Skip to main content
European CommissionEBSI European Blockchain

How to fill trusted registries

Last updated on

Introduction

To insert transactions into the underlying blockchain, a Legal Entity must have a valid Verifiable Credential (VC) for the specified purpose and request an access token with the appropriate scope.

Scope definitions

To help understand the context and requirements for each scope used in the process, the following table provides a detailed explanation of the scopes.

ScopeRequired Verifiable CredentialGranted Access
didr_inviteVerifiableAuthorisationToOnboardCan register DID into DID Registry
tir_inviteVerifiableAuthorisationForTrustChain or
VerifiableAccreditationToAttest or
VerifiableAccreditationToAccredit
Can register VC into Trusted Issuers Registry
didr_write
tir_write
No credentials are required, but the client must be a Trusted Issuer.Can fully manipulate DID Registry and Trusted Issuers Registry

Sequence diagram

Step-by-step guide

1. Query presentation definition requirements

To start, query the Presentation definitions endpoint to get the requirements for the vp_token.

This endpoint can list all possible definitions or select one with the desired scope. Use the query parameter scope with a space-separated list of values.

Presentation definition query example
GET https://api-conformance.ebsi.eu/authorisation/v3/presentation-definitions?scope=openid+didr_invite

{
id: 'didr_invite_presentation',
input_descriptors: [
{
id: 'didr_invite_credential',
name: 'Accreditation to write to the DID Registry',
purpose: 'Please present a valid VerifiableAuthorisationToOnboard issued by Root TAO or TAO',
format: { jwt_vc: { alg: [ 'ES256' ] } },
constraints: {
fields: [
{
path: [ '$.vc.type' ],
filter: {
type: 'array',
contains: { const: 'VerifiableAuthorisationToOnboard' }
}
}
]
}
}
],
format: { jwt_vc: { alg: [ 'ES256' ] }, jwt_vp: { alg: [ 'ES256' ] } }
}

2. Request token

After handling the Presentation Definition requirements, form a Verifiable Presentation (VP) Token with Presentation Submission and send it to the Token Endpoint with grant_type=vp_token and the requested scopes. The response will include an Access Token, which can be used with EBSI Services.

Token request example
HTTP POST into: https://api-conformance.ebsi.eu/conformance/v3/auth-mock/token

grant_type=vp_token
&scope=openid+didr_invite
&vp_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImRpZDplYnNpOnpkUGoxR1BYamZFUlh4WFBFMVlUWWRKIzdqM1RwYU5kUE5UT3pPdG91T09rbmxPTFFrM0pQLXlrVGZyYVd0WTNHTUUifQ.eyJpc3MiOiJkaWQ6ZWJzaTp6ZFBqMUdQWGpmRVJYeFhQRTFZVFlkSiIsImF1ZCI6Imh0dHBzOi8vYXBpLWNvbmZvcm1hbmNlLmVic2kuZXUvY29uZm9ybWFuY2UvdjMvYXV0aC1tb2NrIiwic3ViIjoiZGlkOmVic2k6emRQajFHUFhqZkVSWHhYUEUxWVRZZEoiLCJpYXQiOjE1ODk2OTkyNjAsIm5iZiI6MTU4OTY5OTI2MCwiZXhwIjoxNTg5Njk5MjYwLCJub25jZSI6InhqZk9VTmY1OWFzZm4yM2ZOazEyM2tmbHNEIiwianRpIjoidXJuOnV1aWQ6MDcwNjA2MWEtZTJjYS00NjE0LTlkZTctOWMxNDUxOTM1ZjAyIiwidnAiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiXSwiaWQiOiJ1cm46dXVpZDowNzA2MDYxYS1lMmNhLTQ2MTQtOWRlNy05YzE0NTE5MzVmMDIiLCJ0eXBlIjpbIlZlcmlmaWFibGVQcmVzZW50YXRpb24iXSwiaG9sZGVyIjoiZGlkOmVic2k6emRQajFHUFhqZkVSWHhYUEUxWVRZZEoiLCJ2ZXJpZmlhYmxlQ3JlZGVudGlhbCI6WyJleUowZVhBaU9pSktWMVFpTENKaGJHY2lPaUpGVXpJMU5pSXNJbXRwWkNJNkltUnBaRHBsWW5OcE9ucDJTRmRZTXpVNVFUTkRkbVpLYmtOWllVRnBRV1JsSTBZd2NqVlBlWFJmYkdGb2RuWjZOazFYYkZsek0yMWpXVTVMV21scFVXUlZabkYyT0hSemFFaE9PWGNpZlEuZXlKcGMzTWlPaUprYVdRNlpXSnphVHA2ZGtoWFdETTFPVUV6UTNabVNtNURXV0ZCYVVGa1pTSXNJbk4xWWlJNkltUnBaRHBsWW5OcE9ucGtVR294UjFCWWFtWkZVbGg0V0ZCRk1WbFVXV1JLSWl3aWFXRjBJam94TlRnNU5qazVNall3TENKdVltWWlPakUxT0RrMk9Ua3lOakFzSW1WNGNDSTZNVFU0T1RZNU9USTJNQ3dpYW5ScElqb2lkWEp1T25WMWFXUjFibVJsWm1sdVpXUWlMQ0oyWXlJNmV5SkFZMjl1ZEdWNGRDSTZXeUpvZEhSd2N6b3ZMM2QzZHk1M015NXZjbWN2TWpBeE9DOWpjbVZrWlc1MGFXRnNjeTkyTVNKZExDSnBaQ0k2SW5WeWJqcDFkV2xrT25WdVpHVm1hVzVsWkNJc0luUjVjR1VpT2xzaVZtVnlhV1pwWVdKc1pVTnlaV1JsYm5ScFlXd2lMQ0pXWlhKcFptbGhZbXhsUVhSMFpYTjBZWFJwYjI0aUxDSldaWEpwWm1saFlteGxRWFYwYUc5eWFYTmhkR2x2YmxSdlQyNWliMkZ5WkNKZExDSnBjM04xWVc1alpVUmhkR1VpT2lJeU1ESXdMVEExTFRFM1ZEQTNPakEzT2pRd1dpSXNJblpoYkdsa1JuSnZiU0k2SWpJd01qQXRNRFV0TVRkVU1EYzZNRGM2TkRCYUlpd2lkbUZzYVdSVmJuUnBiQ0k2SWpJd01qQXRNRFV0TVRkVU1EYzZNRGM2TkRCYUlpd2laWGh3YVhKaGRHbHZia1JoZEdVaU9pSXlNREl3TFRBMUxURTNWREEzT2pBM09qUXdXaUlzSW1semMzVmxaQ0k2SWpJd01qQXRNRFV0TVRkVU1EYzZNRGM2TkRCYUlpd2lZM0psWkdWdWRHbGhiRk4xWW1wbFkzUWlPbnNpYVdRaU9pSmthV1E2WldKemFUcDZaRkJxTVVkUVdHcG1SVkpZZUZoUVJURlpWRmxrU2lKOUxDSmpjbVZrWlc1MGFXRnNVMk5vWlcxaElqcDdJbWxrSWpvaWFIUjBjSE02THk5aGNHa3RjR2xzYjNRdVpXSnphUzVsZFM5MGNuVnpkR1ZrTFhOamFHVnRZWE10Y21WbmFYTjBjbmt2ZGpJdmMyTm9aVzFoY3k4d2VESXpNRE01WlRZek5UWmxZVFppTnpBelkyVTJOekpsTjJObVlXTXdZalF5TnpZMVlqRTFNR1kyTTJSbU56aGxNbUprTVRoaFpUYzROVGM0TjJZMllUSWlMQ0owZVhCbElqb2lSblZzYkVwemIyNVRZMmhsYldGV1lXeHBaR0YwYjNJeU1ESXhJbjE5ZlEuam9HQjhqNHNWVjh4MDBmR2o4WnFlQU9BNjRJeHJaQk41U3B6VFlEdEx4X3R6WWhycWUtX0lURF9ydkllcXBRNEJ3a1Y2M1FsNnNJZ2R5U2lkZVM5LWciXX19.zkJwHFLAjE5RxelSGsX9KmdanVgE6bEFV-eH4rAgC8W36jKpiST8QcBIvk_Uqu3pGjiAd9tHw3Akjm5gCHqjtg
&presentation_submission=%7B%22id%22%3A%2243272b32-8f3b-4f8c-9e14-579f66457825%22%2C%22definition_id%22%3A%22didr_invite_presentation%22%2C%22descriptor_map%22%3A%5B%7B%22id%22%3A%22didr_invite_credential%22%2C%22format%22%3A%22jwt_vp%22%2C%22path%22%3A%22%24%22%2C%22path_nested%22%3A%7B%22id%22%3A%22didr_invite_credential%22%2C%22format%22%3A%22jwt_vc%22%2C%22path%22%3A%22%24.verifiableCredential%5B0%5D%22%7D%7D%5D%7D

JWT Header:
{
typ: 'JWT',
alg: 'ES256',
kid: 'did:ebsi:zdPj1GPXjfERXxXPE1YTYdJ#7j3TpaNdPNTOzOtouOOknlOLQk3JP-ykTfraWtY3GME'
}
JWT Payload:
{
iss: 'did:ebsi:zdPj1GPXjfERXxXPE1YTYdJ',
aud: 'https://api-conformance.ebsi.eu/conformance/v3/auth-mock',
sub: 'did:ebsi:zdPj1GPXjfERXxXPE1YTYdJ',
iat: 1589699260,
nbf: 1589699260,
exp: 1589699260,
nonce: 'xjfOUNf59asfn23fNk123kflsD',
jti: 'urn:uuid:0706061a-e2ca-4614-9de7-9c1451935f02',
vp: {
'@context': [ 'https://www.w3.org/2018/credentials/v1' ],
id: 'urn:uuid:0706061a-e2ca-4614-9de7-9c1451935f02',
type: [ 'VerifiablePresentation' ],
holder: 'did:ebsi:zdPj1GPXjfERXxXPE1YTYdJ',
verifiableCredential: [
'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImRpZDplYnNpOnp2SFdYMzU5QTNDdmZKbkNZYUFpQWRlI0YwcjVPeXRfbGFodnZ6Nk1XbFlzM21jWU5LWmlpUWRVZnF2OHRzaEhOOXcifQ.eyJpc3MiOiJkaWQ6ZWJzaTp6dkhXWDM1OUEzQ3ZmSm5DWWFBaUFkZSIsInN1YiI6ImRpZDplYnNpOnpkUGoxR1BYamZFUlh4WFBFMVlUWWRKIiwiaWF0IjoxNTg5Njk5MjYwLCJuYmYiOjE1ODk2OTkyNjAsImV4cCI6MTU4OTY5OTI2MCwianRpIjoidXJuOnV1aWR1bmRlZmluZWQiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSJdLCJpZCI6InVybjp1dWlkOnVuZGVmaW5lZCIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJWZXJpZmlhYmxlQXR0ZXN0YXRpb24iLCJWZXJpZmlhYmxlQXV0aG9yaXNhdGlvblRvT25ib2FyZCJdLCJpc3N1YW5jZURhdGUiOiIyMDIwLTA1LTE3VDA3OjA3OjQwWiIsInZhbGlkRnJvbSI6IjIwMjAtMDUtMTdUMDc6MDc6NDBaIiwidmFsaWRVbnRpbCI6IjIwMjAtMDUtMTdUMDc6MDc6NDBaIiwiZXhwaXJhdGlvbkRhdGUiOiIyMDIwLTA1LTE3VDA3OjA3OjQwWiIsImlzc3VlZCI6IjIwMjAtMDUtMTdUMDc6MDc6NDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6ZWJzaTp6ZFBqMUdQWGpmRVJYeFhQRTFZVFlkSiJ9LCJjcmVkZW50aWFsU2NoZW1hIjp7ImlkIjoiaHR0cHM6Ly9hcGktcGlsb3QuZWJzaS5ldS90cnVzdGVkLXNjaGVtYXMtcmVnaXN0cnkvdjIvc2NoZW1hcy8weDIzMDM5ZTYzNTZlYTZiNzAzY2U2NzJlN2NmYWMwYjQyNzY1YjE1MGY2M2RmNzhlMmJkMThhZTc4NTc4N2Y2YTIiLCJ0eXBlIjoiRnVsbEpzb25TY2hlbWFWYWxpZGF0b3IyMDIxIn19fQ.joGB8j4sVV8x00fGj8ZqeAOA64IxrZBN5SpzTYDtLx_tzYhrqe-_ITD_rvIeqpQ4BwkV63Ql6sIgdySideS9-g'
]
}
}

3. Filling the Trusted Registry

After obtaining the Access Token in Step 2, the next step involves interacting with the Trusted Registry using its JSON RPC API. This includes selecting and utilising the appropriate method based on specific requirements. The process generally involves building a transaction, receiving the Ethereum transaction for signing, and then submitting the signed transaction back to the Trusted Registry.

The available methods and their required parameters are detailed in the TIR JSON-RPC API documentation.