUJzR0ExVUVBd3dVWlVsRVFWTmxVMFZCVEU5SlJGOVNiMjkwUnpJeEV6QVJCZ05WQkFvVENtbFRTRUZTUlZSbGMzUXhDekFKQmdOVkJBWVRBbGhZTUI0WERUSXpNRGd5TlRBNU1EQTBORm9YRFRRNE1EZ3lOVEE1TURBd05Wb3dRakVlTUJ3R0ExVUVBd3dWWlVsRVFWTmxVMFZCVEU5SlJGOVRkV0pEUVVjek1STXdFUVlEVlFRS0V3cHBVMGhCVWtWVVpYTjBNUXN3Q1FZRFZRUUdFd0pZV0RDQ0FpSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnSVBBRENDQWdvQ2dnSUJBTDduemt5b0ZYV2cxZ2hkRzZmbnV6dXZBZE1Xc20vSSttWDNEYnozSS9LeXFMZFd0N1hHM09XVlNuaG9zQUQyVzJTWG5sR1hxeHllMGhQdEVna1FJZGVsN0ZuRm9zV1dyc0VPcmF0Z1hsbk00TldwWURLTVdFVllybzdoekhnQ1oxMjZaUFFVTGxzNTJOY3ZwUk04UzNkWmsrWEsxa2YzVmVTMEoyaFVTRkVBWkhMeVhDWGtoVG5VSTdxbzF1cjFUbURXWXNOUXd4REdPdTdDUXlaWWRLSXdLcUk5ZUdzUkxnTTZQUWxnM3ZaQ3JvcE9vZE03bG9UdWlyQ2wzVUt3NEhyR2syY09pQWY0SWQvL2VhVkNhZndraktzSlRRdUFhaHVSejRxTXNIWUEza0RReiswK2hnblI3NHIraUxyKzhscjA0NGdsbmFXSVd2ckVHY2lSUitQZWN0ZnJMT1FRSVc3aGExM2R6V296a1QwYWduVDFMay9DR3JnTlhWcWhvc0dDMHJ1QVFQSTZEY1BOeTJJTk05Smd0Q21Cc1NqTU0xODVGSUJYNEN5MTdtNzNoOXJLalhaTXhiNlR4WDdDSVp5ZXNnQVMwYkJSYjZ4SXBLc1pybHJqRWF6c2pDMlZIUlJXT01KV1lxY1hMRDVaTnpHTVpVcjZUdDJ5Q1VBdGFtZWNEQVRLTjYvR2JzeGUwdEFCTjBwazByeDVpYys0VFhkQnJvTjlPQVpjaEg0dEpDc09DS29uQ3pBcFB4VlRoRE5NeHNvb3lGcTlEbWdYaHlFVU9Pb2VTK0ZyNEZnSCtqU0FObS9sMTc4Smg5ZXBmWFE5Z0UvNmFxUHhZak5TQmdTNjBTMUVWcUNweHcyclQxbVVZZUdmd2liVm01M2l4R3B0UjhrdGU3MG5BZ01CQUFHamZUQjdNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdId1lEVlIwakJCZ3dGb0FVMkx1Yk5TMWJQKy9oYTh2TURNK2lMcnBwZW93d0dBWURWUjBnQkJFd0R6QUZCZ05WSFNBd0JnWUVWUjBnQURBZEJnTlZIUTRFRmdRVTR1YlgwcDZEVmpOOURLdE9XV01ZQXMrSHhkUXdEZ1lEVlIwUEFRSC9CQVFEQWdFR01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQjhqcVlVdzdUditXNFpIMDZQcmFGNnpmZEN4VDAzRGhSQ2h3NFovUW0wWFZTMmdSeVJ3Y01wdFFGRVJoUE5PQTIyMXU5THFveloxYUszQjM1d2tjR0QvZEZKZ0pDSkI5NlNNdHRRbDJIcC9FaVF6OVBGRjAyZEJTcnVYaElhcmFQYk0rTklHZG15TjJaeXdHR1hJMWFVN0pEM1hHMjlTaDJBQWRPa3Y4ZEk2Z0VnenQvREhTSUliYWtiYUxkRUljN1dCOTVHVUhjSG5OajU4VHpUU3lWZkJtdGIzdkJLOUpHMElvNk5BUFdRWXgyVlA4K2ZJeWxqYTJkMTI4aGdoMGRzRHJYRkFNKzlBWDhoYWU1dnZ4Vmk4VFdzL3oyaW5nK2sraW1tdFNOZnp6S01pTzdyNXdKQWt5and0VUJsQlN0S0lBNlplcjIycG1TVFpaZXVjSGRFVGhhYmNXUWlkVlptTVAzSWY2aXg1VWV5WDhWNk9BdzBnc0kzSVViOTFRNzZkNHNMV2J6b0dOT05BWUZDMUl5ejB4V2o0N1pkNlA3WjJHZmgxVmlJYk14VmlGRGxObWJFWmZscEVTODdLL3loQlVRL3RuQ05HUW9TZHRzdXl1V2czTmZXYnlKb05aemxVOTZKV3hjcVNhWGt6c2U5ajh3YWhheUtOTTZTV0tTWTFaMDVoOEpTY09DbUZCNUY4VjNiZDVuUC91S2phN0g4TzRHT0FBUE0zT3RHK2VxMzd4Vy94TjBvQXNqYnZ0NG9qblViSnMya2lBeEVkd1h4MEs3bWNQZVM3eldtVnQ4aDRSZGNEbS9QR1REYTltOE9xaFF1Y2s4MFFudXhJVVdWcjdHV2FkaDFMeS90bDArYnZta2NuTzJ5YlJKK2dicVJFSERUZTBzeHN3PT0iLCJNSUlGY3pDQ0ExdWdBd0lCQWdJVUN2ZlN2UWVyakZEbU0yTHZtam9URE9JbkxBd3dEUVlKS29aSWh2Y05BUUVMQlFBd1FURWRNQnNHQTFVRUF3d1VaVWxFUVZObFUwVkJURTlKUkY5U2IyOTBSekl4RXpBUkJnTlZCQW9UQ21sVFNFRlNSVlJsYzNReEN6QUpCZ05WQkFZVEFsaFlNQjRYRFRJek1EZ3lOVEE1TURBd05sb1hEVFE0TURneU5UQTVNREF3TlZvd1FURWRNQnNHQTFVRUF3d1VaVWxFUVZObFUwVkJURTlKUkY5U2IyOTBSekl4RXpBUkJnTlZCQW9UQ21sVFNFRlNSVlJsYzNReEN6QUpCZ05WQkFZVEFsaFlNSUlDSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQXhWTUtJOVJNaG5PU0EyTG9yZ0VDM1lETmQyaXRuNzJMT2RmUlJVdTQ1Zkc3MEllditFNGtScnpKMWsyM1dYSDVzSFRiY3NscEVUZUFabmowL3hLQllkRUx1d2U2SFg4a0l3ZDFzNldHbFpjMGw3a2kxZm1qNEhxU3N0R0ovQktHajFhNzIzNld3UEpFV0VIcWZ4OVFNRWV1SktsVVNWRkZ5RTRqTXNmWXA4N2lmSXB1d0U4b0xPdzR5a0RET1A1MlRkMDZ2SENJWXJxREJydnhGZEF1RW5GeE54bFBYUkU0Z0xzeWdnNjJIT3hPdUdtaFdmc3k2VGNjSXA1WElPZGoyQ3plb1hKODJtNS9pbUJQSnZrZWZucmpFUVh6aVNFMm1pMklCRHRHUC9Bd0ZXSTdXcHNFeURYV0ltTVNSMFQzQ3VEbWtlUTE0cE5tY3FNcC9icVgzaTFhZXRhZEZUV3N1aGwwbkgyaVJxS1pESnhabFNjdTk5dG9xNUdyZGNGVWN4R1JReWwrc0ZoVWgzWGNCV0pWN1kyd25GTDJ0WTd0aHRROFpQbXpUTzhrUEtDYkVsNVU2Z0NTSWtwUlBOWkJQRzRkVDBxdSs4QmQ3MVB1N25BeTFpQjRVNnlzMzRjRmxPbEpwR00wRkdyMzVMZWZiUFI4Ymd6Nk05WE5qUmJnTURRY1hETW5maURKN0U4MW9WQnBDWE45eWRIaTFibGhha3VFQmFvYTlNL2themlwR1BtQXV4cldCTW1wMnEwd3pRcDlHUzJlOGtlSklEd0p1eXpFTGFSWkM0eWpWc1ZaUU1LLy9EKzRKM2JvVTVkckNtbW02QzFyd05SZlNadUZHTmNJWURaZUh0ZUdvQ0Y0RUE1amNnZEZhSVlyRGVqNlZBYWI0MnZONUxVQ0F3RUFBYU5qTUdFd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZkJnTlZIU01FR0RBV2dCVFl1NXMxTFZzLzcrRnJ5OHdNejZJdXVtbDZqREFkQmdOVkhRNEVGZ1FVMkx1Yk5TMWJQKy9oYTh2TURNK2lMcnBwZW93d0RnWURWUjBQQVFIL0JBUURBZ0VHTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElDQVFCYmNIeVYyYjVtR3dIV3hDU2JEd3I1VjdQZ1NaSUphMXNjckNuSUhEM1oveXhHN1hwNWNJbEJqNE15NGxSSGpadEpWdlVmVGpGcHNFREV2L1BBcTc0T0lvbE4va1BkTWZUY3pGQkdwdnNacjB4MnlVUEVKelFzVFNMeDBnd1ord3ZvS0hXRTBDN0dxZ2tBQk5yRlc4RkxxUnpOcVhzbU01b0k0YzNWNXN5eHdCWUZEVVk1TVBXZHFKRURmUnZqakpQQ1htS09QMWxPK2krRTA3dnNGcER6SFMyRktCNWM2c1RJWmt2dCtIL0NHNGhWdTZadmNGWFh6djJKSy9Fb1ZaNndVZENsdDRwTGdUUVovVzBxUUNKM0dqRmUvUFo3NG1ja1cxeC96azl6MFZRalVwVHF6M0FqUExJamo2MG5NTFRMcDUwb0ZjTUxqdVhzczB2djR0VWpDVHBzMlFnOW4wR3dMbERSNDJOeXcyVEtjTU1CNnljRW9OaVVFdTBsZ2ExSk0wU1ZTc0ZQN0dTVS9XOVZxYXRLN3hwL1hXOS9HRHZncDNaL3BQTTBFM2kxdHFwL25PVTQzWW9mOFdpNEpKNnpPZ1hCenFReE82TUlMWko0cUVmZW5BdEk3bzk1VHk1eWs5dlJib1VzdHl3c2ZDNkNWc3UwOE5ML3R0dzRPU1hPdmJrUSs3ek14Q1lUOVl5UUQ1bC9sdEMzYmdkai9sQlp6bnNCdUdZTk9CMTZ3RE5jR3B1dWFla3NmUWZCRFBIVCt2UjZnUFZGWnB5Vnd5L3R6SDZOVHBVR0Rqb0hWc0N4VWpZODcwT000RDJKY2o5T0lxcWRsa0NvV082aTRWZWM3c1R6eGlYMzlvTlNyMUc3Q29iYzNzWWRobnhnL3ZsZzFCZUNKODdwMEE9PSJdfQ.eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiXSwiaWQiOiJodHRwczovL3BhcnRpY2lwYW50cmVnaXN0cnkuZXhhbXBsZS9jcmVkZW50aWFscy9OVFJOTC0xMDAwMDAwMCIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJQYXJ0aWNpcGFudENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmlzaGFyZTpFVS5OTC5OVFJOTC1URVNUZUlEQVNWQzEiLCJ2YWxpZEZyb20iOiIyMDI1LTA1LTEwVDA4OjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOmlzaGFyZTpFVS5OTC5OVFJOTC0xMDAwMDAwMCIsImFsc29Lbm93bkFzIjpbImRpZDplbHNpOkxFSVhHLTcyNDUwMUFaU0dCUlk1NU1OUzU5IiwiZGlkOmtleTp6Nk1raGZyc0QzR1VEakd2UnhUVFNhbUUxV25TOXczbkRKTGVaelQxS1pWclU1dEUiLCJkaWQ6d2ViOmV4YW1wbGUuY29tIiwiQVMuSkEuTlRBOjEyMzQ1Njc4OTAxMjIiXSwibGVnYWxOYW1lIjoiVGVzdCBTZXJ2aWNlIENvbnN1bWVyIiwiY2FwYWJpbGl0eVVybCI6IiIsInZhbGlkRnJvbSI6IjIwMjUtMDItMTJUMDA6MDA6MDAuMDAwWiIsInZhbGlkVG8iOiIyMDI2LTAyLTEzVDAwOjAwOjAwLjAwMFoiLCJhZGRpdGlvbmFsSW5mbyI6eyJkZXNjcmlwdGlvbiI6IiIsImxvZ28iOiIiLCJ3ZWJzaXRlIjoiIiwiY29tcGFueVBob25lIjoiIiwiY29tcGFueUVtYWlsIjoiIiwicHVibGljbHlQdWJsaXNoYWJsZSI6ImZhbHNlIiwiY291bnRyaWVzT2ZPcGVyYXRpb24iOltdLCJzZWN0b3JJbmR1c3RyeSI6W10sInRhZ3MiOiIifX0sImNyZWRlbnRpYWxTdGF0dXMiOnsiaWQiOiJodHRwczovL3BhcnRpY2lwYW50cmVnaXN0cnkuZXhhbXBsZS9jcmVkZW50aWFscy9zdGF0dXMvMyM5NDU2NyIsInR5cGUiOiJCaXRzdHJpbmdTdGF0dXNMaXN0RW50cnkiLCJzdGF0dXNQdXJwb3NlIjoicmV2b2NhdGlvbiIsInN0YXR1c0xpc3RJbmRleCI6Ijk0NTY3Iiwic3RhdHVzTGlzdENyZWRlbnRpYWwiOiJodHRwczovL3BhcnRpY2lwYW50cmVnaXN0cnkuZXhhbXBsZS9jcmVkZW50aWFscy9zdGF0dXMvMyJ9LCJ0ZXJtc09mVXNlIjp7InR5cGUiOiJUcnVzdEZyYW1ld29ya1BvbGljeSIsInRydXN0RnJhbWV3b3JrIjoiaVNIQVJFIiwicG9saWN5SWQiOiJodHRwczovL2ZyYW1ld29yay5pc2hhcmUuZXUvZGV0YWlsZWQtZGVzY3JpcHRpb25zL2xlZ2FsI2FkaGVyaW5nLXBhcnRpZXMiLCJsZWdhbEJhc2lzIjoiaHR0cHM6Ly9mcmFtZXdvcmsuaXNoYXJlLmV1L2RldGFpbGVkLWRlc2NyaXB0aW9ucy9sZWdhbCJ9LCJjcmVkZW50aWFsU2NoZW1hIjpbeyJpZCI6Imh0dHBzOi8vc2NoZW1hcy5pc2hhcmUuZXUvdjMvcGFydGljaXBhbnQuanNvbiIsInR5cGUiOiJKc29uU2NoZW1hIn1dLCJpYXQiOjE3NTU2MDExNDAsImV4cCI6MTc1ODI4Njc0MH0.L5nH9Q3YnL25cbG-gDUPXRrS7V-HtNk86jU0fhDCzS9hldcOaCNULOCw28x96Bz6dSHNIxEd8jAqmNG25MV3OpHxUQDyxs8dIVNdd2_ncahM-ckvZK4BwnkZQ6lvE8YGNtELbtqrHW7Qa_iX6rQaNhgeOVHj9psfUlbWqsNShDAFLe7f4ud28x9Ibxu_4H-teaeoAiHv3aj-pPQpwkwNBYqLXQaG9wjZcZuWzO-_umHd4bjoQpiGItyk99CeMfrJEBgmc26vMTo2-OMQyWkddaMbTzL06HA75WtdMyxjLcxUYvx4-1w_BDdtDD1Fxdy_-fomTzeZKGexZYKOojAEXQTODO: Selection of methods and signatures in evidence part as there are various proof mechanisms and should select a subset of refer to the VC specifications itself is under investigation. Additionally, need to see if we can use some constructs from the specs itslef to replace or restructure the elements in our VCs.
Impact iSHARE Foundation (Scheme Owner)
Describe the impact of the RFC on all the assets of iSHARE. Use the following list as a guideline:
- The iSHARE Trust Framework: https://ishareworks.atlassian.net/wiki/spaces/IS/
- Following pages needs to be updated:
- https://framework.ishare.eu/main-aspects-of-the-ishare-trust-framework/key-functionality and add new pages about VC
- https://framework.ishare.eu/main-aspects-of-the-ishare-trust-framework/technical-overview
- https://framework.ishare.eu/use-cases - add similar pages to existing but with VC
- https://framework.ishare.eu/detailed-descriptions/functional add VC primary use cases
- Add page for M2M and H2m in VC based primary use cases under functional primary use cases
- Add for VC in secondary use cases
- https://framework.ishare.eu/detailed-descriptions/functional/functional-requirements-per-role add for VC related requirements for each role
- https://framework.ishare.eu/detailed-descriptions/technical
- https://framework.ishare.eu/detailed-descriptions/technical/structure-of-delegation-evidence add page under as example with VCs
- https://framework.ishare.eu/detailed-descriptions/operational/operational-processes/admission
- https://framework.ishare.eu/detailed-descriptions/operational/operational-processes/withdrawal-or-downgrade
- https://framework.ishare.eu/detailed-descriptions/operational/service-levels check and update if necessary
- https://framework.ishare.eu/glossary-and-legal-notices add relevant glossary terms
- Following pages needs to be updated:
- The developer documentation (as an extension of the iSHARE Trust Framework): https://dev.ishare.eu/
- Following pages needs update:
- https://dev.ishare.eu/introduction/getting-started - introduce VC and add appropriate links
- Test participants to be added for VCs
- OpenAPI descriptions to be added for VCs
- Postman Collections to be updated for VCs
- https://dev.ishare.eu/introduction/specific-technical-standards add VC related standards
- https://dev.ishare.eu/introduction/conformance-test-tool add for VCs
- add page for M2M access token using VC
- Refer to the specifications for a new token creation endpoint will be defined: https://rajiv-ishare.github.io/m2mvcauth/ (perhaps it needs update)
- add page for M2M VC issuance process
- update https://dev.ishare.eu/authorisation-registry-role/getting-started to include VC for datarights credentials
- add pages for VCs under autorisation registry role
- add page for VC under Entitled party role
- add pages for VCs under Identity Provider role
- add pages for VCs under Participant Registry Role
- add pages for VCs under Service consumer Role
- add pages for VCs under Service Provider Role
- Add the various credentials under Reference
- Following pages needs update:
- Example implementation in Postman Collections.
- postman collections about all types of credentials and its issuance and presenations
- The implementation of the iSHARE satellite for iSHARE as the scheme owner on https://sat.ishare.eu and https://sat.uat.isharetest.net
- Implement VCs
- The public website https://www.ishare.eu
- update to explain the VCs relation to iSHARE in easy to understand language
- Authorization Registry test implementation: https://ar.isharetest.net/
- updated version which works with VCs
- The Conformance Test Tool: https://ctt.isharetest.net/admin/account/login, tests listed on https://ctt.isharetest.net/admin/test-cases
- add tests for VCs - issuance and presentations
Implementation
Release schedule
- Will be part of release 3.0
Communication
-
TODO: Describe communication requirements