#Frequently Asked Questions

This page addresses common questions about the walt.id Enterprise Stack.

#General Questions

Q: What is the walt.id Enterprise Stack?

A: The walt.id Enterprise Stack enables businesses and governments to offer highly scalable, reliable, and secure digital identity solutions (issuer, verifier, wallet) across industries and ecosystems. It builds on top of the Community Stack and adds enterprise capabilities like multi-tenancy support, built-in GUI management tools, lifecycle management, credential revocation mechanisms, logs, audits, pre-built integrations, and more. Learn more here

Q: What's the difference between the Community Stack and Enterprise Stack?

A: The Community Stack is open-source and designed for simpler use cases where you manage your own infrastructure. It's stateless and typically deployed as single instances via Docker. The Enterprise Stack builds on top of the Community Stack and adds enterprise capabilities such as multi-tenancy support, built-in GUI management tools, lifecycle management, credential revocation mechanisms, logs, audits, pre-built integrations, and more. The Enterprise Stack is ideal for large organizations, governments, and businesses offering digital identity platforms or SaaS solutions that need to scale. Learn more about the Community Stack.

Q: Who should use the Enterprise Stack?

A: The Enterprise Stack is ideal for:

• Large organizations and/or governments that need scalable digital identity solutions
• Businesses building identity platforms or SaaS solutions that need to scale
• Organizations requiring enterprise-grade features like multi-tenancy, audit logs, and compliance tools
• Organizations requiring high uptime and robust security features

Q: What are the main components of the Enterprise Stack?

A: The Enterprise Stack consists of:

• Organizations: Top-level accounts that can contain multiple tenants
• Tenants: Containers for services that can be nested (sub-tenants)
• Services: Functional capabilities including KMS Service, DID Service, Issuer Service, Verifier Service, Wallet Service, Credential Status Service, and more
• Administration: Role-based access control with accounts, API keys, and permissions
• User Interfaces: Built-in GUI for managing services and viewing analytics

Q: What credential formats does the Enterprise Stack support?

A: The Enterprise Stack supports multiple credential formats including:

• SD-JWT VC (IETF): Selective Disclosure JSON Web Token Verifiable Credentials
• W3C Verifiable Credentials: Versions 1.1+ and 2.0 with JWT and SD-JWT signatures
• ISO 18013-5 mDL: Mobile Driver's License format
• Custom formats: The system is extensible to support new or proprietary formats

Q: Which protocols and standards are supported?

A: The Enterprise Stack supports:

• OID4VCI: Draft 11 and Draft 13 for credential issuance
• OID4VP: Draft 14, 20 for credential verification
• ISO/IEC 18013-7: For mobile driver's license exchange
• Multiple DID methods: did:key, did:jwk, did:web, did:cheqd, and more
• Credential Status: StatusList2021, Bitstring Status List, Token Status List, RevocationList2020

#Architecture & Multi-Tenancy

Q: How does the Enterprise Stack architecture work?

A: The Enterprise Stack uses a hierarchical resource structure:

1. Organizations: Top-level accounts (e.g., waltid)
2. Tenants: Containers for services within organizations (e.g., waltid.tenant1)
3. Sub-tenants: Nested tenants with unlimited nesting levels
4. Services: Functional capabilities within tenants (e.g., waltid.tenant1.issuer1)
5. Service Data: Data specific to each service

Q: What is multi-tenancy and how does it work?

A: Multi-tenancy allows you to:

• Separate data: Services and data inside tenants are kept separate
• Manage customers: Group different customers as tenants or sub-tenants
• B2B2C products: Build and sell products to business clients who offer consumer products
• Unlimited nesting: Create sub-tenants inside tenants with no limit to nesting levels
• Virtual separation: Keep services and data virtually separate while managing them under one roof

Q: How do I identify resources in the Enterprise Stack?

A: Resources are identified using hierarchical identifiers:

• Organization: waltid
• Tenant: waltid.tenant1
• Service: waltid.tenant1.issuer1
• Sub-tenant: waltid.tenant1.subtenant1

Q: What services are available in the Enterprise Stack?

A: The Enterprise Stack offers:

• KMS Service: Manage cryptographic keys
• DID Service: Create decentralized identifiers
• Issuer Service: Sign & issue various digital credentials
• Verifier Service: Request & verify digital credentials
• Wallet Service: Run identity wallets for individuals or organizations
• Credential Status Service: Manage credential status lists
• DID Store Service: Store and manage DIDs
• Credential Store Service: Store and query credentials
• DID Registry: Host did:web documents

#Administration & Access Control

Q: How does access control work in the Enterprise Stack?

A: The Enterprise Stack uses a role-based access control system:

• Super Admin: Highest level of access, can perform all operations without roles
• Accounts: Used primarily for UI access, require assigned roles for permissions
• API Keys: Used for machine access, require assigned roles for permissions
• Roles: Grouped permissions (e.g., create key, delete service) that can be assigned to accounts or API keys

Q: What types of access credentials are available?

A: Three types of access credentials:

• Super Admin: Can perform all operations on the enterprise API and UI out of the box
• Accounts: Primarily used for UI access, must be assigned specific roles for permissions
• API Keys: Programmatic access for interacting with enterprise API, must be assigned specific roles for permissions

Q: How do I create an organization?

A: Organizations can be created by:

• Super Admin: Using the /v1/admin/organizations endpoint
• Any Account: When the create-organization feature is enabled via the Feature Manager
• Automatic Role Assignment: When a new organization is created, an admin role is automatically generated (e.g., waltid.admin)

Q: How do I manage tenants and services?

A: Tenants and services are managed through:

• API endpoints: Programmatic creation and management
• Admin UI: Graphical interface for managing resources
• Role-based permissions: Control who can create and manage resources
• Hierarchical structure: Organize resources in a logical hierarchy

#Setup & Deployment

Q: How do I get started with the Enterprise Stack?

A: Assuming you have an Enterprise Stack License, you can get started in several ways:

1. Quickstart: Use the enterprise quickstart repository with Docker Compose
2. Local Development: Set up locally with Docker and MongoDB
3. Cloud Deployment: Deploy on AWS, Azure, or other cloud platforms
4. On-premise: Deploy in your own infrastructure

If you do not have a Enterprise Stack License yet, please contact us for more information.

Q: What are the system requirements for running the Enterprise Stack?

A: The Enterprise Stack requires:

• Docker: For containerized deployment
• MongoDB: For data persistence (v20.10.14+)

Q: How do I access the Enterprise Stack once it's running?

A: When running locally, you can access:

• Enterprise API: Local
• Admin UI: Available through the enterprise API endpoints

Q: What configuration files are required?

A: The Enterprise Stack requires several configuration files:

• _features.conf: Control which features are enabled
• auth.conf: Authentication settings and token configuration
• database.conf: MongoDB connection and configuration
• enterprise.conf: Enterprise-specific settings
• superadmin-registration.conf: Super admin account configuration
• web.conf: Host and port settings

#Enterprise Features

Q: What enterprise features does the Enterprise Stack offer?

A: The Enterprise Stack provides:

• Scalability & Persistence: Multi-tenancy and parallel instances for load distribution
• Process Automation: Reusable flows and webhook integrations
• Logging & Analytics: Events, metrics, and audit logs with filtering capabilities
• User Interfaces: Built-in UI for managing services and viewing analytics
• Pre-built Integrations: Connect with existing infrastructure (KMS, IAM, etc.)
• Security & Compliance: Fine-grained role-based authentication and compliance tools

Q: What logging and analytics capabilities are available?

A: The Enterprise Stack provides:

• Events and metrics: Track issuance/verification requests, claimed credentials, active wallets
• Filtering: Filter by credential formats, exchange protocols, or ecosystems
• Audit logs: Access comprehensive audit trails
• Streaming: Configure logging events to stream to various systems

#Services & Dependencies

Q: How do service dependencies work?

A: Services can depend on other services to provide functionality:

• Issuer Service: Requires KMS Service for signing credentials
• Wallet Service: May require DID Service and Credential Store Service
• Service configuration: Each service has its own configuration
• Tenant scope: Services must be in the same tenant or sub-tenant to depend on each other

Q: How do I create and manage services?

A: Services are created and managed through:

• API endpoints: Programmatic service creation
• Admin UI: Graphical interface for service management
• Configuration: Each service has its own configuration
• Dependencies: Services can depend on other services within the same tenant

Q: What is the DID Registry Service?

A: The DID Registry Service:

• Lists registered DIDs: Shows all registered DID:web identifiers
• Resolves DIDs: Provides resolution for specific DID:web documents
• Two levels: Organization-level and tenant-level DIDs
• Lightweight: Acts as a registry and resolution layer
• Delegates storage: Uses DID Store Service for persistence

#Security & Compliance

Q: What security features does the Enterprise Stack provide?

A: The Enterprise Stack includes:

• Fine-grained permissions: Role-based access control for all operations
• API key management: Secure programmatic access
• Audit logging: Comprehensive audit trails for compliance
• Multi-tenancy isolation: Secure separation of data and services

Q: How does the Enterprise Stack support compliance?

A: Compliance features include:

• eIDAS2 alignment: Continuous alignment with EU digital ID ecosystem
• Audit logs: Comprehensive logging for compliance requirements
• Role-based access: Fine-grained control over who can access what

#Migration & Integration

Q: Can I migrate from Community Stack to Enterprise Stack?

A: Yes, migration is supported:

• Similar interfaces: Core APIs (Issuer, Verifier, Wallet) have similar interfaces
• Gradual migration: Move services one at a time
• Support available: walt.id can provide migration assistance
• Backward compatibility: Enterprise Stack builds on Community Stack

Q: How do I integrate the Enterprise Stack with my existing systems?

A: Integration options include:

• REST APIs: Use the comprehensive API suite
• Pre-built integrations: Leverage existing connectors
• Webhook support: Connect external business logic

Q: What cloud platforms are supported?

A: The Enterprise Stack supports deployment on any Docker-compatible environment.

#Support & Licensing

Q: Where can I get help with the Enterprise Stack?

A: Several resources are available:

• Documentation: Comprehensive guides and API references
• Enterprise Support: Available for Enterprise Stack customers
• Community: Join our community channel for peer support
• Direct Contact: Contact walt.id for enterprise-specific inquiries

Q: How do I become an Enterprise Stack customer?

A: To become an Enterprise Stack customer:

• Contact walt.id: Reach out for licensing and pricing information

#Still Have Questions?

If you couldn't find the answer to your question here, please:

• Check our comprehensive documentation
• Contact walt.id for enterprise-specific inquiries