Policy Evaluation Error When Using Custom ParticipantCredential in MVD

[Zhipeng-lin1]

Background

Hello everyone,

I was trying out different configurations to understand how policy evaluation works in the MVD (Minimal Viable Data Space), and I ran into an issue that I can't quite figure out.

Setup

I registered a new trusted issuer using DcpPatchExtension:

trustedIssuerRegistry.register(new Issuer("did:web:example.com", Map.of()), WILDCARD);

Then I added a new custom VC type to the DefaultScopeMappingFunction:

var contextMappingFunction = new DefaultScopeMappingFunction(Set.of(
    "org.eclipse.edc.vc.type:MembershipCredential:read",
    "org.eclipse.edc.vc.type:ParticipantCredential:read"
));

All the evaluation function only return true.

---

Issue

When I make the following request:

POST {{HOST}}/api/management/v3/catalog/request

I get the following error (screenshot):

However, if I replace the line:

"org.eclipse.edc.vc.type:ParticipantCredential:read"

with:

"org.eclipse.edc.vc.type:DataProcessorCredential:read"

then the call works properly and returns the catalog as expected.

---

The ParticipantCredential I’m Using

Here’s an example of the ParticipantCredential:

{
  "participantContextId": "did:web:localhost%3A7083",
  "id": "f3142dad-8e74-4ac4-b76a-2bd350b5b786",
  "timestamp": 1745483061653,
  "issuerId": "did:web:upcxels.dev.sparsity-technologies.com",
  "holderId": "https://localhost:8000/api/verification/credentials/7f784858-beaa-49f9-b17e-8d4e5f0fb0d9#subject",
  "verifiableCredential": {
    "rawVc": "eyJhbGciOiJIUzI1NiIsInR5cCI6I.............",
    "format": "VC1_0_JWT",
    "credential": {
      "id": "https://localhost:8000/api/verification/credentials/7f784858-beaa-49f9-b17e-8d4e5f0fb0d9",
      "type": [
        "VerifiableCredential",
        "ParticipantCredential"
      ],
      "issuer": {
        "id": "did:web:example.com"
      },
      "issuanceDate": "2025-04-24T08:24:20.332370Z",
      "credentialSubject": [
        {
          "id": "https://localhost:8000/api/verification/credentials/7f784858-beaa-49f9-b17e-8d4e5f0fb0d9#subject",
          "gx:legalName": "Gaia-X Association for Data and Cloud AISBL",
          "gx:legalAddress": {
            "gx:countrySubdivisionCode": "BE-BRU"
          },
          "gx:headquarterAddress": {
            "gx:countrySubdivisionCode": "BE-BRU"
          },
          "gx:legalRegistrationNumber": {
            "id": "https://localhost:8000/api/verification/credentials/ed97a537-2693-480d-957f-23201e17f195#subject"
          },
          "gx-terms-and-conditions:gaiaxTermsAndConditions": "70c1d713215f95191a11d38fe2341faed27d19e083917bc8732ca4fea4976700",
          "type": "gx:LegalParticipant"
        }
      ]
    }
  }
}

---

❓ Question

Why does the catalog request fail when I use ParticipantCredential, but works fine with DataProcessorCredential?

Is there something specific that I’m missing in how ParticipantCredential is evaluated or configured for policies?

Any help would be appreciated 🙏

[paullatzelsperger]

Sorry, we won't be able to debug your application for you, but I strongly recommend reading up on EDC Documentation about policies.

Generally though, three parts are needed:

• a policy definition, that you ingest through the management API
• a verifiable credential, which contains in its credential subject the claims needed to evaluate the policy
• a policy evaluation function: a piece of java code that takes the policy and the credential and then evaluates whether the policy is fulfilled or not. this is the connecting link between policy and VC

please not that at this time policy functions are compiled code, i.e. you must have them on the class path at compile time.