NEXIEL
Loading...
Menu

For Relying Parties

OverviewAPISDKPricingUse casesAgeCheck for ClubsAge verificationEUDI guide

For Issuers

OverviewCredential typesNFCAPIDashboardPricingIndustries (Issuers)Use cases

Docs

Docs hubVerify docsIssue docsEducation docsWebhooksWallet architectureRunbooksDeveloper hub
About EUDIPricingBlogContact

Docs · Education Credentials

Education credentials for EUDI & DC4EU

Issue and verify degree, diploma supplement, micro-credential, and classic diploma profiles using JSON-LD and SD-JWT VC formats. This guide splits the workflow into Issuer and Verifier responsibilities, with anchored sections you can link from onboarding materials.

Issuer guide →Verifier guide →Status & monitoring →

Signing & trust

Standard signing now, qualified trust queued

Nexiel treats signing mode and timestamping as first-class metadata. Issuances today use standard cryptographic signing keys, and tenants can preconfigure qualified seal/timestamp settings so they can be enabled quickly once qualified trust services are available.

Standard cryptographic signing (available today)

Every JSON‑LD and SD‑JWT diploma issued through Nexiel includes tamper‑evident cryptographic proof, StatusList2021 status checking, and issuance/audit telemetry so you can evidence what was delivered and when.

Irish qualified trust services (planned / pending qualification)

Nexiel is preparing to provide qualified trust services in Ireland (Qualified eSeal and Qualified eTimestamp) in line with the eIDAS framework, subject to successful conformity assessment and being listed on Ireland’s Trusted List. After qualification, all new issuances can include the qualified seal and timestamp without changing your workflows (re-issuance available on request).

Operational visibility

Dashboards show, per credential, whether it was issued with standard signing or with qualified trust services, so compliance teams can track assurance level during rollout.

Previously issued credentials can be re-issued with qualified trust services on request.

Format selection

Nexiel’s template engine emits both formats from a single award event. Wallets request their preferred format at redemption time, and the dashboard/audit logs record what was delivered.

GoalRecommended formatWhy
Europass / ELM interoperabilityJSON-LD Verifiable CredentialFull semantic compatibility with Europass EDCI + SHACL/JSON Schema validation.
Selective disclosure for EUDI/DC4EU walletsSD-JWT VC (preferred)Holders choose which claims to disclose; aligns with RFC 9421 / EBSI selective disclosure guidance.
Dual deliveryIssue both formatsArchive-friendly JSON-LD plus privacy-preserving SD-JWT from a single award event.

Issuers

University issuer guide

1Award event (SIS / admin)2Credential draft (ELM template)3OpenID4VCI offer (QR / link)4Wallet redemption (token)5Dual signing (JSON-LD + SD-JWT)6Status publication7Audit logging

Endpoints & flows

  • /.well-known/openid-credential-issuerAdvertises supported profiles + formats.
  • POST /api/v1/admin/credentials/offersCreate offers from dashboard, SIS, or API.
  • POST /oauth/tokenWallet exchanges pre-authorised code for credential access token.
  • POST /credentialDelivers JSON-LD VC, SD-JWT VC, or both depending on wallet request.

Onboarding checklist

  • Legal + accreditation check (DEQAR / HEA / LOTL).
  • DID + key registration (`did:web` recommended) with documented rotation.
  • Choose credential profiles (degree, diploma supplement, micro-credential, diploma).
  • Configure StatusList2021 + optional EBSI CRL/Bloom endpoint.
  • Wire SIS/SFTP feed or use dashboard CSV for award events.
  • Run a pilot issuance with a verifier partner before production cutover.

Dual artifacts

Nexiel stores both the JSON-LD payload and the SD-JWT combined token (credential + disclosures) in the encrypted issuance record. Admins can download either artifact from `/dashboard/credentials`, and audit logs retain the `issued_format`, `preferred_format`, profile ID, and StatusList pointer.

Verifiers

Verifier guide

1Presentation definition (OpenID4VP)2Wallet submits VP token3Signature + disclosure check4Issuer trust (EBSI TIR / registry cache)5StatusList2021 / CRL evaluation6Policy + schema validation7Decision + consent log

Verifier endpoints

  • /.well-known/openid-configurationOptional OpenID4VP discovery for wallets.
  • POST /presentation/requestDefine required claims + policies for a verification session.
  • POST /presentation/callbackReceives VP token + disclosures.
  • POST /api/v1/verifyProgrammatic verification for ATS/HRIS or SIS portals.

Verification policy

  • Nonce + audience validation for every OpenID4VP response.
  • JSON-LD: verify proof against issuer DID. SD-JWT: re-hash disclosures and compare to `_sd` digests.
  • Resolve issuer accreditation from the cached registry (`IssuerRegistryCache`, DEQAR, HEA IE, LOTL/EUTL).
  • Evaluate StatusList2021 (or CRL/Bloom) pointer before trusting claims.
  • Enforce learning-outcome policies (ECTS, EQF level, award date) via schema validation.
  • Write every decision to `EudiAuditLog` or your own downstream log for GDPR traceability.

Monitoring

Status, evidence, and registry health

StatusList2021

Each credential reserves a bit. Revocations flip the bit and broadcast `credential.revoked` with the previous `issued_format` plus the StatusList URL/index. Dashboards link directly to the public list.

Evidence packs

Automated DEQAR/EWP/HEA/LOTL matches and manual uploads are stored in `IssuerEvidence`. Compliance → Consent Logs & Evidence lets reviewers inspect the exact snapshot that informed a QEAA vs. PuB-EAA decision.

Registry syncs

The wallet onboarding dashboard surfaces DEQAR/EWP/HEA/EUTL freshness, last-run timestamps, and override buttons. Sync jobs run nightly at 02:00 UTC with advisory locks to avoid duplicates.

Resources & next steps

Marketing overview

Share the public explainer with university stakeholders.

Visit the education solutions page →

API references