Credentials
A credential in DPP Kit is a digitally signed record that makes a verifiable claim about a facility, product, event, or conformity assessment.
What Makes Them Verifiable?
Every credential issued through DPP Kit is a W3C Verifiable Credential (VC). This means:
- Digitally signed — The credential is signed using your organization's private key, creating a cryptographic proof
- Tamper-evident — Any modification to the credential after signing invalidates the signature
- Independently verifiable — Anyone with the credential can verify its authenticity without contacting the issuer
Credential Lifecycle
Draft ──► Active ──► Revoked
│
└──► Deleted (drafts only)
| Status | Description |
|---|---|
| Draft | Work in progress. Can be edited, deleted, or issued. Not yet signed. |
| Active | Issued and signed. The credential is live and verifiable. Cannot be edited. |
| Revoked | Previously active credential that has been invalidated. The revocation is recorded on a status list so verifiers know it's no longer valid. |
Five Credential Types
Each credential type serves a different purpose in the supply chain:
DFR — Digital Facility Record
Identifies a physical facility or location (factory, warehouse, farm). Uses GLN-13 identifiers. Every organization should register their facilities before issuing product credentials.
DPP — Digital Product Passport
Describes a product — its name, SKU, description, and associated facility. Uses GTIN-14 identifiers. This is the core credential type for product transparency.
DTE — Digital Traceability Event
Records supply chain events: transformations (raw materials into products), transactions (handoffs between parties), and associations (linking items together). References DPPs and DFRs to build a supply chain graph.
DCC — Digital Conformity Credential
Attaches third-party certifications, test results, or audit findings to products. Issued by standards bodies or conformity assessment bodies.
DIA — Digital Identity Anchor
A permanent identity record for an organization or entity. Accumulates history over time. Used less frequently than other types.
Metadata vs. Signed Credential
DPP Kit separates metadata (stored in the database for searching and filtering) from the signed credential (stored in the credential storage service). The signed credential is the source of truth — the database metadata exists for convenience.
When you view a credential in DPP Kit, the system verifies the signed credential cryptographically before displaying it.