Scenario

You are a software solution provider building a farm management platform (called FarmTrace), and you have a important customer, ACME Farms, who is a large agricultural farm.

FarmTrace is a tenant and ACME Farms is an organization.

For a more information on the relationship between tenants and organizations, please refer to the organizations documentation.

You want to provide your users with the ability to issue Digital Product Passports (DPPs) for ACME Farms products such as consignments of grain, cattle, or other products.

To do this, FarmTrace will need a:

  • DID: To identity their organization and issue DPPs against cryptographically.
  • Credential Issuer Profile: To represent their organization when issuing DPPs.

A DPP depends on a Credential Issuer Profile to be issued, and the Credential Issuer Profile depends on a DID to be defined.

Implementation

Below is an example of how the TrustStack SDK can be used to issue a DID and Credential Issuer Profile for ACME Farms.

Remember, all operations can be performed via the TrustStack API as well. The TypeScript SDK is not strictly required.

import {TrustStack} from "@truststack/sdk";

// Configure the TrustStack SDK
// Here, we assume "ACME Farms" is an organization on TrustStack
// previously created by you, with an `organizationId` of "acme-farms-id"
const client = new TrustStack({
  apiKey: "YOUR_API_KEY",
  organizationId: "acme-farms-id",
});

// Create a `did:web` identifier for "ACME Farms"
const did = await client.did.createDid({
  name: "acme-farms",
});

// A `did:web` has been created:
//  did:web:trustdid.dev:o:acme-farms-id:acme-farms

// Create a `CredentialIssuerProfile` for "ACME Farms"
// - "name" is the issuer name that will be embedded in the DPP.
// - "identifierId" is the `id` of the `did:web` identifier created above.
const profile = await client.untp.credentialIssuerProfile.create({
  name: "ACME Farms",
  identifierId: did.id,
});

// Construct a DPP
const dpp = await client.untp.dpp.create({
  credentialIssuerProfileId: profile.id,
  validFrom: new Date(),
  validTo: new Date(new Date().getTime() + 1000 * 60 * 60 * 24 * 365),
});

console.log(dpp);

{
  "type": ["VerifiableCredential", "DigitalProductPassport"],
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://test.uncefact.org/vocabulary/untp/dpp/0.5.0/"
  ],
  "id": "https://api.truststack.dev/credentials/<UUID>",
  "issuer": {
    "id": "did:web:trustdid.dev:o:acme-farms-id:acme-farms",
    "name": "ACME Farms"
  },
  "credentialSubject": {
    ...
  }
}

A Digital Product Passport has been created and can be issued to a user, and the credentialIssuerProfile can be used for other DPPs issued by the same organization.

Why have many CredentialIssuerProfile?

You are able to configure many CredentialIssuerProfile for an organization. This could be useful for many reasons, such as a single organization having multiple legal entities, or a requirement to provide different levels of identification for differing products.