From a429b11bbe7b8660474eeaf062a85b24ea3c8ba5 Mon Sep 17 00:00:00 2001
From: Paul Latzelsperger <paul.latzelsperger@beardyinc.com>
Date: Fri, 19 Jul 2024 10:04:45 +0200
Subject: [PATCH 1/4] let the JwtSigner test update all credentials

---
 .../k8s/consumer/membership-credential.json   | 41 ++++++++++
 .../k8s/consumer/pcf-credential.json          | 41 ++++++++++
 ...ential.json => membership-credential.json} |  2 +-
 ...cf-credential.json => pcf-credential.json} |  2 +-
 .../consumer/alice-membership-credential.json | 41 ----------
 .../local/consumer/alice-pcf-credential.json  | 41 ----------
 .../local/consumer/membership-credential.json | 41 ++++++++++
 .../local/consumer/pcf-credential.json        | 41 ++++++++++
 .../provider/bob-membership-credential.json   | 43 -----------
 .../local/provider/bob-pcf-credential.json    | 41 ----------
 .../provider/membership-credential.json}      | 20 ++---
 .../provider/pcf-credential.json}             | 14 ++--
 .../org/eclipse/edc/demo/dcp/JwtSigner.java   | 76 +++++++++++++++++--
 13 files changed, 252 insertions(+), 192 deletions(-)
 create mode 100644 deployment/assets/credentials/k8s/consumer/membership-credential.json
 create mode 100644 deployment/assets/credentials/k8s/consumer/pcf-credential.json
 rename deployment/assets/credentials/k8s/provider/{provider-membership-credential.json => membership-credential.json} (95%)
 rename deployment/assets/credentials/k8s/provider/{provider-pcf-credential.json => pcf-credential.json} (95%)
 delete mode 100644 deployment/assets/credentials/local/consumer/alice-membership-credential.json
 delete mode 100644 deployment/assets/credentials/local/consumer/alice-pcf-credential.json
 create mode 100644 deployment/assets/credentials/local/consumer/membership-credential.json
 create mode 100644 deployment/assets/credentials/local/consumer/pcf-credential.json
 delete mode 100644 deployment/assets/credentials/local/provider/bob-membership-credential.json
 delete mode 100644 deployment/assets/credentials/local/provider/bob-pcf-credential.json
 rename deployment/assets/credentials/{k8s/consumer/consumer-membership-credential.json => local/provider/membership-credential.json} (67%)
 rename deployment/assets/credentials/{k8s/consumer/consumer-pcf-credential.json => local/provider/pcf-credential.json} (72%)

diff --git a/deployment/assets/credentials/k8s/consumer/membership-credential.json b/deployment/assets/credentials/k8s/consumer/membership-credential.json
new file mode 100644
index 00000000..9d520036
--- /dev/null
+++ b/deployment/assets/credentials/k8s/consumer/membership-credential.json
@@ -0,0 +1,41 @@
+{
+  "id": "40e24588-b510-41ca-966c-c1e0f57d1b14",
+  "participantId": "did:web:consumer-identityhub%3A7083:consumer",
+  "timestamp": 1700659822500,
+  "issuerId": "did:example:dataspace-issuer",
+  "holderId": "BPN0000001",
+  "state": 500,
+  "issuancePolicy": null,
+  "reissuancePolicy": null,
+  "verifiableCredential": {
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7ImN4LWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9jYXRlbmF4L2NyZWRlbnRpYWxzLyIsIm1lbWJlcnNoaXAiOiJjeC1jcmVkZW50aWFsczptZW1iZXJzaGlwIiwibWVtYmVyc2hpcFR5cGUiOiJjeC1jcmVkZW50aWFsczptZW1iZXJzaGlwVHlwZSIsIndlYnNpdGUiOiJjeC1jcmVkZW50aWFsczp3ZWJzaXRlIiwiY29udGFjdCI6ImN4LWNyZWRlbnRpYWxzOmNvbnRhY3QiLCJzaW5jZSI6ImN4LWNyZWRlbnRpYWxzOnNpbmNlIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI01lbWJlcnNoaXBDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpjb25zdW1lci1pZGVudGl0eWh1YiUzQTcwODM6Y29uc3VtZXIiLCJtZW1iZXJzaGlwIjp7Im1lbWJlcnNoaXBUeXBlIjoiRnVsbE1lbWJlciIsIndlYnNpdGUiOiJ3d3cud2hhdGV2ZXIuY29tIiwiY29udGFjdCI6Im1peC5tYXhAd2hhdGV2ZXIuY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTcyMTM3NjI2OX0.1E7XUNXvEMT0qSgLum-Q_C5fcz3JapF6PoFhbp2ivEeBKZPNHo_LJR50e7yKksVS7o5aHXS-Ut7BtQBzMzfuBw",
+    "format": "JWT",
+    "credential": {
+      "credentialSubject": [
+        {
+          "claims": {
+            "membershipType": "FullMember",
+            "website": "www.some-other-website.com",
+            "contact": "bar.baz@company.com",
+            "since": "2023-01-01T00:00:00Z"
+          },
+          "id": "did:web:consumer-identityhub%3A7083:consumer"
+        }
+      ],
+      "id": "http://org.yourdataspace.com/credentials/2347",
+      "type": [
+        "VerifiableCredential",
+        "MembershipCredential"
+      ],
+      "issuer": {
+        "id": "did:example:dataspace-issuer",
+        "additionalProperties": {}
+      },
+      "issuanceDate": 1702339200.000000000,
+      "expirationDate": null,
+      "credentialStatus": null,
+      "description": null,
+      "name": null
+    }
+  }
+}
diff --git a/deployment/assets/credentials/k8s/consumer/pcf-credential.json b/deployment/assets/credentials/k8s/consumer/pcf-credential.json
new file mode 100644
index 00000000..1de51a28
--- /dev/null
+++ b/deployment/assets/credentials/k8s/consumer/pcf-credential.json
@@ -0,0 +1,41 @@
+{
+  "id": "40e24588-b510-41ca-966c-c1e0f57d1b15",
+  "participantId": "did:web:consumer-identityhub%3A7083:consumer",
+  "timestamp": 1700659822500,
+  "issuerId": "did:example:dataspace-issuer",
+  "holderId": "BPN0000001",
+  "state": 500,
+  "issuancePolicy": null,
+  "reissuancePolicy": null,
+  "verifiableCredential": {
+    "format": "JWT",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7ImN4LWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9jYXRlbmF4L2NyZWRlbnRpYWxzLyIsImNvbnRyYWN0VGVtcGxhdGUiOiJjeC1jcmVkZW50aWFsczpjb250cmFjdFRlbXBsYXRlIiwiY29udHJhY3RWZXJzaW9uIjoiY3gtY3JlZGVudGlhbHM6Y29udHJhY3RWZXJzaW9uIiwiaG9sZGVySWRlbnRpZmllciI6ImN4LWNyZWRlbnRpYWxzOmhvbGRlcklkZW50aWZpZXIifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jUGNmQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmNvbnN1bWVyIiwiY29udHJhY3RUZW1wbGF0ZSI6Imh0dHBzOi8vcHVibGljLmNhdGVuYS14Lm9yZy9jb250cmFjdHMvcGNmLnYxLnBkZiIsImNvbnRyYWN0VmVyc2lvbiI6IjEuMC4wIiwiaG9sZGVySWRlbnRpZmllciI6IkJQTjAwMDAwMFhZWiJ9fSwiaWF0IjoxNzIxMzc2MjY5fQ.QefZlw6HD7nsYoUTvgAZzHGmDOF3tQfTri0OmsohA1US8SnruaGRt_YLfP5s_VKXcpPIEA8MbIl0ojpjwE2gAg",
+    "credential": {
+      "credentialSubject": [
+        {
+          "claims": {
+            "id": "did:web:consumer-identityhub%3A7083:consumer",
+            "holderIdentifier": "BPN0000001",
+            "useCaseType": "PcfCredential",
+            "contractTemplate": "https://public.catena-x.org/contracts/pcf.v1.pdf",
+            "contractVersion": "1.0.0"
+          }
+        }
+      ],
+      "id": "http://org.yourdataspace.com/credentials/1235",
+      "type": [
+        "VerifiableCredential",
+        "PcfCredential"
+      ],
+      "issuer": {
+        "id": "did:example:dataspace-issuer",
+        "additionalProperties": {}
+      },
+      "issuanceDate": 1702339200.000000000,
+      "expirationDate": null,
+      "credentialStatus": null,
+      "description": null,
+      "name": null
+    }
+  }
+}
diff --git a/deployment/assets/credentials/k8s/provider/provider-membership-credential.json b/deployment/assets/credentials/k8s/provider/membership-credential.json
similarity index 95%
rename from deployment/assets/credentials/k8s/provider/provider-membership-credential.json
rename to deployment/assets/credentials/k8s/provider/membership-credential.json
index 993e151a..7e34ad68 100644
--- a/deployment/assets/credentials/k8s/provider/provider-membership-credential.json
+++ b/deployment/assets/credentials/k8s/provider/membership-credential.json
@@ -8,7 +8,7 @@
   "issuancePolicy": null,
   "reissuancePolicy": null,
   "verifiableCredential": {
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJjeC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvY2F0ZW5heC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoiY3gtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoiY3gtY3JlZGVudGlhbHM6bWVtYmVyc2hpcFR5cGUiLCJ3ZWJzaXRlIjoiY3gtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJjeC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJjeC1jcmVkZW50aWFsczpzaW5jZSJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNNZW1iZXJzaGlwQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6cHJvdmlkZXItaWRlbnRpdHlodWIlM0E3MDgzOnByb3ZpZGVyIiwibWVtYmVyc2hpcCI6eyJtZW1iZXJzaGlwVHlwZSI6IkZ1bGxNZW1iZXIiLCJ3ZWJzaXRlIjoid3d3LndoYXRldmVyLmNvbSIsImNvbnRhY3QiOiJtaXgubWF4QHdoYXRldmVyLmNvbSIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoifX19LCJpYXQiOjE3MjAwOTc2ODJ9.2v-cOMvfNDieH0mLuv3kikTarjqOxuU_AG6zKe1_W_cmhweOLU6Reg1Gft37Tk5Fgun11Lppw298JzSl65a_Cw",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJjeC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvY2F0ZW5heC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoiY3gtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoiY3gtY3JlZGVudGlhbHM6bWVtYmVyc2hpcFR5cGUiLCJ3ZWJzaXRlIjoiY3gtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJjeC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJjeC1jcmVkZW50aWFsczpzaW5jZSJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNNZW1iZXJzaGlwQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6cHJvdmlkZXItaWRlbnRpdHlodWIlM0E3MDgzOnByb3ZpZGVyIiwibWVtYmVyc2hpcCI6eyJtZW1iZXJzaGlwVHlwZSI6IkZ1bGxNZW1iZXIiLCJ3ZWJzaXRlIjoid3d3LndoYXRldmVyLmNvbSIsImNvbnRhY3QiOiJtaXgubWF4QHdoYXRldmVyLmNvbSIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoifX19LCJpYXQiOjE3MjEzNzYyNjh9._zzAQkh9PCdl3YQlRmW4pknXd_IpznVyHFF3iSPdwfMuT1obT2C0llgAyqjX9Ti8-B9dPo5pZiztRezIiFz3CA",
     "format": "JSON_LD",
     "credential": {
       "credentialSubject": [
diff --git a/deployment/assets/credentials/k8s/provider/provider-pcf-credential.json b/deployment/assets/credentials/k8s/provider/pcf-credential.json
similarity index 95%
rename from deployment/assets/credentials/k8s/provider/provider-pcf-credential.json
rename to deployment/assets/credentials/k8s/provider/pcf-credential.json
index 46c5132c..db5f41ec 100644
--- a/deployment/assets/credentials/k8s/provider/provider-pcf-credential.json
+++ b/deployment/assets/credentials/k8s/provider/pcf-credential.json
@@ -9,7 +9,7 @@
   "reissuancePolicy": null,
   "verifiableCredential": {
     "format": "JSON_LD",
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJjeC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvY2F0ZW5heC9jcmVkZW50aWFscy8iLCJjb250cmFjdFRlbXBsYXRlIjoiY3gtY3JlZGVudGlhbHM6Y29udHJhY3RUZW1wbGF0ZSIsImNvbnRyYWN0VmVyc2lvbiI6ImN4LWNyZWRlbnRpYWxzOmNvbnRyYWN0VmVyc2lvbiIsImhvbGRlcklkZW50aWZpZXIiOiJjeC1jcmVkZW50aWFsczpob2xkZXJJZGVudGlmaWVyIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI1BjZkNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpwcm92aWRlciIsImNvbnRyYWN0VGVtcGxhdGUiOiJodHRwczovL3B1YmxpYy5jYXRlbmEteC5vcmcvY29udHJhY3RzL3BjZi52MS5wZGYiLCJjb250cmFjdFZlcnNpb24iOiIxLjAuMCIsImhvbGRlcklkZW50aWZpZXIiOiJCUE4wMDAwMDBYWVoifX0sImlhdCI6MTcyMDA5NzcyNH0.jA5_cpC4h7T-Cspq5tyM5CiVnqCFRG1GBmnsnjcl8QjV3jpwdjd6Qu0-sYkEQzBZjyi0o79no8H8mnRWkN8HAw",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJjeC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvY2F0ZW5heC9jcmVkZW50aWFscy8iLCJjb250cmFjdFRlbXBsYXRlIjoiY3gtY3JlZGVudGlhbHM6Y29udHJhY3RUZW1wbGF0ZSIsImNvbnRyYWN0VmVyc2lvbiI6ImN4LWNyZWRlbnRpYWxzOmNvbnRyYWN0VmVyc2lvbiIsImhvbGRlcklkZW50aWZpZXIiOiJjeC1jcmVkZW50aWFsczpob2xkZXJJZGVudGlmaWVyIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI1BjZkNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpwcm92aWRlciIsImNvbnRyYWN0VGVtcGxhdGUiOiJodHRwczovL3B1YmxpYy5jYXRlbmEteC5vcmcvY29udHJhY3RzL3BjZi52MS5wZGYiLCJjb250cmFjdFZlcnNpb24iOiIxLjAuMCIsImhvbGRlcklkZW50aWZpZXIiOiJCUE4wMDAwMDBYWVoifX0sImlhdCI6MTcyMTM3NjI2OX0.qCj-QF-A319Gy7CH4gi768_lyjvsLPZN-VtJ4WHMGH1l0IJjEVGklbtUucF2ATUNoK-5_Q8cXrRtF_iWDbLnBg",
     "credential": {
       "credentialSubject": [
         {
diff --git a/deployment/assets/credentials/local/consumer/alice-membership-credential.json b/deployment/assets/credentials/local/consumer/alice-membership-credential.json
deleted file mode 100644
index 98ac6121..00000000
--- a/deployment/assets/credentials/local/consumer/alice-membership-credential.json
+++ /dev/null
@@ -1,41 +0,0 @@
-{
-  "id": "40e24588-b510-41ca-966c-c1e0f57d1b14",
-  "participantId": "did:web:localhost%3A7083",
-  "timestamp": 1700659822500,
-  "issuerId": "did:example:dataspace-issuer",
-  "holderId": "BPN0000001",
-  "state": 500,
-  "issuancePolicy": null,
-  "reissuancePolicy": null,
-  "verifiableCredential": {
-    "rawVc": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIja2V5LTEifQ.eyJhdWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwODMiLCJpYXQiOjE3MTMzODY1MTksImlzcyI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJzdWIiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwODMiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJjb250YWN0IjoiY3gtY3JlZGVudGlhbHM6Y29udGFjdCIsImN4LWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9jYXRlbmF4L2NyZWRlbnRpYWxzLyIsIm1lbWJlcnNoaXAiOiJjeC1jcmVkZW50aWFsczptZW1iZXJzaGlwIiwibWVtYmVyc2hpcFR5cGUiOiJjeC1jcmVkZW50aWFsczptZW1iZXJzaGlwVHlwZSIsInNpbmNlIjoiY3gtY3JlZGVudGlhbHM6c2luY2UiLCJ3ZWJzaXRlIjoiY3gtY3JlZGVudGlhbHM6d2Vic2l0ZSJ9XSwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwODMiLCJtZW1iZXJzaGlwIjp7ImNvbnRhY3QiOiJtaXgubWF4QHdoYXRldmVyLmNvbSIsIm1lbWJlcnNoaXBUeXBlIjoiRnVsbE1lbWJlciIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoiLCJ3ZWJzaXRlIjoid3d3LndoYXRldmVyLmNvbSJ9fSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNNZW1iZXJzaGlwQ3JlZGVudGlhbCJdfX0.XpG9YWpzta8YhQxmyW9Df0Fhb8sX1mAY65d7Yxj91DtrtG1DPwYauhnRMwnoLSszJDWXFXyfWmnltWYxPs6GAA",
-    "format": "JWT",
-    "credential": {
-      "credentialSubject": [
-        {
-          "claims": {
-            "membershipType": "FullMember",
-            "website": "www.some-other-website.com",
-            "contact": "bar.baz@company.com",
-            "since": "2023-01-01T00:00:00Z"
-          },
-          "id": "did:web:localhost%3A7083"
-        }
-      ],
-      "id": "http://org.yourdataspace.com/credentials/2347",
-      "type": [
-        "VerifiableCredential",
-        "MembershipCredential"
-      ],
-      "issuer": {
-        "id": "did:example:dataspace-issuer",
-        "additionalProperties": {}
-      },
-      "issuanceDate": 1702339200.000000000,
-      "expirationDate": null,
-      "credentialStatus": null,
-      "description": null,
-      "name": null
-    }
-  }
-}
diff --git a/deployment/assets/credentials/local/consumer/alice-pcf-credential.json b/deployment/assets/credentials/local/consumer/alice-pcf-credential.json
deleted file mode 100644
index a3ceb114..00000000
--- a/deployment/assets/credentials/local/consumer/alice-pcf-credential.json
+++ /dev/null
@@ -1,41 +0,0 @@
-{
-  "id": "40e24588-b510-41ca-966c-c1e0f57d1b15",
-  "participantId": "did:web:localhost%3A7083",
-  "timestamp": 1700659822500,
-  "issuerId": "did:example:dataspace-issuer",
-  "holderId": "BPN0000001",
-  "state": 500,
-  "issuancePolicy": null,
-  "reissuancePolicy": null,
-  "verifiableCredential": {
-    "format": "JWT",
-    "rawVc": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIja2V5LTEifQ.eyJhdWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwODMiLCJpYXQiOjE3MTMzODY1MTksImlzcyI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJzdWIiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwODMiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJjb250cmFjdFRlbXBsYXRlIjoiY3gtY3JlZGVudGlhbHM6Y29udHJhY3RUZW1wbGF0ZSIsImNvbnRyYWN0VmVyc2lvbiI6ImN4LWNyZWRlbnRpYWxzOmNvbnRyYWN0VmVyc2lvbiIsImN4LWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9jYXRlbmF4L2NyZWRlbnRpYWxzLyIsImhvbGRlcklkZW50aWZpZXIiOiJjeC1jcmVkZW50aWFsczpob2xkZXJJZGVudGlmaWVyIn1dLCJjcmVkZW50aWFsU3ViamVjdCI6eyJjb250cmFjdFRlbXBsYXRlIjoiaHR0cHM6Ly9wdWJsaWMuY2F0ZW5hLXgub3JnL2NvbnRyYWN0cy9wY2YudjEucGRmIiwiY29udHJhY3RWZXJzaW9uIjoiMS4wLjAiLCJob2xkZXJJZGVudGlmaWVyIjoiQlBOMDAwMDAwWFlaIiwiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwODMifSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNQY2ZDcmVkZW50aWFsIl19fQ.AVBzmjJAPNZtHXDAHBuBA6W6mTuqKUNYSz4rgXXzrMAhE9hvyY1R2MKVYeTUFP1tZUlke3okwH-tIlnPaCwyAw",
-    "credential": {
-      "credentialSubject": [
-        {
-          "claims": {
-            "id": "did:web:localhost%3A7083",
-            "holderIdentifier": "BPN0000001",
-            "useCaseType": "PcfCredential",
-            "contractTemplate": "https://public.catena-x.org/contracts/pcf.v1.pdf",
-            "contractVersion": "1.0.0"
-          }
-        }
-      ],
-      "id": "http://org.yourdataspace.com/credentials/1235",
-      "type": [
-        "VerifiableCredential",
-        "PcfCredential"
-      ],
-      "issuer": {
-        "id": "did:example:dataspace-issuer",
-        "additionalProperties": {}
-      },
-      "issuanceDate": 1702339200.000000000,
-      "expirationDate": null,
-      "credentialStatus": null,
-      "description": null,
-      "name": null
-    }
-  }
-}
diff --git a/deployment/assets/credentials/local/consumer/membership-credential.json b/deployment/assets/credentials/local/consumer/membership-credential.json
new file mode 100644
index 00000000..6bbc97db
--- /dev/null
+++ b/deployment/assets/credentials/local/consumer/membership-credential.json
@@ -0,0 +1,41 @@
+{
+  "id": "40e24588-b510-41ca-966c-c1e0f57d1b14",
+  "participantId": "did:web:localhost%3A7083",
+  "timestamp": 1700659822500,
+  "issuerId": "did:example:dataspace-issuer",
+  "holderId": "BPN0000001",
+  "state": 500,
+  "issuancePolicy": null,
+  "reissuancePolicy": null,
+  "verifiableCredential": {
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7ImN4LWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9jYXRlbmF4L2NyZWRlbnRpYWxzLyIsIm1lbWJlcnNoaXAiOiJjeC1jcmVkZW50aWFsczptZW1iZXJzaGlwIiwibWVtYmVyc2hpcFR5cGUiOiJjeC1jcmVkZW50aWFsczptZW1iZXJzaGlwVHlwZSIsIndlYnNpdGUiOiJjeC1jcmVkZW50aWFsczp3ZWJzaXRlIiwiY29udGFjdCI6ImN4LWNyZWRlbnRpYWxzOmNvbnRhY3QiLCJzaW5jZSI6ImN4LWNyZWRlbnRpYWxzOnNpbmNlIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI01lbWJlcnNoaXBDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDgzIiwibWVtYmVyc2hpcCI6eyJtZW1iZXJzaGlwVHlwZSI6IkZ1bGxNZW1iZXIiLCJ3ZWJzaXRlIjoid3d3LndoYXRldmVyLmNvbSIsImNvbnRhY3QiOiJtaXgubWF4QHdoYXRldmVyLmNvbSIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoifX19LCJpYXQiOjE3MjEzNzYyNjl9._DAcy8jcL880AW5MIxezOv4lxzoibWAgSo9WdrwARmendNFeGruaIkL7cN7EPxo_ooCl-8XZxEA1PCCXqRozCw",
+    "format": "JWT",
+    "credential": {
+      "credentialSubject": [
+        {
+          "claims": {
+            "membershipType": "FullMember",
+            "website": "www.some-other-website.com",
+            "contact": "bar.baz@company.com",
+            "since": "2023-01-01T00:00:00Z"
+          },
+          "id": "did:web:localhost%3A7083"
+        }
+      ],
+      "id": "http://org.yourdataspace.com/credentials/2347",
+      "type": [
+        "VerifiableCredential",
+        "MembershipCredential"
+      ],
+      "issuer": {
+        "id": "did:example:dataspace-issuer",
+        "additionalProperties": {}
+      },
+      "issuanceDate": 1702339200.000000000,
+      "expirationDate": null,
+      "credentialStatus": null,
+      "description": null,
+      "name": null
+    }
+  }
+}
diff --git a/deployment/assets/credentials/local/consumer/pcf-credential.json b/deployment/assets/credentials/local/consumer/pcf-credential.json
new file mode 100644
index 00000000..42ad37c8
--- /dev/null
+++ b/deployment/assets/credentials/local/consumer/pcf-credential.json
@@ -0,0 +1,41 @@
+{
+  "id": "40e24588-b510-41ca-966c-c1e0f57d1b15",
+  "participantId": "did:web:localhost%3A7083",
+  "timestamp": 1700659822500,
+  "issuerId": "did:example:dataspace-issuer",
+  "holderId": "BPN0000001",
+  "state": 500,
+  "issuancePolicy": null,
+  "reissuancePolicy": null,
+  "verifiableCredential": {
+    "format": "JWT",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7ImN4LWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9jYXRlbmF4L2NyZWRlbnRpYWxzLyIsImNvbnRyYWN0VGVtcGxhdGUiOiJjeC1jcmVkZW50aWFsczpjb250cmFjdFRlbXBsYXRlIiwiY29udHJhY3RWZXJzaW9uIjoiY3gtY3JlZGVudGlhbHM6Y29udHJhY3RWZXJzaW9uIiwiaG9sZGVySWRlbnRpZmllciI6ImN4LWNyZWRlbnRpYWxzOmhvbGRlcklkZW50aWZpZXIifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jUGNmQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6bG9jYWxob3N0JTNBNzA4MyIsImNvbnRyYWN0VGVtcGxhdGUiOiJodHRwczovL3B1YmxpYy5jYXRlbmEteC5vcmcvY29udHJhY3RzL3BjZi52MS5wZGYiLCJjb250cmFjdFZlcnNpb24iOiIxLjAuMCIsImhvbGRlcklkZW50aWZpZXIiOiJCUE4wMDAwMDBYWVoifX0sImlhdCI6MTcyMTM3NjI2OX0.KWUDSwtqrnnzqixmW0Fd1gYGrWMyu3DXd8vvz_Gm7LAMPubcyfY1Do34YAJLvLXy0Qn1E81xsicYMhlDfOi6AA",
+    "credential": {
+      "credentialSubject": [
+        {
+          "claims": {
+            "id": "did:web:localhost%3A7083",
+            "holderIdentifier": "BPN0000001",
+            "useCaseType": "PcfCredential",
+            "contractTemplate": "https://public.catena-x.org/contracts/pcf.v1.pdf",
+            "contractVersion": "1.0.0"
+          }
+        }
+      ],
+      "id": "http://org.yourdataspace.com/credentials/1235",
+      "type": [
+        "VerifiableCredential",
+        "PcfCredential"
+      ],
+      "issuer": {
+        "id": "did:example:dataspace-issuer",
+        "additionalProperties": {}
+      },
+      "issuanceDate": 1702339200.000000000,
+      "expirationDate": null,
+      "credentialStatus": null,
+      "description": null,
+      "name": null
+    }
+  }
+}
diff --git a/deployment/assets/credentials/local/provider/bob-membership-credential.json b/deployment/assets/credentials/local/provider/bob-membership-credential.json
deleted file mode 100644
index 996cd2f2..00000000
--- a/deployment/assets/credentials/local/provider/bob-membership-credential.json
+++ /dev/null
@@ -1,43 +0,0 @@
-{
-  "id": "40e24588-b510-41ca-966c-c1e0f57d1b14",
-  "participantId": "did:web:localhost%3A7093",
-  "timestamp": 1700659822500,
-  "issuerId": "did:example:dataspace-issuer",
-  "holderId": "BPN0000002",
-  "state": 500,
-  "issuancePolicy": null,
-  "reissuancePolicy": null,
-  "verifiableCredential": {
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDkzIiwic3ViIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDkzIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsiY3gtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL2NhdGVuYXgvY3JlZGVudGlhbHMvIiwibWVtYmVyc2hpcCI6ImN4LWNyZWRlbnRpYWxzOm1lbWJlcnNoaXAiLCJtZW1iZXJzaGlwVHlwZSI6ImN4LWNyZWRlbnRpYWxzOm1lbWJlcnNoaXBUeXBlIiwid2Vic2l0ZSI6ImN4LWNyZWRlbnRpYWxzOndlYnNpdGUiLCJjb250YWN0IjoiY3gtY3JlZGVudGlhbHM6Y29udGFjdCIsInNpbmNlIjoiY3gtY3JlZGVudGlhbHM6c2luY2UifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8xMjM0IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMiLCJtZW1iZXJzaGlwIjp7Im1lbWJlcnNoaXBUeXBlIjoiUHJvc3BlY3RNZW1iZXIiLCJ3ZWJzaXRlIjoid3d3LnF1aXp6cXVhenouY29tIiwiY29udGFjdCI6ImZvby5iYXJAcXVpenpxdWF6ei5jb20iLCJzaW5jZSI6IjIwMjMtMDEtMDFUMDA6MDA6MDBaIn19fSwiaWF0IjoxNzE4NDQ2Njg3fQ.u2aVR5QOZfQ0dWZ0tUWSV395so1DFcnBdzjtn4sQ5_1Yx6kILbNYMhyrsmjPwNcaS_zu0yzw3kemKVp7TvHZBw",
-    "format": "JWT",
-    "credential": {
-      "credentialSubject": [
-        {
-          "claims": {
-            "membership": {
-              "contact": "fizz.buzz@quizzquazz.com",
-              "membershipType": "PartialMember",
-              "since": "2023-01-01T00:00:00Z",
-              "website": "www.quizzquazz.com"
-            }
-          },
-          "id": "did:web:localhost%3A7093"
-        }
-      ],
-      "id": "http://org.yourdataspace.com/credentials/1234",
-      "type": [
-        "VerifiableCredential",
-        "MembershipCredential"
-      ],
-      "issuer": {
-        "id": "did:example:dataspace-issuer",
-        "additionalProperties": {}
-      },
-      "issuanceDate": 1702339200.000000000,
-      "expirationDate": null,
-      "credentialStatus": null,
-      "description": null,
-      "name": null
-    }
-  }
-}
diff --git a/deployment/assets/credentials/local/provider/bob-pcf-credential.json b/deployment/assets/credentials/local/provider/bob-pcf-credential.json
deleted file mode 100644
index ad585d6b..00000000
--- a/deployment/assets/credentials/local/provider/bob-pcf-credential.json
+++ /dev/null
@@ -1,41 +0,0 @@
-{
-  "id": "40e24588-b510-41ca-966c-c1e0f57d1ca7",
-  "participantId": "did:web:localhost%3A7093",
-  "timestamp": 1700659822500,
-  "issuerId": "did:example:dataspace-issuer",
-  "holderId": "BPN0000001",
-  "state": 500,
-  "issuancePolicy": null,
-  "reissuancePolicy": null,
-  "verifiableCredential": {
-    "format": "JWT",
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDkzIiwic3ViIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDkzIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsiY3gtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL2NhdGVuYXgvY3JlZGVudGlhbHMvIiwiY29udHJhY3RUZW1wbGF0ZSI6ImN4LWNyZWRlbnRpYWxzOmNvbnRyYWN0VGVtcGxhdGUiLCJjb250cmFjdFZlcnNpb24iOiJjeC1jcmVkZW50aWFsczpjb250cmFjdFZlcnNpb24iLCJob2xkZXJJZGVudGlmaWVyIjoiY3gtY3JlZGVudGlhbHM6aG9sZGVySWRlbnRpZmllciJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNQY2ZDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDkzIiwiY29udHJhY3RUZW1wbGF0ZSI6Imh0dHBzOi8vcHVibGljLmNhdGVuYS14Lm9yZy9jb250cmFjdHMvcGNmLnYxLnBkZiIsImNvbnRyYWN0VmVyc2lvbiI6IjEuMC4wIiwiaG9sZGVySWRlbnRpZmllciI6IkJQTjAwMDAwMFhZWiJ9fSwiaWF0IjoxNzE4NTIxMjQ3fQ.OvyW42QXWrcVoiFOT4NMAxOvuDlR9A61CTTH8sCRBtMo9I_YLCVGMcA2Fs9fAAo41E8ioKP5ayFdCVKibpUrCw",
-    "credential": {
-      "credentialSubject": [
-        {
-          "claims": {
-            "id": "did:web:localhost%3A7093",
-            "holderIdentifier": "BPN0000002",
-            "useCaseType": "PcfCredential",
-            "contractTemplate": "https://public.catena-x.org/contracts/pcf.v1.pdf",
-            "contractVersion": "1.0.0"
-          }
-        }
-      ],
-      "id": "http://org.yourdataspace.com/credentials/1265",
-      "type": [
-        "VerifiableCredential",
-        "UseCaseFrameworkCondition"
-      ],
-      "issuer": {
-        "id": "did:example:dataspace-issuer",
-        "additionalProperties": {}
-      },
-      "issuanceDate": 1702339200.000000000,
-      "expirationDate": null,
-      "credentialStatus": null,
-      "description": null,
-      "name": null
-    }
-  }
-}
diff --git a/deployment/assets/credentials/k8s/consumer/consumer-membership-credential.json b/deployment/assets/credentials/local/provider/membership-credential.json
similarity index 67%
rename from deployment/assets/credentials/k8s/consumer/consumer-membership-credential.json
rename to deployment/assets/credentials/local/provider/membership-credential.json
index af9ed75e..922bbaec 100644
--- a/deployment/assets/credentials/k8s/consumer/consumer-membership-credential.json
+++ b/deployment/assets/credentials/local/provider/membership-credential.json
@@ -1,28 +1,30 @@
 {
   "id": "40e24588-b510-41ca-966c-c1e0f57d1b14",
-  "participantId": "did:web:consumer-identityhub%3A7083:consumer",
+  "participantId": "did:web:localhost%3A7093",
   "timestamp": 1700659822500,
   "issuerId": "did:example:dataspace-issuer",
-  "holderId": "BPN0000001",
+  "holderId": "BPN0000002",
   "state": 500,
   "issuancePolicy": null,
   "reissuancePolicy": null,
   "verifiableCredential": {
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJjeC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvY2F0ZW5heC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoiY3gtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoiY3gtY3JlZGVudGlhbHM6bWVtYmVyc2hpcFR5cGUiLCJ3ZWJzaXRlIjoiY3gtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJjeC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJjeC1jcmVkZW50aWFsczpzaW5jZSJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNNZW1iZXJzaGlwQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmNvbnN1bWVyIiwibWVtYmVyc2hpcCI6eyJtZW1iZXJzaGlwVHlwZSI6IkZ1bGxNZW1iZXIiLCJ3ZWJzaXRlIjoid3d3LndoYXRldmVyLmNvbSIsImNvbnRhY3QiOiJtaXgubWF4QHdoYXRldmVyLmNvbSIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoifX19LCJpYXQiOjE3MjAwOTc3NzV9.xzZEDuPiWbkZNb0piHgjBBbW6o9JOYHEjQyCEaY2TaBpmHyOXU2QYGDOGIWRbOigNOgVsa7IZwjencpywuR2BQ",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJjeC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvY2F0ZW5heC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoiY3gtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoiY3gtY3JlZGVudGlhbHM6bWVtYmVyc2hpcFR5cGUiLCJ3ZWJzaXRlIjoiY3gtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJjeC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJjeC1jcmVkZW50aWFsczpzaW5jZSJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzEyMzQiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNNZW1iZXJzaGlwQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6bG9jYWxob3N0JTNBNzA5MyIsIm1lbWJlcnNoaXAiOnsibWVtYmVyc2hpcFR5cGUiOiJQcm9zcGVjdE1lbWJlciIsIndlYnNpdGUiOiJ3d3cucXVpenpxdWF6ei5jb20iLCJjb250YWN0IjoiZm9vLmJhckBxdWl6enF1YXp6LmNvbSIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoifX19LCJpYXQiOjE3MjEzNzYyNjl9.sx6mPNq14LnifS5i0NhI2mzp5lmpxyC1Iu_yHw3uzucnK7i1tr0gZ5NOHAV48dKRTxX0XZBYlw450tyFeDs_Cg",
     "format": "JWT",
     "credential": {
       "credentialSubject": [
         {
           "claims": {
-            "membershipType": "FullMember",
-            "website": "www.some-other-website.com",
-            "contact": "bar.baz@company.com",
-            "since": "2023-01-01T00:00:00Z"
+            "membership": {
+              "contact": "fizz.buzz@quizzquazz.com",
+              "membershipType": "PartialMember",
+              "since": "2023-01-01T00:00:00Z",
+              "website": "www.quizzquazz.com"
+            }
           },
-          "id": "did:web:consumer-identityhub%3A7083:consumer"
+          "id": "did:web:localhost%3A7093"
         }
       ],
-      "id": "http://org.yourdataspace.com/credentials/2347",
+      "id": "http://org.yourdataspace.com/credentials/1234",
       "type": [
         "VerifiableCredential",
         "MembershipCredential"
diff --git a/deployment/assets/credentials/k8s/consumer/consumer-pcf-credential.json b/deployment/assets/credentials/local/provider/pcf-credential.json
similarity index 72%
rename from deployment/assets/credentials/k8s/consumer/consumer-pcf-credential.json
rename to deployment/assets/credentials/local/provider/pcf-credential.json
index 0a1a0f0c..d49e2741 100644
--- a/deployment/assets/credentials/k8s/consumer/consumer-pcf-credential.json
+++ b/deployment/assets/credentials/local/provider/pcf-credential.json
@@ -1,6 +1,6 @@
 {
-  "id": "40e24588-b510-41ca-966c-c1e0f57d1b15",
-  "participantId": "did:web:consumer-identityhub%3A7083:consumer",
+  "id": "40e24588-b510-41ca-966c-c1e0f57d1ca7",
+  "participantId": "did:web:localhost%3A7093",
   "timestamp": 1700659822500,
   "issuerId": "did:example:dataspace-issuer",
   "holderId": "BPN0000001",
@@ -9,23 +9,23 @@
   "reissuancePolicy": null,
   "verifiableCredential": {
     "format": "JWT",
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJjeC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvY2F0ZW5heC9jcmVkZW50aWFscy8iLCJjb250cmFjdFRlbXBsYXRlIjoiY3gtY3JlZGVudGlhbHM6Y29udHJhY3RUZW1wbGF0ZSIsImNvbnRyYWN0VmVyc2lvbiI6ImN4LWNyZWRlbnRpYWxzOmNvbnRyYWN0VmVyc2lvbiIsImhvbGRlcklkZW50aWZpZXIiOiJjeC1jcmVkZW50aWFsczpob2xkZXJJZGVudGlmaWVyIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI1BjZkNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4Mzpjb25zdW1lciIsImNvbnRyYWN0VGVtcGxhdGUiOiJodHRwczovL3B1YmxpYy5jYXRlbmEteC5vcmcvY29udHJhY3RzL3BjZi52MS5wZGYiLCJjb250cmFjdFZlcnNpb24iOiIxLjAuMCIsImhvbGRlcklkZW50aWZpZXIiOiJCUE4wMDAwMDBYWVoifX0sImlhdCI6MTcyMDA5Nzc1Nn0.KUwa7yvMV3Ty0RxE7WseGJXlgJpVMw_r3u6XwTOng4c7c4lSqehnwy0WhQoXd3WtkKL502R0HV8XuxvKDytnCw",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJjeC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvY2F0ZW5heC9jcmVkZW50aWFscy8iLCJjb250cmFjdFRlbXBsYXRlIjoiY3gtY3JlZGVudGlhbHM6Y29udHJhY3RUZW1wbGF0ZSIsImNvbnRyYWN0VmVyc2lvbiI6ImN4LWNyZWRlbnRpYWxzOmNvbnRyYWN0VmVyc2lvbiIsImhvbGRlcklkZW50aWZpZXIiOiJjeC1jcmVkZW50aWFsczpob2xkZXJJZGVudGlmaWVyIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI1BjZkNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMiLCJjb250cmFjdFRlbXBsYXRlIjoiaHR0cHM6Ly9wdWJsaWMuY2F0ZW5hLXgub3JnL2NvbnRyYWN0cy9wY2YudjEucGRmIiwiY29udHJhY3RWZXJzaW9uIjoiMS4wLjAiLCJob2xkZXJJZGVudGlmaWVyIjoiQlBOMDAwMDAwWFlaIn19LCJpYXQiOjE3MjEzNzYyNjl9.Jtgtl4LrZWoVf6JK8jDGpp6sNfrf5iwgaUYc9R23TntZtLYbtZ82BARmn-nfUC-YYZst3C5Wf9ewYz1eu4v2AQ",
     "credential": {
       "credentialSubject": [
         {
           "claims": {
-            "id": "did:web:consumer-identityhub%3A7083:consumer",
-            "holderIdentifier": "BPN0000001",
+            "id": "did:web:localhost%3A7093",
+            "holderIdentifier": "BPN0000002",
             "useCaseType": "PcfCredential",
             "contractTemplate": "https://public.catena-x.org/contracts/pcf.v1.pdf",
             "contractVersion": "1.0.0"
           }
         }
       ],
-      "id": "http://org.yourdataspace.com/credentials/1235",
+      "id": "http://org.yourdataspace.com/credentials/1265",
       "type": [
         "VerifiableCredential",
-        "PcfCredential"
+        "UseCaseFrameworkCondition"
       ],
       "issuer": {
         "id": "did:example:dataspace-issuer",
diff --git a/launchers/identity-hub/src/test/java/org/eclipse/edc/demo/dcp/JwtSigner.java b/launchers/identity-hub/src/test/java/org/eclipse/edc/demo/dcp/JwtSigner.java
index 22b1719c..be0e553c 100644
--- a/launchers/identity-hub/src/test/java/org/eclipse/edc/demo/dcp/JwtSigner.java
+++ b/launchers/identity-hub/src/test/java/org/eclipse/edc/demo/dcp/JwtSigner.java
@@ -14,6 +14,7 @@
 
 package org.eclipse.edc.demo.dcp;
 
+import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.nimbusds.jose.JOSEException;
 import com.nimbusds.jose.JOSEObjectType;
@@ -21,18 +22,25 @@
 import com.nimbusds.jose.JWSHeader;
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;
+import org.eclipse.edc.identityhub.spi.verifiablecredentials.model.VerifiableCredentialResource;
 import org.eclipse.edc.keys.keyparsers.PemParser;
 import org.eclipse.edc.security.token.jwt.CryptoConverter;
-import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtensionContext;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.ArgumentsProvider;
+import org.junit.jupiter.params.provider.ArgumentsSource;
 
 import java.io.File;
 import java.io.IOException;
 import java.nio.file.Files;
+import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.security.PrivateKey;
 import java.time.Instant;
 import java.util.Date;
 import java.util.Map;
+import java.util.stream.Stream;
 
 import static org.mockito.Mockito.mock;
 
@@ -46,9 +54,13 @@
 public class JwtSigner {
 
     private final ObjectMapper mapper = new ObjectMapper();
+    private static final TypeReference<Map<String, Object>> MAP_TYPE = new TypeReference<>() {
+    };
 
-    @Test
-    void generateJwt() throws JOSEException, IOException {
+    @SuppressWarnings("unchecked")
+    @ParameterizedTest
+    @ArgumentsSource(InputOutputProvider.class)
+    void generateJwt(String rawCredentialFilePAth, File vcResource, String did) throws JOSEException, IOException {
 
         var header = new JWSHeader.Builder(JWSAlgorithm.EdDSA)
                 .keyID("did:example:dataspace-issuer#key-1")
@@ -57,12 +69,12 @@ void generateJwt() throws JOSEException, IOException {
 
 
         //todo: change this to whatever credential JSON you want to sign
-        var credential = mapper.readValue(new File(System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/consumer/membership_vc.json"), Map.class);
+        var credential = mapper.readValue(new File(rawCredentialFilePAth), Map.class);
 
         //todo: change the claims to suit your needs
-        JWTClaimsSet claims = new JWTClaimsSet.Builder()
-                .audience("did:web:bob-identityhub%3A7083:bob")
-                .subject("did:web:bob-identityhub%3A7083:bob")
+        var claims = new JWTClaimsSet.Builder()
+                .audience(did)
+                .subject(did)
                 .issuer("did:example:dataspace-issuer")
                 .claim("vc", credential)
                 .issueTime(Date.from(Instant.now()))
@@ -74,7 +86,12 @@ void generateJwt() throws JOSEException, IOException {
         var jwt = new SignedJWT(header, claims);
         jwt.sign(CryptoConverter.createSignerFor(privateKey));
 
-        System.out.println(jwt.serialize());
+        // replace the "rawVc" field in the output file
+
+        var content = Files.readString(vcResource.toPath());
+        var updatedContent = content.replaceFirst("\"rawVc\":.*,", "\"rawVc\": \"%s\",".formatted(jwt.serialize()));
+//        mapper.writeValue(vcResource, updatedContent);
+        Files.write(vcResource.toPath(), updatedContent.getBytes());
     }
 
     private String readFile(String path) {
@@ -84,4 +101,47 @@ private String readFile(String path) {
             throw new RuntimeException(e);
         }
     }
+
+    private static class InputOutputProvider implements ArgumentsProvider {
+        @Override
+        public Stream<? extends Arguments> provideArguments(ExtensionContext extensionContext) throws Exception {
+            return Stream.of(
+
+                    // PROVIDER credentials, K8S and local
+                    Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/provider/membership_vc.json",
+                            new File( System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/provider/membership-credential.json"),
+                            "did:web:bob-identityhub%3A7083:bob"),
+
+                    Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/provider/pcf_vc.json",
+                            new File( System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/provider/pcf-credential.json"),
+                            "did:web:bob-identityhub%3A7083:bob"),
+
+                    Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/provider/unsigned/membership_vc.json",
+                            new File( System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/provider/membership-credential.json"),
+                            "did:web:bob-identityhub%3A7083:bob"),
+
+                    Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/provider/unsigned/pcf_vc.json",
+                            new File( System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/provider/pcf-credential.json"),
+                            "did:web:bob-identityhub%3A7083:bob"),
+
+                    // CONSUMER credentials, K8S and local
+                    Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/consumer/membership_vc.json",
+                            new File( System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/consumer/membership-credential.json"),
+                            "did:web:alice-identityhub%3A7083:alice"),
+
+                    Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/consumer/pcf_vc.json",
+                            new File( System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/consumer/pcf-credential.json"),
+                            "did:web:alice-identityhub%3A7083:alice"),
+
+                    Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/consumer/unsigned/membership_vc.json",
+                            new File( System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/consumer/membership-credential.json"),
+                            "did:web:alice-identityhub%3A7083:alice"),
+
+                    Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/consumer/unsigned/pcf_vc.json",
+                            new File( System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/consumer/pcf-credential.json"),
+                            "did:web:alice-identityhub%3A7083:alice")
+
+            );
+        }
+    }
 }

From 61924abbca8920e541dcc8472fd51d87f72661bf Mon Sep 17 00:00:00 2001
From: Paul Latzelsperger <paul.latzelsperger@beardyinc.com>
Date: Fri, 19 Jul 2024 12:33:32 +0200
Subject: [PATCH 2/4] change credentials

---
 README.md                                     | 43 ++++++++++---------
 ...ial.json => dataprocessor-credential.json} | 12 +++---
 .../{pcf_vc.json => dataprocessor_vc.json}    | 12 +++---
 .../k8s/consumer/membership-credential.json   |  4 +-
 .../k8s/consumer/membership_vc.json           | 14 +++---
 ...ial.json => dataprocessor-credential.json} | 10 ++---
 .../{pcf_vc.json => dataprocessor_vc.json}    | 13 +++---
 .../k8s/provider/membership-credential.json   |  4 +-
 .../k8s/provider/membership_vc.json           | 12 +++---
 ...ial.json => dataprocessor-credential.json} | 12 +++---
 .../local/consumer/membership-credential.json |  4 +-
 .../{pcf_vc.json => dataprocessor_vc.json}    | 12 +++---
 .../consumer/unsigned/membership_vc.json      | 12 +++---
 ...ial.json => dataprocessor-credential.json} | 10 ++---
 .../local/provider/membership-credential.json |  4 +-
 .../{pcf_vc.json => dataprocessor_vc.json}    | 12 +++---
 .../provider/unsigned/membership_vc.json      | 12 +++---
 .../postman/MVD.postman_collection.json       | 31 +++++++------
 ...> DataAccessCredentialScopeExtractor.java} | 18 +++-----
 .../edc/demo/dcp/core/DcpPatchExtension.java  |  2 +-
 ...tion.java => DataAccessLevelFunction.java} | 21 +++++----
 ...embershipCredentialEvaluationFunction.java |  4 +-
 .../dcp/policy/PolicyEvaluationExtension.java | 26 ++++++-----
 .../edc/demo/dcp/ih/IdentityHubExtension.java |  2 +-
 .../edc/demo/dcp/ih/MvdScopeTransformer.java  |  4 +-
 .../org/eclipse/edc/demo/dcp/JwtSigner.java   | 31 ++++++-------
 26 files changed, 160 insertions(+), 181 deletions(-)
 rename deployment/assets/credentials/k8s/consumer/{pcf-credential.json => dataprocessor-credential.json} (51%)
 rename deployment/assets/credentials/k8s/consumer/{pcf_vc.json => dataprocessor_vc.json} (53%)
 rename deployment/assets/credentials/k8s/provider/{pcf-credential.json => dataprocessor-credential.json} (53%)
 rename deployment/assets/credentials/k8s/provider/{pcf_vc.json => dataprocessor_vc.json} (50%)
 rename deployment/assets/credentials/local/consumer/{pcf-credential.json => dataprocessor-credential.json} (51%)
 rename deployment/assets/credentials/local/consumer/unsigned/{pcf_vc.json => dataprocessor_vc.json} (52%)
 rename deployment/assets/credentials/local/provider/{pcf-credential.json => dataprocessor-credential.json} (52%)
 rename deployment/assets/credentials/local/provider/unsigned/{pcf_vc.json => dataprocessor_vc.json} (52%)
 rename extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/{FrameworkCredentialScopeExtractor.java => DataAccessCredentialScopeExtractor.java} (63%)
 rename extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/{UseCaseFunction.java => DataAccessLevelFunction.java} (70%)

diff --git a/README.md b/README.md
index 5f22c859..572a64fe 100644
--- a/README.md
+++ b/README.md
@@ -14,12 +14,12 @@
         - [1. Build the runtime images](#1-build-the-runtime-images)
     - [Executing REST requests using Postman](#executing-rest-requests-using-postman)
     - [Other caveats, shortcuts and workarounds](#other-caveats-shortcuts-and-workarounds)
-      - [1. In-memory stores in local deployment](#1-in-memory-stores-in-local-deployment)
-      - [2. Policy Extractor](#2-policy-extractor)
-      - [3. Scope-to-criterion transformer](#3-scope-to-criterion-transformer)
-      - [4. DID resolution](#4-did-resolution)
-        - [4.1 `did:web` for participants](#41-didweb-for-participants)
-        - [4.2 `did:example` for the dataspace credential issuer](#42-didexample-for-the-dataspace-credential-issuer) \* [5. No issuance (yet)](#5-no-issuance-yet)
+        - [1. In-memory stores in local deployment](#1-in-memory-stores-in-local-deployment)
+        - [2. Policy Extractor](#2-policy-extractor)
+        - [3. Scope-to-criterion transformer](#3-scope-to-criterion-transformer)
+        - [4. DID resolution](#4-did-resolution)
+            - [4.1 `did:web` for participants](#41-didweb-for-participants)
+            - [4.2 `did:example` for the dataspace credential issuer](#42-didexample-for-the-dataspace-credential-issuer) \* [5. No issuance (yet)](#5-no-issuance-yet)
   <!-- TOC -->
 
 ## Introduction
@@ -70,35 +70,38 @@ Consumer Corp has a connector plus its own IdentityHub.
 ### Data setup
 
 "provider-qna" and "provider-manufacturing" both have two data assets each, named `"asset-1"` and `"asset-2"` but
-neither
-"provider-qna" nor "provider-manufacturing" expose their
-catalog endpoint directly to the internet. Instead, the catalog server (provider company) provides
-a catalog that contains special assets (think: pointers) to both "provider-qna"'s and "provider-manufacturing"'s
-connectors. We call this a "root catalog", and the pointers are called "catalog assets". This means, that by resolving
-the root catalog, and by following the links in it, "Consumer Corp" can resolve the actual asset from "provider-qna" and
-"provider-manufacturing".
+neither "provider-qna" nor "provider-manufacturing" expose their catalog endpoint directly to the internet. Instead, the
+catalog server (provider company) provides a catalog that contains special assets (think: pointers) to both "
+provider-qna"'s and "provider-manufacturing"'s connectors. We call this a "root catalog", and the pointers are called "
+catalog assets". This means, that by resolving the root catalog, and by following the links in it, "Consumer Corp" can
+resolve the actual asset from "provider-qna" and "provider-manufacturing".
 
 ### Access control
 
 Both assets of "provider-qna" and "provider-manufacturing" have some access restrictions on them:
 
-- `asset-1`: requires a membership credential to view and a PCF Use Case credential to negotiate a contract
-- `asset-2`: requires a membership credential to view and a Sustainability Use Case credential to negotiate a contract
+- `asset-1`: requires a membership credential to view and a Data Processor credential to negotiate a contract and
+  transfer data
+- `asset-2`: requires a membership credential to view and a Sensitive Data credential to negotiate a contract
 
 These requirements are formulated as EDC policies. In addition, it is a dataspace rule that
-the `MembershipCredential` must be presented in _every_ request.
+the `MembershipCredential` must be presented in _every_ request. This credential attests that the holder is a member of
+the dataspace.
 
-Furthermore, all connectors are in possession of the `MembershipCredential` as well as a `PcfCredential`. _Neither has
-the `SustainabilityCredential`_! That means that no contract for `asset-2` can be negotiated!
+In this fictitious dataspace, the DataProcessorCredential attests to the "ability of the holder to process data", and
+the SensitiveDataCredential attests to the "ability of the holder to handle sensitive data".
+
+All participants of the dataspace are in possession of the `MembershipCredential` as well as a `DataProcessorCredential`.
+_None possess the `SensitiveDataCredential`_. That means that no contract for `asset-2` can be negotiated!
 For the purposes of this demo the VerifiableCredentials are pre-created and are seeded to the participants' credential
-storage (no issuance).
+storage ([no issuance](#5-no-issuance-yet)).
 
 If the consumer wants to view the consolidated catalog (containing assets from the provider's Q&A and manufacturing
 departments), then negotiate a contract for an asset, and then transfer the asset, she needs to present several
 credentials:
 
 - catalog request: present `MembershipCredential`
-- contract negotiation: `MembershipCredential` and `PcfCredential` or `SustainabilityCredential`, respectively
+- contract negotiation: `MembershipCredential` and `DataProcessorCredential` or `SensitiveDataCredential`, respectively
 - transfer process: `MembershipCredential`
 
 ## Running the demo (inside IntelliJ)
diff --git a/deployment/assets/credentials/k8s/consumer/pcf-credential.json b/deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json
similarity index 51%
rename from deployment/assets/credentials/k8s/consumer/pcf-credential.json
rename to deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json
index 1de51a28..ea34cf64 100644
--- a/deployment/assets/credentials/k8s/consumer/pcf-credential.json
+++ b/deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json
@@ -3,29 +3,27 @@
   "participantId": "did:web:consumer-identityhub%3A7083:consumer",
   "timestamp": 1700659822500,
   "issuerId": "did:example:dataspace-issuer",
-  "holderId": "BPN0000001",
+  "holderId": "did:web:consumer-identityhub%3A7083:consumer",
   "state": 500,
   "issuancePolicy": null,
   "reissuancePolicy": null,
   "verifiableCredential": {
     "format": "JWT",
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7ImN4LWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9jYXRlbmF4L2NyZWRlbnRpYWxzLyIsImNvbnRyYWN0VGVtcGxhdGUiOiJjeC1jcmVkZW50aWFsczpjb250cmFjdFRlbXBsYXRlIiwiY29udHJhY3RWZXJzaW9uIjoiY3gtY3JlZGVudGlhbHM6Y29udHJhY3RWZXJzaW9uIiwiaG9sZGVySWRlbnRpZmllciI6ImN4LWNyZWRlbnRpYWxzOmhvbGRlcklkZW50aWZpZXIifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jUGNmQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmNvbnN1bWVyIiwiY29udHJhY3RUZW1wbGF0ZSI6Imh0dHBzOi8vcHVibGljLmNhdGVuYS14Lm9yZy9jb250cmFjdHMvcGNmLnYxLnBkZiIsImNvbnRyYWN0VmVyc2lvbiI6IjEuMC4wIiwiaG9sZGVySWRlbnRpZmllciI6IkJQTjAwMDAwMFhZWiJ9fSwiaWF0IjoxNzIxMzc2MjY5fQ.QefZlw6HD7nsYoUTvgAZzHGmDOF3tQfTri0OmsohA1US8SnruaGRt_YLfP5s_VKXcpPIEA8MbIl0ojpjwE2gAg",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsImNvbnRyYWN0VmVyc2lvbiI6Im12ZC1jcmVkZW50aWFsczpjb250cmFjdFZlcnNpb24iLCJsZXZlbCI6Im12ZC1jcmVkZW50aWFsczpsZXZlbCJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNEYXRhUHJvY2Vzc29yQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmNvbnN1bWVyIiwiY29udHJhY3RWZXJzaW9uIjoiMS4wLjAiLCJsZXZlbCI6InByb2Nlc3NpbmcifX0sImlhdCI6MTcyMTM4NDg3Mn0.y8vY5eF3VMyt0jGPrfsNn5oQMBDsNgMFGf0aw1zMR4NFuOw7OqaUc-zI2UjMRR00hUz9bykWKqCRK_KwG1pCAw",
     "credential": {
       "credentialSubject": [
         {
           "claims": {
             "id": "did:web:consumer-identityhub%3A7083:consumer",
-            "holderIdentifier": "BPN0000001",
-            "useCaseType": "PcfCredential",
-            "contractTemplate": "https://public.catena-x.org/contracts/pcf.v1.pdf",
-            "contractVersion": "1.0.0"
+            "contractVersion": "1.0.0",
+            "level": "processing"
           }
         }
       ],
       "id": "http://org.yourdataspace.com/credentials/1235",
       "type": [
         "VerifiableCredential",
-        "PcfCredential"
+        "DataProcessorCredential"
       ],
       "issuer": {
         "id": "did:example:dataspace-issuer",
diff --git a/deployment/assets/credentials/k8s/consumer/pcf_vc.json b/deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json
similarity index 53%
rename from deployment/assets/credentials/k8s/consumer/pcf_vc.json
rename to deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json
index be2bc9cb..3684a42e 100644
--- a/deployment/assets/credentials/k8s/consumer/pcf_vc.json
+++ b/deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json
@@ -4,23 +4,21 @@
     "https://w3id.org/security/suites/jws-2020/v1",
     "https://www.w3.org/ns/did/v1",
     {
-      "cx-credentials": "https://w3id.org/catenax/credentials/",
-      "contractTemplate": "cx-credentials:contractTemplate",
-      "contractVersion": "cx-credentials:contractVersion",
-      "holderIdentifier": "cx-credentials:holderIdentifier"
+      "mvd-credentials": "https://w3id.org/mvd/credentials/",
+      "contractVersion": "mvd-credentials:contractVersion",
+      "level": "mvd-credentials:level"
     }
   ],
   "id": "http://org.yourdataspace.com/credentials/2347",
   "type": [
     "VerifiableCredential",
-    "http://org.yourdataspace.com#PcfCredential"
+    "http://org.yourdataspace.com#DataProcessorCredential"
   ],
   "issuer": "did:example:dataspace-issuer",
   "issuanceDate": "2023-08-18T00:00:00Z",
   "credentialSubject": {
     "id": "did:web:consumer-identityhub%3A7083:consumer",
-    "contractTemplate": "https://public.catena-x.org/contracts/pcf.v1.pdf",
     "contractVersion": "1.0.0",
-    "holderIdentifier": "BPN000000XYZ"
+    "level": "processing"
   }
 }
\ No newline at end of file
diff --git a/deployment/assets/credentials/k8s/consumer/membership-credential.json b/deployment/assets/credentials/k8s/consumer/membership-credential.json
index 9d520036..dc54c118 100644
--- a/deployment/assets/credentials/k8s/consumer/membership-credential.json
+++ b/deployment/assets/credentials/k8s/consumer/membership-credential.json
@@ -3,12 +3,12 @@
   "participantId": "did:web:consumer-identityhub%3A7083:consumer",
   "timestamp": 1700659822500,
   "issuerId": "did:example:dataspace-issuer",
-  "holderId": "BPN0000001",
+  "holderId": "did:web:consumer-identityhub%3A7083:consumer",
   "state": 500,
   "issuancePolicy": null,
   "reissuancePolicy": null,
   "verifiableCredential": {
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7ImN4LWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9jYXRlbmF4L2NyZWRlbnRpYWxzLyIsIm1lbWJlcnNoaXAiOiJjeC1jcmVkZW50aWFsczptZW1iZXJzaGlwIiwibWVtYmVyc2hpcFR5cGUiOiJjeC1jcmVkZW50aWFsczptZW1iZXJzaGlwVHlwZSIsIndlYnNpdGUiOiJjeC1jcmVkZW50aWFsczp3ZWJzaXRlIiwiY29udGFjdCI6ImN4LWNyZWRlbnRpYWxzOmNvbnRhY3QiLCJzaW5jZSI6ImN4LWNyZWRlbnRpYWxzOnNpbmNlIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI01lbWJlcnNoaXBDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpjb25zdW1lci1pZGVudGl0eWh1YiUzQTcwODM6Y29uc3VtZXIiLCJtZW1iZXJzaGlwIjp7Im1lbWJlcnNoaXBUeXBlIjoiRnVsbE1lbWJlciIsIndlYnNpdGUiOiJ3d3cud2hhdGV2ZXIuY29tIiwiY29udGFjdCI6Im1peC5tYXhAd2hhdGV2ZXIuY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTcyMTM3NjI2OX0.1E7XUNXvEMT0qSgLum-Q_C5fcz3JapF6PoFhbp2ivEeBKZPNHo_LJR50e7yKksVS7o5aHXS-Ut7BtQBzMzfuBw",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsIm1lbWJlcnNoaXAiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXBUeXBlIiwid2Vic2l0ZSI6Im12ZC1jcmVkZW50aWFsczp3ZWJzaXRlIiwiY29udGFjdCI6Im12ZC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJtdmQtY3JlZGVudGlhbHM6c2luY2UifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4Mzpjb25zdW1lciIsIm1lbWJlcnNoaXAiOnsibWVtYmVyc2hpcFR5cGUiOiJGdWxsTWVtYmVyIiwid2Vic2l0ZSI6Ind3dy53aGF0ZXZlci5jb20iLCJjb250YWN0IjoiZml6ei5idXp6QHdoYXRldmVyLmNvbSIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoifX19LCJpYXQiOjE3MjEzODQ4NzJ9.fmcOHOKLERAta_gMx98fPLvyxiFOYEnZIMGFgr9fiydNGbEGOPrcxuFoh7wqtS2HiKWhjm0zZqld4iAr-c2WBg",
     "format": "JWT",
     "credential": {
       "credentialSubject": [
diff --git a/deployment/assets/credentials/k8s/consumer/membership_vc.json b/deployment/assets/credentials/k8s/consumer/membership_vc.json
index 26e213e0..6aba3b61 100644
--- a/deployment/assets/credentials/k8s/consumer/membership_vc.json
+++ b/deployment/assets/credentials/k8s/consumer/membership_vc.json
@@ -4,12 +4,12 @@
     "https://w3id.org/security/suites/jws-2020/v1",
     "https://www.w3.org/ns/did/v1",
     {
-      "cx-credentials": "https://w3id.org/catenax/credentials/",
-      "membership": "cx-credentials:membership",
-      "membershipType": "cx-credentials:membershipType",
-      "website": "cx-credentials:website",
-      "contact": "cx-credentials:contact",
-      "since": "cx-credentials:since"
+      "mvd-credentials": "https://w3id.org/mvd/credentials/",
+      "membership": "mvd-credentials:membership",
+      "membershipType": "mvd-credentials:membershipType",
+      "website": "mvd-credentials:website",
+      "contact": "mvd-credentials:contact",
+      "since": "mvd-credentials:since"
     }
   ],
   "id": "http://org.yourdataspace.com/credentials/2347",
@@ -24,7 +24,7 @@
     "membership": {
       "membershipType": "FullMember",
       "website": "www.whatever.com",
-      "contact": "mix.max@whatever.com",
+      "contact": "fizz.buzz@whatever.com",
       "since": "2023-01-01T00:00:00Z"
     }
   }
diff --git a/deployment/assets/credentials/k8s/provider/pcf-credential.json b/deployment/assets/credentials/k8s/provider/dataprocessor-credential.json
similarity index 53%
rename from deployment/assets/credentials/k8s/provider/pcf-credential.json
rename to deployment/assets/credentials/k8s/provider/dataprocessor-credential.json
index db5f41ec..da4e84e9 100644
--- a/deployment/assets/credentials/k8s/provider/pcf-credential.json
+++ b/deployment/assets/credentials/k8s/provider/dataprocessor-credential.json
@@ -3,22 +3,20 @@
   "participantId": "did:web:provider-identityhub%3A7083:provider",
   "timestamp": 1700659822500,
   "issuerId": "did:example:dataspace-issuer",
-  "holderId": "BPN0000001",
+  "holderId": "did:web:provider-identityhub%3A7083:provider",
   "state": 500,
   "issuancePolicy": null,
   "reissuancePolicy": null,
   "verifiableCredential": {
     "format": "JSON_LD",
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJjeC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvY2F0ZW5heC9jcmVkZW50aWFscy8iLCJjb250cmFjdFRlbXBsYXRlIjoiY3gtY3JlZGVudGlhbHM6Y29udHJhY3RUZW1wbGF0ZSIsImNvbnRyYWN0VmVyc2lvbiI6ImN4LWNyZWRlbnRpYWxzOmNvbnRyYWN0VmVyc2lvbiIsImhvbGRlcklkZW50aWZpZXIiOiJjeC1jcmVkZW50aWFsczpob2xkZXJJZGVudGlmaWVyIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI1BjZkNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpwcm92aWRlciIsImNvbnRyYWN0VGVtcGxhdGUiOiJodHRwczovL3B1YmxpYy5jYXRlbmEteC5vcmcvY29udHJhY3RzL3BjZi52MS5wZGYiLCJjb250cmFjdFZlcnNpb24iOiIxLjAuMCIsImhvbGRlcklkZW50aWZpZXIiOiJCUE4wMDAwMDBYWVoifX0sImlhdCI6MTcyMTM3NjI2OX0.qCj-QF-A319Gy7CH4gi768_lyjvsLPZN-VtJ4WHMGH1l0IJjEVGklbtUucF2ATUNoK-5_Q8cXrRtF_iWDbLnBg",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJjb250cmFjdFZlcnNpb24iOiJtdmQtY3JlZGVudGlhbHM6Y29udHJhY3RWZXJzaW9uIiwibGV2ZWwiOiJtdmQtY3JlZGVudGlhbHM6bGV2ZWwifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jRGF0YVByb2Nlc3NvckNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpwcm92aWRlciIsImxldmVsIjoicHJvY2Vzc2luZyJ9fSwiaWF0IjoxNzIxMzg0ODcyfQ.nmUHyL1zIjwzSnt_0uQddAT3ULkofNrUYZTSnVBH3uOPmBDO5RdUvfVXrczOPZMi6Psg288vge7J6glEae0fBA",
     "credential": {
       "credentialSubject": [
         {
           "claims": {
             "id": "did:web:provider-identityhub%3A7083:provider",
-            "holderIdentifier": "BPN0000002",
-            "useCaseType": "PcfCredential",
-            "contractTemplate": "https://public.catena-x.org/contracts/pcf.v1.pdf",
-            "contractVersion": "1.0.0"
+            "contractVersion": "1.0.0",
+            "level": "processing"
           }
         }
       ],
diff --git a/deployment/assets/credentials/k8s/provider/pcf_vc.json b/deployment/assets/credentials/k8s/provider/dataprocessor_vc.json
similarity index 50%
rename from deployment/assets/credentials/k8s/provider/pcf_vc.json
rename to deployment/assets/credentials/k8s/provider/dataprocessor_vc.json
index 96ad1e12..34b441c4 100644
--- a/deployment/assets/credentials/k8s/provider/pcf_vc.json
+++ b/deployment/assets/credentials/k8s/provider/dataprocessor_vc.json
@@ -4,23 +4,20 @@
     "https://w3id.org/security/suites/jws-2020/v1",
     "https://www.w3.org/ns/did/v1",
     {
-      "cx-credentials": "https://w3id.org/catenax/credentials/",
-      "contractTemplate": "cx-credentials:contractTemplate",
-      "contractVersion": "cx-credentials:contractVersion",
-      "holderIdentifier": "cx-credentials:holderIdentifier"
+      "mvd-credentials": "https://w3id.org/mvd/credentials/",
+      "contractVersion": "mvd-credentials:contractVersion",
+      "level": "mvd-credentials:level"
     }
   ],
   "id": "http://org.yourdataspace.com/credentials/2347",
   "type": [
     "VerifiableCredential",
-    "http://org.yourdataspace.com#PcfCredential"
+    "http://org.yourdataspace.com#DataProcessorCredential"
   ],
   "issuer": "did:example:dataspace-issuer",
   "issuanceDate": "2023-08-18T00:00:00Z",
   "credentialSubject": {
     "id": "did:web:provider-identityhub%3A7083:provider",
-    "contractTemplate": "https://public.catena-x.org/contracts/pcf.v1.pdf",
-    "contractVersion": "1.0.0",
-    "holderIdentifier": "BPN000000XYZ"
+    "level": "processing"
   }
 }
\ No newline at end of file
diff --git a/deployment/assets/credentials/k8s/provider/membership-credential.json b/deployment/assets/credentials/k8s/provider/membership-credential.json
index 7e34ad68..1daa6819 100644
--- a/deployment/assets/credentials/k8s/provider/membership-credential.json
+++ b/deployment/assets/credentials/k8s/provider/membership-credential.json
@@ -3,12 +3,12 @@
   "participantId": "did:web:provider-identityhub%3A7083:provider",
   "timestamp": 1700659822500,
   "issuerId": "did:example:dataspace-issuer",
-  "holderId": "BPN0000002",
+  "holderId": "did:web:provider-identityhub%3A7083:provider",
   "state": 500,
   "issuancePolicy": null,
   "reissuancePolicy": null,
   "verifiableCredential": {
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJjeC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvY2F0ZW5heC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoiY3gtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoiY3gtY3JlZGVudGlhbHM6bWVtYmVyc2hpcFR5cGUiLCJ3ZWJzaXRlIjoiY3gtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJjeC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJjeC1jcmVkZW50aWFsczpzaW5jZSJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNNZW1iZXJzaGlwQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6cHJvdmlkZXItaWRlbnRpdHlodWIlM0E3MDgzOnByb3ZpZGVyIiwibWVtYmVyc2hpcCI6eyJtZW1iZXJzaGlwVHlwZSI6IkZ1bGxNZW1iZXIiLCJ3ZWJzaXRlIjoid3d3LndoYXRldmVyLmNvbSIsImNvbnRhY3QiOiJtaXgubWF4QHdoYXRldmVyLmNvbSIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoifX19LCJpYXQiOjE3MjEzNzYyNjh9._zzAQkh9PCdl3YQlRmW4pknXd_IpznVyHFF3iSPdwfMuT1obT2C0llgAyqjX9Ti8-B9dPo5pZiztRezIiFz3CA",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXAiLCJtZW1iZXJzaGlwVHlwZSI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwVHlwZSIsIndlYnNpdGUiOiJtdmQtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJtdmQtY3JlZGVudGlhbHM6Y29udGFjdCIsInNpbmNlIjoibXZkLWNyZWRlbnRpYWxzOnNpbmNlIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI01lbWJlcnNoaXBDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6cHJvdmlkZXIiLCJtZW1iZXJzaGlwIjp7Im1lbWJlcnNoaXBUeXBlIjoiRnVsbE1lbWJlciIsIndlYnNpdGUiOiJ3d3cud2hhdGV2ZXIuY29tIiwiY29udGFjdCI6Im1peC5tYXhAd2hhdGV2ZXIuY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTcyMTM4NDg3Mn0.lpiYgm4TA-3Zx-mGagXQ7HfCgCPlPuh5oX8rItwsG721mt2_xACmlUCBFs8W0_GRDyI5GTDl73jegpTI-LnICw",
     "format": "JSON_LD",
     "credential": {
       "credentialSubject": [
diff --git a/deployment/assets/credentials/k8s/provider/membership_vc.json b/deployment/assets/credentials/k8s/provider/membership_vc.json
index 7ebb3bfe..934fe397 100644
--- a/deployment/assets/credentials/k8s/provider/membership_vc.json
+++ b/deployment/assets/credentials/k8s/provider/membership_vc.json
@@ -4,12 +4,12 @@
     "https://w3id.org/security/suites/jws-2020/v1",
     "https://www.w3.org/ns/did/v1",
     {
-      "cx-credentials": "https://w3id.org/catenax/credentials/",
-      "membership": "cx-credentials:membership",
-      "membershipType": "cx-credentials:membershipType",
-      "website": "cx-credentials:website",
-      "contact": "cx-credentials:contact",
-      "since": "cx-credentials:since"
+      "mvd-credentials": "https://w3id.org/mvd/credentials/",
+      "membership": "mvd-credentials:membership",
+      "membershipType": "mvd-credentials:membershipType",
+      "website": "mvd-credentials:website",
+      "contact": "mvd-credentials:contact",
+      "since": "mvd-credentials:since"
     }
   ],
   "id": "http://org.yourdataspace.com/credentials/2347",
diff --git a/deployment/assets/credentials/local/consumer/pcf-credential.json b/deployment/assets/credentials/local/consumer/dataprocessor-credential.json
similarity index 51%
rename from deployment/assets/credentials/local/consumer/pcf-credential.json
rename to deployment/assets/credentials/local/consumer/dataprocessor-credential.json
index 42ad37c8..cb6444d0 100644
--- a/deployment/assets/credentials/local/consumer/pcf-credential.json
+++ b/deployment/assets/credentials/local/consumer/dataprocessor-credential.json
@@ -3,29 +3,27 @@
   "participantId": "did:web:localhost%3A7083",
   "timestamp": 1700659822500,
   "issuerId": "did:example:dataspace-issuer",
-  "holderId": "BPN0000001",
+  "holderId": "did:web:localhost%3A7093",
   "state": 500,
   "issuancePolicy": null,
   "reissuancePolicy": null,
   "verifiableCredential": {
     "format": "JWT",
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7ImN4LWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9jYXRlbmF4L2NyZWRlbnRpYWxzLyIsImNvbnRyYWN0VGVtcGxhdGUiOiJjeC1jcmVkZW50aWFsczpjb250cmFjdFRlbXBsYXRlIiwiY29udHJhY3RWZXJzaW9uIjoiY3gtY3JlZGVudGlhbHM6Y29udHJhY3RWZXJzaW9uIiwiaG9sZGVySWRlbnRpZmllciI6ImN4LWNyZWRlbnRpYWxzOmhvbGRlcklkZW50aWZpZXIifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jUGNmQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6bG9jYWxob3N0JTNBNzA4MyIsImNvbnRyYWN0VGVtcGxhdGUiOiJodHRwczovL3B1YmxpYy5jYXRlbmEteC5vcmcvY29udHJhY3RzL3BjZi52MS5wZGYiLCJjb250cmFjdFZlcnNpb24iOiIxLjAuMCIsImhvbGRlcklkZW50aWZpZXIiOiJCUE4wMDAwMDBYWVoifX0sImlhdCI6MTcyMTM3NjI2OX0.KWUDSwtqrnnzqixmW0Fd1gYGrWMyu3DXd8vvz_Gm7LAMPubcyfY1Do34YAJLvLXy0Qn1E81xsicYMhlDfOi6AA",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsImNvbnRyYWN0VmVyc2lvbiI6Im12ZC1jcmVkZW50aWFsczpjb250cmFjdFZlcnNpb24iLCJsZXZlbCI6Im12ZC1jcmVkZW50aWFsczpsZXZlbCJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNEYXRhUHJvY2Vzc29yQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6bG9jYWxob3N0JTNBNzA4MyIsImNvbnRyYWN0VmVyc2lvbiI6IjEuMC4wIiwibGV2ZWwiOiJwcm9jZXNzaW5nIn19LCJpYXQiOjE3MjEzODQ4NzJ9.rPSA0yvZuiGXnNqXqde-QAYBYXyJ1wDB2-1q2IAiigttX2LbE9paCEvJOXC_hf6Vi1nI-5gzvvIRAESKim2dBw",
     "credential": {
       "credentialSubject": [
         {
           "claims": {
             "id": "did:web:localhost%3A7083",
-            "holderIdentifier": "BPN0000001",
-            "useCaseType": "PcfCredential",
-            "contractTemplate": "https://public.catena-x.org/contracts/pcf.v1.pdf",
-            "contractVersion": "1.0.0"
+            "contractVersion": "1.0.0",
+            "level": "processing"
           }
         }
       ],
       "id": "http://org.yourdataspace.com/credentials/1235",
       "type": [
         "VerifiableCredential",
-        "PcfCredential"
+        "DataProcessorCredential"
       ],
       "issuer": {
         "id": "did:example:dataspace-issuer",
diff --git a/deployment/assets/credentials/local/consumer/membership-credential.json b/deployment/assets/credentials/local/consumer/membership-credential.json
index 6bbc97db..f67c17bc 100644
--- a/deployment/assets/credentials/local/consumer/membership-credential.json
+++ b/deployment/assets/credentials/local/consumer/membership-credential.json
@@ -3,12 +3,12 @@
   "participantId": "did:web:localhost%3A7083",
   "timestamp": 1700659822500,
   "issuerId": "did:example:dataspace-issuer",
-  "holderId": "BPN0000001",
+  "holderId": "did:web:localhost%3A7083",
   "state": 500,
   "issuancePolicy": null,
   "reissuancePolicy": null,
   "verifiableCredential": {
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7ImN4LWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9jYXRlbmF4L2NyZWRlbnRpYWxzLyIsIm1lbWJlcnNoaXAiOiJjeC1jcmVkZW50aWFsczptZW1iZXJzaGlwIiwibWVtYmVyc2hpcFR5cGUiOiJjeC1jcmVkZW50aWFsczptZW1iZXJzaGlwVHlwZSIsIndlYnNpdGUiOiJjeC1jcmVkZW50aWFsczp3ZWJzaXRlIiwiY29udGFjdCI6ImN4LWNyZWRlbnRpYWxzOmNvbnRhY3QiLCJzaW5jZSI6ImN4LWNyZWRlbnRpYWxzOnNpbmNlIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI01lbWJlcnNoaXBDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDgzIiwibWVtYmVyc2hpcCI6eyJtZW1iZXJzaGlwVHlwZSI6IkZ1bGxNZW1iZXIiLCJ3ZWJzaXRlIjoid3d3LndoYXRldmVyLmNvbSIsImNvbnRhY3QiOiJtaXgubWF4QHdoYXRldmVyLmNvbSIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoifX19LCJpYXQiOjE3MjEzNzYyNjl9._DAcy8jcL880AW5MIxezOv4lxzoibWAgSo9WdrwARmendNFeGruaIkL7cN7EPxo_ooCl-8XZxEA1PCCXqRozCw",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsIm1lbWJlcnNoaXAiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXBUeXBlIiwid2Vic2l0ZSI6Im12ZC1jcmVkZW50aWFsczp3ZWJzaXRlIiwiY29udGFjdCI6Im12ZC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJtdmQtY3JlZGVudGlhbHM6c2luY2UifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwODMiLCJtZW1iZXJzaGlwIjp7Im1lbWJlcnNoaXBUeXBlIjoiRnVsbE1lbWJlciIsIndlYnNpdGUiOiJ3d3cud2hhdGV2ZXIuY29tIiwiY29udGFjdCI6Im1peC5tYXhAd2hhdGV2ZXIuY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTcyMTM4NDg3Mn0.Hle3iommEl5rgeFCY3i6GpvSa5JDEp6bDL9A7GhmJiG_KOa7rMw5EqlDTg3c3ZxFkIwSzQNElPkFcrPA7Sd-Dw",
     "format": "JWT",
     "credential": {
       "credentialSubject": [
diff --git a/deployment/assets/credentials/local/consumer/unsigned/pcf_vc.json b/deployment/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json
similarity index 52%
rename from deployment/assets/credentials/local/consumer/unsigned/pcf_vc.json
rename to deployment/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json
index 4d3ad471..e5780fe9 100644
--- a/deployment/assets/credentials/local/consumer/unsigned/pcf_vc.json
+++ b/deployment/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json
@@ -4,23 +4,21 @@
     "https://w3id.org/security/suites/jws-2020/v1",
     "https://www.w3.org/ns/did/v1",
     {
-      "cx-credentials": "https://w3id.org/catenax/credentials/",
-      "contractTemplate": "cx-credentials:contractTemplate",
-      "contractVersion": "cx-credentials:contractVersion",
-      "holderIdentifier": "cx-credentials:holderIdentifier"
+      "mvd-credentials": "https://w3id.org/mvd/credentials/",
+      "contractVersion": "mvd-credentials:contractVersion",
+      "level": "mvd-credentials:level"
     }
   ],
   "id": "http://org.yourdataspace.com/credentials/2347",
   "type": [
     "VerifiableCredential",
-    "http://org.yourdataspace.com#PcfCredential"
+    "http://org.yourdataspace.com#DataProcessorCredential"
   ],
   "issuer": "did:example:dataspace-issuer",
   "issuanceDate": "2023-08-18T00:00:00Z",
   "credentialSubject": {
     "id": "did:web:localhost%3A7083",
-    "contractTemplate": "https://public.catena-x.org/contracts/pcf.v1.pdf",
     "contractVersion": "1.0.0",
-    "holderIdentifier": "BPN000000XYZ"
+    "level": "processing"
   }
 }
\ No newline at end of file
diff --git a/deployment/assets/credentials/local/consumer/unsigned/membership_vc.json b/deployment/assets/credentials/local/consumer/unsigned/membership_vc.json
index e1e5bdb9..f5cef491 100644
--- a/deployment/assets/credentials/local/consumer/unsigned/membership_vc.json
+++ b/deployment/assets/credentials/local/consumer/unsigned/membership_vc.json
@@ -4,12 +4,12 @@
     "https://w3id.org/security/suites/jws-2020/v1",
     "https://www.w3.org/ns/did/v1",
     {
-      "cx-credentials": "https://w3id.org/catenax/credentials/",
-      "membership": "cx-credentials:membership",
-      "membershipType": "cx-credentials:membershipType",
-      "website": "cx-credentials:website",
-      "contact": "cx-credentials:contact",
-      "since": "cx-credentials:since"
+      "mvd-credentials": "https://w3id.org/mvd/credentials/",
+      "membership": "mvd-credentials:membership",
+      "membershipType": "mvd-credentials:membershipType",
+      "website": "mvd-credentials:website",
+      "contact": "mvd-credentials:contact",
+      "since": "mvd-credentials:since"
     }
   ],
   "id": "http://org.yourdataspace.com/credentials/2347",
diff --git a/deployment/assets/credentials/local/provider/pcf-credential.json b/deployment/assets/credentials/local/provider/dataprocessor-credential.json
similarity index 52%
rename from deployment/assets/credentials/local/provider/pcf-credential.json
rename to deployment/assets/credentials/local/provider/dataprocessor-credential.json
index d49e2741..fd772b2f 100644
--- a/deployment/assets/credentials/local/provider/pcf-credential.json
+++ b/deployment/assets/credentials/local/provider/dataprocessor-credential.json
@@ -3,22 +3,20 @@
   "participantId": "did:web:localhost%3A7093",
   "timestamp": 1700659822500,
   "issuerId": "did:example:dataspace-issuer",
-  "holderId": "BPN0000001",
+  "holderId": "did:web:localhost%3A7093",
   "state": 500,
   "issuancePolicy": null,
   "reissuancePolicy": null,
   "verifiableCredential": {
     "format": "JWT",
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJjeC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvY2F0ZW5heC9jcmVkZW50aWFscy8iLCJjb250cmFjdFRlbXBsYXRlIjoiY3gtY3JlZGVudGlhbHM6Y29udHJhY3RUZW1wbGF0ZSIsImNvbnRyYWN0VmVyc2lvbiI6ImN4LWNyZWRlbnRpYWxzOmNvbnRyYWN0VmVyc2lvbiIsImhvbGRlcklkZW50aWZpZXIiOiJjeC1jcmVkZW50aWFsczpob2xkZXJJZGVudGlmaWVyIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI1BjZkNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMiLCJjb250cmFjdFRlbXBsYXRlIjoiaHR0cHM6Ly9wdWJsaWMuY2F0ZW5hLXgub3JnL2NvbnRyYWN0cy9wY2YudjEucGRmIiwiY29udHJhY3RWZXJzaW9uIjoiMS4wLjAiLCJob2xkZXJJZGVudGlmaWVyIjoiQlBOMDAwMDAwWFlaIn19LCJpYXQiOjE3MjEzNzYyNjl9.Jtgtl4LrZWoVf6JK8jDGpp6sNfrf5iwgaUYc9R23TntZtLYbtZ82BARmn-nfUC-YYZst3C5Wf9ewYz1eu4v2AQ",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJjb250cmFjdFZlcnNpb24iOiJtdmQtY3JlZGVudGlhbHM6Y29udHJhY3RWZXJzaW9uIiwibGV2ZWwiOiJtdmQtY3JlZGVudGlhbHM6bGV2ZWwifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jRGF0YVByb2Nlc3NvckNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMiLCJjb250cmFjdFZlcnNpb24iOiIxLjAuMCIsImxldmVsIjoicHJvY2Vzc2luZyJ9fSwiaWF0IjoxNzIxMzg0ODcyfQ.beXpdPKlqEpDIBl1DoVtA2PQDQcF_Pl9hHjC2Bbz7T5AOm-o77YevEahUugh831QqjFvOKoYR8Ct1M7PWPE_Dg",
     "credential": {
       "credentialSubject": [
         {
           "claims": {
             "id": "did:web:localhost%3A7093",
-            "holderIdentifier": "BPN0000002",
-            "useCaseType": "PcfCredential",
-            "contractTemplate": "https://public.catena-x.org/contracts/pcf.v1.pdf",
-            "contractVersion": "1.0.0"
+            "contractVersion": "1.0.0",
+            "level": "processing"
           }
         }
       ],
diff --git a/deployment/assets/credentials/local/provider/membership-credential.json b/deployment/assets/credentials/local/provider/membership-credential.json
index 922bbaec..37c6470d 100644
--- a/deployment/assets/credentials/local/provider/membership-credential.json
+++ b/deployment/assets/credentials/local/provider/membership-credential.json
@@ -3,12 +3,12 @@
   "participantId": "did:web:localhost%3A7093",
   "timestamp": 1700659822500,
   "issuerId": "did:example:dataspace-issuer",
-  "holderId": "BPN0000002",
+  "holderId": "did:web:localhost%3A7093",
   "state": 500,
   "issuancePolicy": null,
   "reissuancePolicy": null,
   "verifiableCredential": {
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJjeC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvY2F0ZW5heC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoiY3gtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoiY3gtY3JlZGVudGlhbHM6bWVtYmVyc2hpcFR5cGUiLCJ3ZWJzaXRlIjoiY3gtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJjeC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJjeC1jcmVkZW50aWFsczpzaW5jZSJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzEyMzQiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNNZW1iZXJzaGlwQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6bG9jYWxob3N0JTNBNzA5MyIsIm1lbWJlcnNoaXAiOnsibWVtYmVyc2hpcFR5cGUiOiJQcm9zcGVjdE1lbWJlciIsIndlYnNpdGUiOiJ3d3cucXVpenpxdWF6ei5jb20iLCJjb250YWN0IjoiZm9vLmJhckBxdWl6enF1YXp6LmNvbSIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoifX19LCJpYXQiOjE3MjEzNzYyNjl9.sx6mPNq14LnifS5i0NhI2mzp5lmpxyC1Iu_yHw3uzucnK7i1tr0gZ5NOHAV48dKRTxX0XZBYlw450tyFeDs_Cg",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXAiLCJtZW1iZXJzaGlwVHlwZSI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwVHlwZSIsIndlYnNpdGUiOiJtdmQtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJtdmQtY3JlZGVudGlhbHM6Y29udGFjdCIsInNpbmNlIjoibXZkLWNyZWRlbnRpYWxzOnNpbmNlIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMTIzNCIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI01lbWJlcnNoaXBDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDkzIiwibWVtYmVyc2hpcCI6eyJtZW1iZXJzaGlwVHlwZSI6IlByb3NwZWN0TWVtYmVyIiwid2Vic2l0ZSI6Ind3dy5xdWl6enF1YXp6LmNvbSIsImNvbnRhY3QiOiJmb28uYmFyQHF1aXp6cXVhenouY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTcyMTM4NDg3Mn0.LhjWOy5yoxkwxvbDJnTKxmgLJjyJuNlaO970oqaQjXdomOtsvatzzO2_7Ir5JRynSHnEhtyr7tp95du_zriYCg",
     "format": "JWT",
     "credential": {
       "credentialSubject": [
diff --git a/deployment/assets/credentials/local/provider/unsigned/pcf_vc.json b/deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json
similarity index 52%
rename from deployment/assets/credentials/local/provider/unsigned/pcf_vc.json
rename to deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json
index a197f2af..2a07e091 100644
--- a/deployment/assets/credentials/local/provider/unsigned/pcf_vc.json
+++ b/deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json
@@ -4,23 +4,21 @@
     "https://w3id.org/security/suites/jws-2020/v1",
     "https://www.w3.org/ns/did/v1",
     {
-      "cx-credentials": "https://w3id.org/catenax/credentials/",
-      "contractTemplate": "cx-credentials:contractTemplate",
-      "contractVersion": "cx-credentials:contractVersion",
-      "holderIdentifier": "cx-credentials:holderIdentifier"
+      "mvd-credentials": "https://w3id.org/mvd/credentials/",
+      "contractVersion": "mvd-credentials:contractVersion",
+      "level": "mvd-credentials:level"
     }
   ],
   "id": "http://org.yourdataspace.com/credentials/2347",
   "type": [
     "VerifiableCredential",
-    "http://org.yourdataspace.com#PcfCredential"
+    "http://org.yourdataspace.com#DataProcessorCredential"
   ],
   "issuer": "did:example:dataspace-issuer",
   "issuanceDate": "2023-08-18T00:00:00Z",
   "credentialSubject": {
     "id": "did:web:localhost%3A7093",
-    "contractTemplate": "https://public.catena-x.org/contracts/pcf.v1.pdf",
     "contractVersion": "1.0.0",
-    "holderIdentifier": "BPN000000XYZ"
+    "level": "processing"
   }
 }
\ No newline at end of file
diff --git a/deployment/assets/credentials/local/provider/unsigned/membership_vc.json b/deployment/assets/credentials/local/provider/unsigned/membership_vc.json
index 2a1553b8..62abcdee 100644
--- a/deployment/assets/credentials/local/provider/unsigned/membership_vc.json
+++ b/deployment/assets/credentials/local/provider/unsigned/membership_vc.json
@@ -4,12 +4,12 @@
     "https://w3id.org/security/suites/jws-2020/v1",
     "https://www.w3.org/ns/did/v1",
     {
-      "cx-credentials": "https://w3id.org/catenax/credentials/",
-      "membership": "cx-credentials:membership",
-      "membershipType": "cx-credentials:membershipType",
-      "website": "cx-credentials:website",
-      "contact": "cx-credentials:contact",
-      "since": "cx-credentials:since"
+      "mvd-credentials": "https://w3id.org/mvd/credentials/",
+      "membership": "mvd-credentials:membership",
+      "membershipType": "mvd-credentials:membershipType",
+      "website": "mvd-credentials:website",
+      "contact": "mvd-credentials:contact",
+      "since": "mvd-credentials:since"
     }
   ],
   "id": "http://org.yourdataspace.com/credentials/1234",
diff --git a/deployment/postman/MVD.postman_collection.json b/deployment/postman/MVD.postman_collection.json
index 502b2ad8..01bf99bb 100644
--- a/deployment/postman/MVD.postman_collection.json
+++ b/deployment/postman/MVD.postman_collection.json
@@ -58,7 +58,7 @@
 						],
 						"body": {
 							"mode": "raw",
-							"raw": "{\n            \"@context\": {},\n            \"@id\": \"asset-2\",\n            \"@type\": \"Asset\",\n            \"properties\": {\n                \"description\": \"This asset requires Membership to view and Sustainability to negotiate.\"\n            },\n            \"dataAddress\": {\n                \"@type\": \"DataAddress\",\n                \"type\": \"HttpData\",\n                \"baseUrl\": \"https://jsonplaceholder.typicode.com/todos\",\n                \"proxyPath\": \"true\",\n                \"proxyQueryParams\": \"true\"\n            }\n        }"
+							"raw": "{\n            \"@context\": {},\n            \"@id\": \"asset-2\",\n            \"@type\": \"Asset\",\n            \"properties\": {\n                \"description\": \"This asset requires Membership to view and SensitiveData credential to negotiate.\"\n            },\n            \"dataAddress\": {\n                \"@type\": \"DataAddress\",\n                \"type\": \"HttpData\",\n                \"baseUrl\": \"https://jsonplaceholder.typicode.com/todos\",\n                \"proxyPath\": \"true\",\n                \"proxyQueryParams\": \"true\"\n            }\n        }"
 						},
 						"url": {
 							"raw": "{{HOST}}/api/management/v3/assets",
@@ -109,7 +109,7 @@
 					"response": []
 				},
 				{
-					"name": "Create PCF Use case policy",
+					"name": "Create DataProcessor policy",
 					"request": {
 						"method": "POST",
 						"header": [
@@ -124,7 +124,7 @@
 						],
 						"body": {
 							"mode": "raw",
-							"raw": "{\n    \"@context\": {\n        \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n    },\n    \"@type\": \"PolicyDefinitionRequestDto\",\n    \"@id\": \"require-pcf\",\n    \"policy\": {\n        \"@type\": \"http://www.w3.org/ns/odrl/2/Set\",\n        \"odrl:obligation\": [\n            {\n                \"odrl:action\": \"use\",\n                \"odrl:constraint\": {\n                    \"@type\": \"LogicalConstraint\",\n                    \"odrl:leftOperand\": \"FrameworkCredential.pcf\",\n                    \"odrl:operator\": {\n                        \"@id\": \"odrl:eq\"\n                    },\n                    \"odrl:rightOperand\": \"active\"\n                }\n            }\n        ]\n    }\n}"
+							"raw": "{\n    \"@context\": {\n        \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n    },\n    \"@type\": \"PolicyDefinitionRequestDto\",\n    \"@id\": \"require-dataprocessor\",\n    \"policy\": {\n        \"@type\": \"http://www.w3.org/ns/odrl/2/Set\",\n        \"odrl:obligation\": [\n            {\n                \"odrl:action\": \"use\",\n                \"odrl:constraint\": {\n                    \"@type\": \"LogicalConstraint\",\n                    \"odrl:leftOperand\": \"DataAccess.level\",\n                    \"odrl:operator\": {\n                        \"@id\": \"odrl:eq\"\n                    },\n                    \"odrl:rightOperand\": \"processing\"\n                }\n            }\n        ]\n    }\n}"
 						},
 						"url": {
 							"raw": "{{HOST}}/api/management/v3/policydefinitions",
@@ -142,7 +142,7 @@
 					"response": []
 				},
 				{
-					"name": "Create Sustainability Use case policy",
+					"name": "Create Sensitive Data Processor policy",
 					"request": {
 						"method": "POST",
 						"header": [
@@ -157,7 +157,7 @@
 						],
 						"body": {
 							"mode": "raw",
-							"raw": "{\n    \"@context\": {\n        \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n    },\n    \"@type\": \"PolicyDefinitionRequestDto\",\n    \"@id\": \"require-sustainability\",\n    \"policy\": {\n        \"@type\": \"http://www.w3.org/ns/odrl/2/Set\",\n        \"odrl:obligation\": [\n            {\n                \"odrl:action\": \"USE\",\n                \"odrl:constraint\": {\n                    \"@type\": \"LogicalConstraint\",\n                    \"odrl:leftOperand\": \"FrameworkCredential.sustainability\",\n                    \"odrl:operator\": {\n                        \"@id\": \"odrl:eq\"\n                    },\n                    \"odrl:rightOperand\": \"active\"\n                }\n            }\n        ]\n    }\n}"
+							"raw": "{\n    \"@context\": {\n        \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n    },\n    \"@type\": \"PolicyDefinitionRequestDto\",\n    \"@id\": \"require-sensitive\",\n    \"policy\": {\n        \"@type\": \"http://www.w3.org/ns/odrl/2/Set\",\n        \"odrl:obligation\": [\n            {\n                \"odrl:action\": \"USE\",\n                \"odrl:constraint\": {\n                    \"@type\": \"LogicalConstraint\",\n                    \"odrl:leftOperand\": \"DataAccess.level\",\n                    \"odrl:operator\": {\n                        \"@id\": \"odrl:eq\"\n                    },\n                    \"odrl:rightOperand\": \"sensitive\"\n                }\n            }\n        ]\n    }\n}"
 						},
 						"url": {
 							"raw": "{{HOST}}/api/management/v3/policydefinitions",
@@ -175,7 +175,7 @@
 					"response": []
 				},
 				{
-					"name": "Create \"member-and-pcf-cred\" definition",
+					"name": "Create \"member-and-data-cred\" definition",
 					"request": {
 						"method": "POST",
 						"header": [
@@ -190,7 +190,7 @@
 						],
 						"body": {
 							"mode": "raw",
-							"raw": "{\n        \"@context\": {},\n        \"@id\": \"member-and-pcf-def\",\n        \"@type\": \"ContractDefinition\",\n        \"accessPolicyId\": \"require-membership\",\n        \"contractPolicyId\": \"require-pcf\",\n        \"assetsSelector\" : {\n            \"@type\" : \"CriterionDto\",\n            \"operandLeft\": \"https://w3id.org/edc/v0.0.1/ns/id\",\n            \"operator\": \"=\",\n            \"operandRight\": \"asset-1\"\n        }\n    }"
+							"raw": "{\n        \"@context\": {},\n        \"@id\": \"member-and-dataprocessor-def\",\n        \"@type\": \"ContractDefinition\",\n        \"accessPolicyId\": \"require-membership\",\n        \"contractPolicyId\": \"require-dataprocessor\",\n        \"assetsSelector\" : {\n            \"@type\" : \"CriterionDto\",\n            \"operandLeft\": \"https://w3id.org/edc/v0.0.1/ns/id\",\n            \"operator\": \"=\",\n            \"operandRight\": \"asset-1\"\n        }\n    }"
 						},
 						"url": {
 							"raw": "{{HOST}}/api/management/v3/contractdefinitions",
@@ -208,7 +208,7 @@
 					"response": []
 				},
 				{
-					"name": "Create \"require sustainability\" definition",
+					"name": "Create \"require sensitive\" definition",
 					"request": {
 						"method": "POST",
 						"header": [
@@ -223,7 +223,7 @@
 						],
 						"body": {
 							"mode": "raw",
-							"raw": "{\n        \"@context\": {},\n        \"@id\": \"sustainability-only-def\",\n        \"@type\": \"ContractDefinition\",\n        \"accessPolicyId\": \"require-membership\",\n        \"contractPolicyId\": \"require-sustainability\",\n        \"assetsSelector\" : {\n            \"@type\" : \"CriterionDto\",\n            \"operandLeft\": \"https://w3id.org/edc/v0.0.1/ns/id\",\n            \"operator\": \"=\",\n            \"operandRight\": \"asset-2\"\n        }\n    }"
+							"raw": "{\n    \"@context\": {},\n    \"@id\": \"sensitive-only-def\",\n    \"@type\": \"ContractDefinition\",\n    \"accessPolicyId\": \"require-membership\",\n    \"contractPolicyId\": \"require-sensitive\",\n    \"assetsSelector\": {\n        \"@type\": \"CriterionDto\",\n        \"operandLeft\": \"https://w3id.org/edc/v0.0.1/ns/id\",\n        \"operator\": \"=\",\n        \"operandRight\": \"asset-2\"\n    }\n}"
 						},
 						"url": {
 							"raw": "{{HOST}}/api/management/v3/contractdefinitions",
@@ -570,7 +570,7 @@
 						],
 						"body": {
 							"mode": "raw",
-							"raw": "{\n    \"@context\": {\n        \"@vocab\": \"https://w3id.org/edc/v0.0.1/ns/\"\n    },\n    \"@type\": \"https://w3id.org/edc/v0.0.1/ns/ContractRequest\",\n    \"counterPartyAddress\": \"{{PROVIDER_DSP_URL}}/api/dsp\",\n    \"counterPartyId\": \"{{PROVIDER_ID}}\",\n    \"protocol\": \"dataspace-protocol-http\",\n    \"policy\": {\n        \"@context\": \"http://www.w3.org/ns/odrl.jsonld\",\n        \"@type\": \"http://www.w3.org/ns/odrl/2/Offer\",\n        \"@id\": \"bWVtYmVyLWFuZC1wY2YtZGVm:YXNzZXQtMQ==:MDIxM2MzZDQtMzE3NS00MzFmLWIzM2UtNDFkY2I2Y2RhZjU1\",\n        \"assigner\": \"{{PROVIDER_ID}}\",\n        \"permission\": [],\n        \"prohibition\": [],\n        \"odrl:obligation\": {\n            \"odrl:action\": {\n                \"@id\": \"use\"\n            },\n            \"odrl:constraint\": {\n                \"odrl:leftOperand\": {\n                    \"@id\": \"FrameworkCredential.pcf\"\n                },\n                \"odrl:operator\": {\n                    \"@id\": \"odrl:eq\"\n                },\n                \"odrl:rightOperand\": \"active\"\n            }\n        },\n        \"target\": \"asset-1\"\n    },\n    \"callbackAddresses\": []\n}",
+							"raw": "{\n    \"@context\": {\n        \"@vocab\": \"https://w3id.org/edc/v0.0.1/ns/\"\n    },\n    \"@type\": \"https://w3id.org/edc/v0.0.1/ns/ContractRequest\",\n    \"counterPartyAddress\": \"{{PROVIDER_DSP_URL}}/api/dsp\",\n    \"counterPartyId\": \"{{PROVIDER_ID}}\",\n    \"protocol\": \"dataspace-protocol-http\",\n    \"policy\": {\n        \"@context\": \"http://www.w3.org/ns/odrl.jsonld\",\n        \"@type\": \"http://www.w3.org/ns/odrl/2/Offer\",\n        \"@id\": \"bWVtYmVyLWFuZC1kYXRhcHJvY2Vzc29yLWRlZg==:YXNzZXQtMQ==:MjcyMzMyZjgtZWM2ZS00MTQ0LWIyYjgtM2ExMzIzMDFjZmQ1\",\n        \"assigner\": \"{{PROVIDER_ID}}\",\n        \"permission\": [],\n        \"prohibition\": [],\n        \"odrl:obligation\": {\n            \"odrl:action\": {\n                \"@id\": \"use\"\n            },\n            \"odrl:constraint\": {\n                \"odrl:leftOperand\": {\n                    \"@id\": \"DataAccess.level\"\n                },\n                \"odrl:operator\": {\n                    \"@id\": \"odrl:eq\"\n                },\n                \"odrl:rightOperand\": \"processing\"\n            }\n        },\n        \"target\": \"asset-1\"\n    },\n    \"callbackAddresses\": []\n}",
 							"options": {
 								"raw": {
 									"language": "json"
@@ -633,7 +633,7 @@
 						"header": [],
 						"body": {
 							"mode": "raw",
-							"raw": "{\n    \"@context\": {\n        \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n    },\n    \"assetId\": \"asset-1\",\n    \"counterPartyAddress\":  \"{{PROVIDER_DSP_URL}}/api/dsp\",\n    \"connectorId\": \"{{PROVIDER_ID}}\",\n    \"contractId\": \"76ee7bc5-73b0-44c8-8e03-032726616996\",\n    \"dataDestination\": {\n        \"type\": \"HttpProxy\"\n    },\n    \"protocol\": \"dataspace-protocol-http\",\n    \"transferType\": \"HttpData-PULL\"\n}",
+							"raw": "{\n    \"@context\": {\n        \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n    },\n    \"assetId\": \"asset-1\",\n    \"counterPartyAddress\":  \"{{PROVIDER_DSP_URL}}/api/dsp\",\n    \"connectorId\": \"{{PROVIDER_ID}}\",\n    \"contractId\": \"5613c232-d12e-41de-b0d6-befc290e5309\",\n    \"dataDestination\": {\n        \"type\": \"HttpProxy\"\n    },\n    \"protocol\": \"dataspace-protocol-http\",\n    \"transferType\": \"HttpData-PULL\"\n}",
 							"options": {
 								"raw": {
 									"language": "json"
@@ -734,7 +734,7 @@
 							}
 						],
 						"url": {
-							"raw": "{{HOST}}/api/management/v3/edrs/392d1767-e546-4b54-ab6e-6fb20a3dc12a/dataaddress",
+							"raw": "{{HOST}}/api/management/v3/edrs/cb60556e-5544-4d37-a5ca-6412b293fc98/dataaddress",
 							"host": [
 								"{{HOST}}"
 							],
@@ -743,7 +743,7 @@
 								"management",
 								"v3",
 								"edrs",
-								"392d1767-e546-4b54-ab6e-6fb20a3dc12a",
+								"cb60556e-5544-4d37-a5ca-6412b293fc98",
 								"dataaddress"
 							]
 						}
@@ -753,6 +753,9 @@
 				{
 					"name": "Download Data from Public API",
 					"request": {
+						"auth": {
+							"type": "noauth"
+						},
 						"method": "GET",
 						"header": [
 							{
@@ -761,7 +764,7 @@
 							},
 							{
 								"key": "Authorization",
-								"value": "eyJraWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMja2V5LTEiLCJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMiLCJhdWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwODMiLCJzdWIiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMiLCJpYXQiOjE3MjA3Nzk3MjMwMjAsImp0aSI6ImJhZjUwM2ZmLTQ0YTEtNGEzNS1hNDJjLTgwNGM1ODNhYTIxZiJ9.JX6nLTgAJZ6lAEv68ZqVawjMQep2gkWS4Xoco2elm_7TyoWQcxHnxPbrYYFxNg-ATdeARfqr5EiyO3l8A6vAyQ",
+								"value": "eyJraWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpwcm92aWRlciNrZXktMSIsImFsZyI6IkVTMjU2In0.eyJpc3MiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpwcm92aWRlciIsImF1ZCI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmNvbnN1bWVyIiwic3ViIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6cHJvdmlkZXIiLCJpYXQiOjE3MjExMjUwMTY4NTUsImp0aSI6ImMzODM0YWJmLWE3YjYtNDNmNC05ZWU3LTBjYjIzNzI2NGIzZiJ9.Ok7g_ekPgOuevytQEf3gDaixyUEphTbZa496lUqKYoyS0QIsKsxtYfkbD0tCitUtCkZIgGOIBsq5-A8ia_7UHg",
 								"type": "text"
 							}
 						],
diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/FrameworkCredentialScopeExtractor.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/DataAccessCredentialScopeExtractor.java
similarity index 63%
rename from extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/FrameworkCredentialScopeExtractor.java
rename to extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/DataAccessCredentialScopeExtractor.java
index 5ab4906d..b29a503f 100644
--- a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/FrameworkCredentialScopeExtractor.java
+++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/DataAccessCredentialScopeExtractor.java
@@ -20,27 +20,19 @@
 
 import java.util.Set;
 
-class FrameworkCredentialScopeExtractor implements ScopeExtractor {
-    private static final String FRAMEWORK_CREDENTIAL_PREFIX = "FrameworkCredential.";
+class DataAccessCredentialScopeExtractor implements ScopeExtractor {
+    private static final String DATA_ACCESS_CONSTRAINT_PREFIX = "DataAccess.";
     private static final String CREDENTIAL_TYPE_NAMESPACE = "org.eclipse.edc.vc.type";
-
-    FrameworkCredentialScopeExtractor() {
-    }
+    public static final String DATA_PROCESSOR_CREDENTIAL_TYPE = "DataProcessorCredential";
 
     @Override
     public Set<String> extractScopes(Object leftValue, Operator operator, Object rightValue, PolicyContext context) {
         Set<String> scopes = Set.of();
         if (leftValue instanceof String leftOperand) {
-            if (leftOperand.startsWith(FRAMEWORK_CREDENTIAL_PREFIX)) {
-                var credentialType = leftOperand.replace(FRAMEWORK_CREDENTIAL_PREFIX, "");
-                credentialType = "%sCredential".formatted(capitalize(credentialType));
-                scopes = Set.of("%s:%s:read".formatted(CREDENTIAL_TYPE_NAMESPACE, credentialType));
+            if (leftOperand.startsWith(DATA_ACCESS_CONSTRAINT_PREFIX)) {
+                scopes = Set.of("%s:%s:read".formatted(CREDENTIAL_TYPE_NAMESPACE, DATA_PROCESSOR_CREDENTIAL_TYPE));
             }
         }
         return scopes;
     }
-
-    private String capitalize(String input) {
-        return input.substring(0, 1).toUpperCase() + input.substring(1).toLowerCase();
-    }
 }
diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/DcpPatchExtension.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/DcpPatchExtension.java
index a77608cc..39b7cc09 100644
--- a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/DcpPatchExtension.java
+++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/DcpPatchExtension.java
@@ -71,7 +71,7 @@ public void initialize(ServiceExtensionContext context) {
 
 
         //register scope extractor
-        scopeExtractorRegistry.registerScopeExtractor(new FrameworkCredentialScopeExtractor());
+        scopeExtractorRegistry.registerScopeExtractor(new DataAccessCredentialScopeExtractor());
 
 
         typeTransformerRegistry.register(new JsonValueToGenericTypeTransformer(typeManager.getMapper(JSON_LD)));
diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/UseCaseFunction.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/DataAccessLevelFunction.java
similarity index 70%
rename from extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/UseCaseFunction.java
rename to extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/DataAccessLevelFunction.java
index a2c244b2..b4ab48b1 100644
--- a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/UseCaseFunction.java
+++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/DataAccessLevelFunction.java
@@ -21,13 +21,14 @@
 import org.eclipse.edc.spi.agent.ParticipantAgent;
 
 import java.util.Map;
+import java.util.Objects;
 
-public class UseCaseFunction implements AtomicConstraintFunction<Duty> {
+public class DataAccessLevelFunction implements AtomicConstraintFunction<Duty> {
 
-    private final String usecase;
+    private final String level;
 
-    public UseCaseFunction(String usecase) {
-        this.usecase = usecase;
+    public DataAccessLevelFunction(String level) {
+        this.level = level;
     }
 
     @Override
@@ -36,8 +37,8 @@ public boolean evaluate(Operator operator, Object rightOperand, Duty duty, Polic
             policyContext.reportProblem("Cannot evaluate operator %s, only %s is supported".formatted(operator, Operator.EQ));
             return false;
         }
-        if (!"active".equalsIgnoreCase(rightOperand.toString())) {
-            policyContext.reportProblem("Use case credentials only support right operand 'active', but found '%s'".formatted(operator.toString()));
+        if (!"level".equalsIgnoreCase(rightOperand.toString())) {
+            policyContext.reportProblem("Data access credentials only support right operand 'level', but found '%s'".formatted(operator.toString()));
             return false;
         }
         var pa = policyContext.getContextData(ParticipantAgent.class);
@@ -49,15 +50,13 @@ public boolean evaluate(Operator operator, Object rightOperand, Duty duty, Polic
         var claims = pa.getClaims();
 
         String version = getClaim("contractVersion", claims);
-        String holderIdentifier = getClaim("holderIdentifier", claims);
-        String contractTemplate = getClaim("contractTemplate", claims);
+        String level = getClaim("level", claims);
 
-        return version != null && holderIdentifier != null && contractTemplate != null &&
-                contractTemplate.contains(usecase);
+        return version != null && Objects.equals(level, rightOperand);
     }
 
     public String key() {
-        return "FrameworkCredential.%s".formatted(usecase);
+        return "DataAccess.level";
     }
 
     @SuppressWarnings("unchecked")
diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java
index 83c18894..f27a7ea4 100644
--- a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java
+++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java
@@ -28,8 +28,8 @@
 public class MembershipCredentialEvaluationFunction implements AtomicConstraintFunction<Permission> {
     public static final String MEMBERSHIP_CONSTRAINT_KEY = "MembershipCredential";
 
-    private static final String MEMBERSHIP_CLAIM = "https://w3id.org/catenax/credentials/membership";
-    private static final String MEMBERSHIP_SINCE_CLAIM = "https://w3id.org/catenax/credentials/since";
+    private static final String MEMBERSHIP_CLAIM = "https://w3id.org/mvd/credentials/membership";
+    private static final String MEMBERSHIP_SINCE_CLAIM = "https://w3id.org/mvd/credentials/since";
 
     @SuppressWarnings("unchecked")
     @Override
diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java
index 904c5084..6de506c3 100644
--- a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java
+++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java
@@ -24,8 +24,11 @@
 import org.eclipse.edc.spi.system.ServiceExtensionContext;
 
 import static org.eclipse.edc.demo.dcp.policy.MembershipCredentialEvaluationFunction.MEMBERSHIP_CONSTRAINT_KEY;
+import static org.eclipse.edc.demo.dcp.policy.PolicyScopes.CATALOG_REQUEST_SCOPE;
 import static org.eclipse.edc.demo.dcp.policy.PolicyScopes.CATALOG_SCOPE;
+import static org.eclipse.edc.demo.dcp.policy.PolicyScopes.NEGOTIATION_REQUEST_SCOPE;
 import static org.eclipse.edc.demo.dcp.policy.PolicyScopes.NEGOTIATION_SCOPE;
+import static org.eclipse.edc.demo.dcp.policy.PolicyScopes.TRANSFER_PROCESS_REQUEST_SCOPE;
 import static org.eclipse.edc.demo.dcp.policy.PolicyScopes.TRANSFER_PROCESS_SCOPE;
 import static org.eclipse.edc.policy.model.OdrlNamespace.ODRL_SCHEMA;
 
@@ -44,21 +47,22 @@ public void initialize(ServiceExtensionContext context) {
         this.bindPermissionFunction(fct, NEGOTIATION_SCOPE, MEMBERSHIP_CONSTRAINT_KEY);
         this.bindPermissionFunction(fct, CATALOG_SCOPE, MEMBERSHIP_CONSTRAINT_KEY);
 
-        registerUseCase("pcf");
-        registerUseCase("traceability");
-        registerUseCase("sustainability");
-        registerUseCase("quality");
-        registerUseCase("resiliency");
+        registerDataAccessLevelFunction("processing");
+        registerDataAccessLevelFunction("sensitive");
 
     }
 
-    private void registerUseCase(String useCaseName) {
-        var frameworkFunction = new UseCaseFunction(useCaseName);
-        var usecase = frameworkFunction.key();
+    private void registerDataAccessLevelFunction(String accessLevel) {
+        var function = new DataAccessLevelFunction(accessLevel);
+        var accessLevelKey = function.key();
 
-        bindDutyFunction(frameworkFunction, TRANSFER_PROCESS_SCOPE, usecase);
-        bindDutyFunction(frameworkFunction, NEGOTIATION_SCOPE, usecase);
-        bindDutyFunction(frameworkFunction, CATALOG_SCOPE, usecase);
+        bindDutyFunction(function, TRANSFER_PROCESS_SCOPE, accessLevelKey);
+        bindDutyFunction(function, NEGOTIATION_SCOPE, accessLevelKey);
+        bindDutyFunction(function, CATALOG_SCOPE, accessLevelKey);
+
+        bindDutyFunction(function, TRANSFER_PROCESS_REQUEST_SCOPE, accessLevelKey);
+        bindDutyFunction(function, NEGOTIATION_REQUEST_SCOPE, accessLevelKey);
+        bindDutyFunction(function, CATALOG_REQUEST_SCOPE, accessLevelKey);
     }
 
     private void bindPermissionFunction(AtomicConstraintFunction<Permission> function, String scope, String constraintType) {
diff --git a/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/IdentityHubExtension.java b/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/IdentityHubExtension.java
index 016c82cd..48e2a5cc 100644
--- a/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/IdentityHubExtension.java
+++ b/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/IdentityHubExtension.java
@@ -62,7 +62,7 @@ public void start() {
 
     @Provider
     public ScopeToCriterionTransformer createScopeTransformer() {
-        return new MvdScopeTransformer(List.of("MembershipCredential", "DismantlerCredential", "BpnCredential"));
+        return new MvdScopeTransformer(List.of("MembershipCredential", "DataProcessorCredential"));
     }
 
     private void seedCredentials(String credentialsSourceDirectory, Monitor monitor) throws IOException {
diff --git a/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/MvdScopeTransformer.java b/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/MvdScopeTransformer.java
index 274a95de..5f4fb54f 100644
--- a/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/MvdScopeTransformer.java
+++ b/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/MvdScopeTransformer.java
@@ -40,9 +40,9 @@ public Result<Criterion> transform(String scope) {
         var credentialType = tokens.getContent()[1];
 
         if (!knownCredentialTypes.contains(credentialType)) {
-            //select based on the credentialSubject.useCaseType property
+            //select based on the credentialSubject.level property
             // even though "claims" is a Map, we need to access it using the dot notation. See ReflectionUtil.java
-            return success(new Criterion("verifiableCredential.credential.credentialSubject.claims.useCaseType", "=", credentialType));
+            return success(new Criterion("verifiableCredential.credential.credentialSubject.claims.level", "=", credentialType));
         } else {
             return success(new Criterion(TYPE_OPERAND, CONTAINS_OPERATOR, credentialType));
         }
diff --git a/launchers/identity-hub/src/test/java/org/eclipse/edc/demo/dcp/JwtSigner.java b/launchers/identity-hub/src/test/java/org/eclipse/edc/demo/dcp/JwtSigner.java
index be0e553c..916c38b1 100644
--- a/launchers/identity-hub/src/test/java/org/eclipse/edc/demo/dcp/JwtSigner.java
+++ b/launchers/identity-hub/src/test/java/org/eclipse/edc/demo/dcp/JwtSigner.java
@@ -14,7 +14,6 @@
 
 package org.eclipse.edc.demo.dcp;
 
-import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.nimbusds.jose.JOSEException;
 import com.nimbusds.jose.JOSEObjectType;
@@ -22,7 +21,6 @@
 import com.nimbusds.jose.JWSHeader;
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;
-import org.eclipse.edc.identityhub.spi.verifiablecredentials.model.VerifiableCredentialResource;
 import org.eclipse.edc.keys.keyparsers.PemParser;
 import org.eclipse.edc.security.token.jwt.CryptoConverter;
 import org.junit.jupiter.api.extension.ExtensionContext;
@@ -34,7 +32,6 @@
 import java.io.File;
 import java.io.IOException;
 import java.nio.file.Files;
-import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.security.PrivateKey;
 import java.time.Instant;
@@ -54,8 +51,6 @@
 public class JwtSigner {
 
     private final ObjectMapper mapper = new ObjectMapper();
-    private static final TypeReference<Map<String, Object>> MAP_TYPE = new TypeReference<>() {
-    };
 
     @SuppressWarnings("unchecked")
     @ParameterizedTest
@@ -104,41 +99,41 @@ private String readFile(String path) {
 
     private static class InputOutputProvider implements ArgumentsProvider {
         @Override
-        public Stream<? extends Arguments> provideArguments(ExtensionContext extensionContext) throws Exception {
+        public Stream<? extends Arguments> provideArguments(ExtensionContext extensionContext) {
             return Stream.of(
 
                     // PROVIDER credentials, K8S and local
                     Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/provider/membership_vc.json",
-                            new File( System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/provider/membership-credential.json"),
+                            new File(System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/provider/membership-credential.json"),
                             "did:web:bob-identityhub%3A7083:bob"),
 
-                    Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/provider/pcf_vc.json",
-                            new File( System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/provider/pcf-credential.json"),
+                    Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/provider/dataprocessor_vc.json",
+                            new File(System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/provider/dataprocessor-credential.json"),
                             "did:web:bob-identityhub%3A7083:bob"),
 
                     Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/provider/unsigned/membership_vc.json",
-                            new File( System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/provider/membership-credential.json"),
+                            new File(System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/provider/membership-credential.json"),
                             "did:web:bob-identityhub%3A7083:bob"),
 
-                    Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/provider/unsigned/pcf_vc.json",
-                            new File( System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/provider/pcf-credential.json"),
+                    Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json",
+                            new File(System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/provider/dataprocessor-credential.json"),
                             "did:web:bob-identityhub%3A7083:bob"),
 
                     // CONSUMER credentials, K8S and local
                     Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/consumer/membership_vc.json",
-                            new File( System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/consumer/membership-credential.json"),
+                            new File(System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/consumer/membership-credential.json"),
                             "did:web:alice-identityhub%3A7083:alice"),
 
-                    Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/consumer/pcf_vc.json",
-                            new File( System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/consumer/pcf-credential.json"),
+                    Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json",
+                            new File(System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json"),
                             "did:web:alice-identityhub%3A7083:alice"),
 
                     Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/consumer/unsigned/membership_vc.json",
-                            new File( System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/consumer/membership-credential.json"),
+                            new File(System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/consumer/membership-credential.json"),
                             "did:web:alice-identityhub%3A7083:alice"),
 
-                    Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/consumer/unsigned/pcf_vc.json",
-                            new File( System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/consumer/pcf-credential.json"),
+                    Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json",
+                            new File(System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/consumer/dataprocessor-credential.json"),
                             "did:web:alice-identityhub%3A7083:alice")
 
             );

From e4efc33c49dbe7d674d5867161f46e2cf7574fa9 Mon Sep 17 00:00:00 2001
From: Paul Latzelsperger <paul.latzelsperger@beardyinc.com>
Date: Fri, 19 Jul 2024 15:07:24 +0200
Subject: [PATCH 3/4] update credentials, tests and export postman environments

---
 README.md                                     | 33 ++++---
 .../consumer/dataprocessor-credential.json    |  2 +-
 .../k8s/consumer/membership-credential.json   |  2 +-
 .../provider/dataprocessor-credential.json    |  4 +-
 .../k8s/provider/dataprocessor_vc.json        |  3 +-
 .../k8s/provider/membership-credential.json   |  2 +-
 .../consumer/dataprocessor-credential.json    |  2 +-
 .../local/consumer/membership-credential.json |  2 +-
 .../provider/dataprocessor-credential.json    |  4 +-
 .../local/provider/membership-credential.json |  2 +-
 .../provider/unsigned/dataprocessor_vc.json   |  4 +-
 .../modules/catalog-server/variables.tf       |  4 +-
 deployment/modules/identity-hub/variables.tf  |  4 +-
 .../postman/MVD K8S.postman_environment.json  | 51 +++++++++++
 ...Local Development.postman_environment.json | 51 +++++++++++
 .../postman/MVD.postman_collection.json       |  6 +-
 .../AbstractCredentialEvaluationFunction.java | 42 +++++++++
 .../dcp/policy/DataAccessLevelFunction.java   | 32 ++++---
 ...embershipCredentialEvaluationFunction.java | 39 +++++---
 .../dcp/policy/PolicyEvaluationExtension.java | 18 ++--
 .../tests/transfer/TransferEndToEndTest.java  | 91 ++++++++++++++++++-
 .../test/resources/negotiation-request.json   |  6 +-
 22 files changed, 328 insertions(+), 76 deletions(-)
 create mode 100644 deployment/postman/MVD K8S.postman_environment.json
 create mode 100644 deployment/postman/MVD Local Development.postman_environment.json
 create mode 100644 extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/AbstractCredentialEvaluationFunction.java

diff --git a/README.md b/README.md
index 572a64fe..9b60004a 100644
--- a/README.md
+++ b/README.md
@@ -80,28 +80,38 @@ resolve the actual asset from "provider-qna" and "provider-manufacturing".
 
 Both assets of "provider-qna" and "provider-manufacturing" have some access restrictions on them:
 
-- `asset-1`: requires a membership credential to view and a Data Processor credential to negotiate a contract and
-  transfer data
-- `asset-2`: requires a membership credential to view and a Sensitive Data credential to negotiate a contract
+- `asset-1`: requires a membership credential to view and a Data Processor credential with `"level": "processing"` to
+  negotiate a contract and transfer data
+- `asset-2`: requires a membership credential to view and a Data Processor credential with a `"level": "sensitive"` to
+  negotiate a contract
 
 These requirements are formulated as EDC policies. In addition, it is a dataspace rule that
 the `MembershipCredential` must be presented in _every_ request. This credential attests that the holder is a member of
 the dataspace.
 
-In this fictitious dataspace, the DataProcessorCredential attests to the "ability of the holder to process data", and
-the SensitiveDataCredential attests to the "ability of the holder to handle sensitive data".
+In this fictitious dataspace, the DataProcessorCredential attests to the "ability of the holder to process data at a
+certain level". The following levels exist:
 
-All participants of the dataspace are in possession of the `MembershipCredential` as well as a `DataProcessorCredential`.
-_None possess the `SensitiveDataCredential`_. That means that no contract for `asset-2` can be negotiated!
-For the purposes of this demo the VerifiableCredentials are pre-created and are seeded to the participants' credential
-storage ([no issuance](#5-no-issuance-yet)).
+- `"processing"`: means, the holder can process non-sensitive data
+- `"sensitive"`: means, the holder has undergone "some very highly secure vetting process" and can process sensitive
+  data
+
+The information about the level of data a holder can process is stored in the `credentialSubject` of the
+DataProcessorCredential.
+
+All participants of the dataspace are in possession of the `MembershipCredential` as well as
+a `DataProcessorCredential` with level `"processing"`.
+_None possess the `DataProcessorCredential` with level="sensitive"_. That means that no contract for `asset-2` can be
+negotiated. For the purposes of this demo the VerifiableCredentials are pre-created and are seeded to the participants'
+credential storage ([no issuance](#5-no-issuance-yet)).
 
 If the consumer wants to view the consolidated catalog (containing assets from the provider's Q&A and manufacturing
 departments), then negotiate a contract for an asset, and then transfer the asset, she needs to present several
 credentials:
 
 - catalog request: present `MembershipCredential`
-- contract negotiation: `MembershipCredential` and `DataProcessorCredential` or `SensitiveDataCredential`, respectively
+- contract negotiation: `MembershipCredential` and `DataProcessorCredential(level=processing)`
+  or `DataProcessorCredential(level=sensitive)`, respectively
 - transfer process: `MembershipCredential`
 
 ## Running the demo (inside IntelliJ)
@@ -442,8 +452,7 @@ schema of the credentials' subjects is not yet implemented.
 
 This is similar to the [policy extractor](#5-policy-extractor), as it deals with the reverse mapping from a scope string
 onto a `Criterion`. On the IdentityHub, when the VP request is received, we need to be able to query the database based
-on the scope string that was received. This is currently a very Catena-X-specific solution, as it needs to distinguish
-between "normal" credentials, and "use case" credentials.
+on the scope string that was received. 
 
 ### 4. DID resolution
 
diff --git a/deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json b/deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json
index ea34cf64..62395359 100644
--- a/deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json
+++ b/deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json
@@ -9,7 +9,7 @@
   "reissuancePolicy": null,
   "verifiableCredential": {
     "format": "JWT",
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsImNvbnRyYWN0VmVyc2lvbiI6Im12ZC1jcmVkZW50aWFsczpjb250cmFjdFZlcnNpb24iLCJsZXZlbCI6Im12ZC1jcmVkZW50aWFsczpsZXZlbCJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNEYXRhUHJvY2Vzc29yQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmNvbnN1bWVyIiwiY29udHJhY3RWZXJzaW9uIjoiMS4wLjAiLCJsZXZlbCI6InByb2Nlc3NpbmcifX0sImlhdCI6MTcyMTM4NDg3Mn0.y8vY5eF3VMyt0jGPrfsNn5oQMBDsNgMFGf0aw1zMR4NFuOw7OqaUc-zI2UjMRR00hUz9bykWKqCRK_KwG1pCAw",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsImNvbnRyYWN0VmVyc2lvbiI6Im12ZC1jcmVkZW50aWFsczpjb250cmFjdFZlcnNpb24iLCJsZXZlbCI6Im12ZC1jcmVkZW50aWFsczpsZXZlbCJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNEYXRhUHJvY2Vzc29yQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmNvbnN1bWVyIiwiY29udHJhY3RWZXJzaW9uIjoiMS4wLjAiLCJsZXZlbCI6InByb2Nlc3NpbmcifX0sImlhdCI6MTcyMTM4NTQ3N30.4GxNoNT9to7tlKfddUk5_fjAyetNH7FBkKNJui3Q_672IorxR43ztuRTOqgyoF_hNzN-fMkTYrwrLZaLhRYSDg",
     "credential": {
       "credentialSubject": [
         {
diff --git a/deployment/assets/credentials/k8s/consumer/membership-credential.json b/deployment/assets/credentials/k8s/consumer/membership-credential.json
index dc54c118..436d353e 100644
--- a/deployment/assets/credentials/k8s/consumer/membership-credential.json
+++ b/deployment/assets/credentials/k8s/consumer/membership-credential.json
@@ -8,7 +8,7 @@
   "issuancePolicy": null,
   "reissuancePolicy": null,
   "verifiableCredential": {
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsIm1lbWJlcnNoaXAiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXBUeXBlIiwid2Vic2l0ZSI6Im12ZC1jcmVkZW50aWFsczp3ZWJzaXRlIiwiY29udGFjdCI6Im12ZC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJtdmQtY3JlZGVudGlhbHM6c2luY2UifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4Mzpjb25zdW1lciIsIm1lbWJlcnNoaXAiOnsibWVtYmVyc2hpcFR5cGUiOiJGdWxsTWVtYmVyIiwid2Vic2l0ZSI6Ind3dy53aGF0ZXZlci5jb20iLCJjb250YWN0IjoiZml6ei5idXp6QHdoYXRldmVyLmNvbSIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoifX19LCJpYXQiOjE3MjEzODQ4NzJ9.fmcOHOKLERAta_gMx98fPLvyxiFOYEnZIMGFgr9fiydNGbEGOPrcxuFoh7wqtS2HiKWhjm0zZqld4iAr-c2WBg",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsIm1lbWJlcnNoaXAiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXBUeXBlIiwid2Vic2l0ZSI6Im12ZC1jcmVkZW50aWFsczp3ZWJzaXRlIiwiY29udGFjdCI6Im12ZC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJtdmQtY3JlZGVudGlhbHM6c2luY2UifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4Mzpjb25zdW1lciIsIm1lbWJlcnNoaXAiOnsibWVtYmVyc2hpcFR5cGUiOiJGdWxsTWVtYmVyIiwid2Vic2l0ZSI6Ind3dy53aGF0ZXZlci5jb20iLCJjb250YWN0IjoiZml6ei5idXp6QHdoYXRldmVyLmNvbSIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoifX19LCJpYXQiOjE3MjEzODU0Nzd9.xJMVUqBGBu8idgFLWeRkPsCLRxihPC6ZEQT35lDB2U8O0NeU5VG2Ivd1fLlrsfZYC8kyE6IY1KnmCqvxQ-3ZDw",
     "format": "JWT",
     "credential": {
       "credentialSubject": [
diff --git a/deployment/assets/credentials/k8s/provider/dataprocessor-credential.json b/deployment/assets/credentials/k8s/provider/dataprocessor-credential.json
index da4e84e9..fdae4060 100644
--- a/deployment/assets/credentials/k8s/provider/dataprocessor-credential.json
+++ b/deployment/assets/credentials/k8s/provider/dataprocessor-credential.json
@@ -9,7 +9,7 @@
   "reissuancePolicy": null,
   "verifiableCredential": {
     "format": "JSON_LD",
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJjb250cmFjdFZlcnNpb24iOiJtdmQtY3JlZGVudGlhbHM6Y29udHJhY3RWZXJzaW9uIiwibGV2ZWwiOiJtdmQtY3JlZGVudGlhbHM6bGV2ZWwifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jRGF0YVByb2Nlc3NvckNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpwcm92aWRlciIsImxldmVsIjoicHJvY2Vzc2luZyJ9fSwiaWF0IjoxNzIxMzg0ODcyfQ.nmUHyL1zIjwzSnt_0uQddAT3ULkofNrUYZTSnVBH3uOPmBDO5RdUvfVXrczOPZMi6Psg288vge7J6glEae0fBA",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJjb250cmFjdFZlcnNpb24iOiJtdmQtY3JlZGVudGlhbHM6Y29udHJhY3RWZXJzaW9uIiwibGV2ZWwiOiJtdmQtY3JlZGVudGlhbHM6bGV2ZWwifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jRGF0YVByb2Nlc3NvckNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpwcm92aWRlciIsImxldmVsIjoicHJvY2Vzc2luZyJ9fSwiaWF0IjoxNzIxMzg1NDc3fQ.YrLF1TqSbkulxWA4PZr5YcLwdiKaZES7-AEdB1gIK2tO6S757Sz6Z7AMQopmW0mydWOE72utRwpFJhph9tdzCQ",
     "credential": {
       "credentialSubject": [
         {
@@ -23,7 +23,7 @@
       "id": "http://org.yourdataspace.com/credentials/1265",
       "type": [
         "VerifiableCredential",
-        "UseCaseFrameworkCondition"
+        "DataProcessorCredential"
       ],
       "issuer": {
         "id": "did:example:dataspace-issuer",
diff --git a/deployment/assets/credentials/k8s/provider/dataprocessor_vc.json b/deployment/assets/credentials/k8s/provider/dataprocessor_vc.json
index 34b441c4..a696ca16 100644
--- a/deployment/assets/credentials/k8s/provider/dataprocessor_vc.json
+++ b/deployment/assets/credentials/k8s/provider/dataprocessor_vc.json
@@ -18,6 +18,7 @@
   "issuanceDate": "2023-08-18T00:00:00Z",
   "credentialSubject": {
     "id": "did:web:provider-identityhub%3A7083:provider",
-    "level": "processing"
+    "level": "processing",
+    "contractVersion": "1.0.0"
   }
 }
\ No newline at end of file
diff --git a/deployment/assets/credentials/k8s/provider/membership-credential.json b/deployment/assets/credentials/k8s/provider/membership-credential.json
index 1daa6819..3fa53f10 100644
--- a/deployment/assets/credentials/k8s/provider/membership-credential.json
+++ b/deployment/assets/credentials/k8s/provider/membership-credential.json
@@ -8,7 +8,7 @@
   "issuancePolicy": null,
   "reissuancePolicy": null,
   "verifiableCredential": {
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXAiLCJtZW1iZXJzaGlwVHlwZSI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwVHlwZSIsIndlYnNpdGUiOiJtdmQtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJtdmQtY3JlZGVudGlhbHM6Y29udGFjdCIsInNpbmNlIjoibXZkLWNyZWRlbnRpYWxzOnNpbmNlIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI01lbWJlcnNoaXBDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6cHJvdmlkZXIiLCJtZW1iZXJzaGlwIjp7Im1lbWJlcnNoaXBUeXBlIjoiRnVsbE1lbWJlciIsIndlYnNpdGUiOiJ3d3cud2hhdGV2ZXIuY29tIiwiY29udGFjdCI6Im1peC5tYXhAd2hhdGV2ZXIuY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTcyMTM4NDg3Mn0.lpiYgm4TA-3Zx-mGagXQ7HfCgCPlPuh5oX8rItwsG721mt2_xACmlUCBFs8W0_GRDyI5GTDl73jegpTI-LnICw",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXAiLCJtZW1iZXJzaGlwVHlwZSI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwVHlwZSIsIndlYnNpdGUiOiJtdmQtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJtdmQtY3JlZGVudGlhbHM6Y29udGFjdCIsInNpbmNlIjoibXZkLWNyZWRlbnRpYWxzOnNpbmNlIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI01lbWJlcnNoaXBDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6cHJvdmlkZXIiLCJtZW1iZXJzaGlwIjp7Im1lbWJlcnNoaXBUeXBlIjoiRnVsbE1lbWJlciIsIndlYnNpdGUiOiJ3d3cud2hhdGV2ZXIuY29tIiwiY29udGFjdCI6Im1peC5tYXhAd2hhdGV2ZXIuY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTcyMTM4NTQ3Nn0.f41m3GDzxy4KcnuBsOTPOP3sp7rm4xERn-HzfetJd5w1yYXH0V6RnRd63otYgZt-96V9xNSM3TbTbuHhFhtkBQ",
     "format": "JSON_LD",
     "credential": {
       "credentialSubject": [
diff --git a/deployment/assets/credentials/local/consumer/dataprocessor-credential.json b/deployment/assets/credentials/local/consumer/dataprocessor-credential.json
index cb6444d0..04883adb 100644
--- a/deployment/assets/credentials/local/consumer/dataprocessor-credential.json
+++ b/deployment/assets/credentials/local/consumer/dataprocessor-credential.json
@@ -9,7 +9,7 @@
   "reissuancePolicy": null,
   "verifiableCredential": {
     "format": "JWT",
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsImNvbnRyYWN0VmVyc2lvbiI6Im12ZC1jcmVkZW50aWFsczpjb250cmFjdFZlcnNpb24iLCJsZXZlbCI6Im12ZC1jcmVkZW50aWFsczpsZXZlbCJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNEYXRhUHJvY2Vzc29yQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6bG9jYWxob3N0JTNBNzA4MyIsImNvbnRyYWN0VmVyc2lvbiI6IjEuMC4wIiwibGV2ZWwiOiJwcm9jZXNzaW5nIn19LCJpYXQiOjE3MjEzODQ4NzJ9.rPSA0yvZuiGXnNqXqde-QAYBYXyJ1wDB2-1q2IAiigttX2LbE9paCEvJOXC_hf6Vi1nI-5gzvvIRAESKim2dBw",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsImNvbnRyYWN0VmVyc2lvbiI6Im12ZC1jcmVkZW50aWFsczpjb250cmFjdFZlcnNpb24iLCJsZXZlbCI6Im12ZC1jcmVkZW50aWFsczpsZXZlbCJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNEYXRhUHJvY2Vzc29yQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6bG9jYWxob3N0JTNBNzA4MyIsImNvbnRyYWN0VmVyc2lvbiI6IjEuMC4wIiwibGV2ZWwiOiJwcm9jZXNzaW5nIn19LCJpYXQiOjE3MjEzODU0Nzd9.vmumM-nRghKDASiwXZoRumnGAq_aRRw7UNO6PaIZZGu-Swl4GQzL5-4aXhEw0FrRMBRchmK9_FUcWenzbcBaDw",
     "credential": {
       "credentialSubject": [
         {
diff --git a/deployment/assets/credentials/local/consumer/membership-credential.json b/deployment/assets/credentials/local/consumer/membership-credential.json
index f67c17bc..a97b92c6 100644
--- a/deployment/assets/credentials/local/consumer/membership-credential.json
+++ b/deployment/assets/credentials/local/consumer/membership-credential.json
@@ -8,7 +8,7 @@
   "issuancePolicy": null,
   "reissuancePolicy": null,
   "verifiableCredential": {
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsIm1lbWJlcnNoaXAiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXBUeXBlIiwid2Vic2l0ZSI6Im12ZC1jcmVkZW50aWFsczp3ZWJzaXRlIiwiY29udGFjdCI6Im12ZC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJtdmQtY3JlZGVudGlhbHM6c2luY2UifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwODMiLCJtZW1iZXJzaGlwIjp7Im1lbWJlcnNoaXBUeXBlIjoiRnVsbE1lbWJlciIsIndlYnNpdGUiOiJ3d3cud2hhdGV2ZXIuY29tIiwiY29udGFjdCI6Im1peC5tYXhAd2hhdGV2ZXIuY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTcyMTM4NDg3Mn0.Hle3iommEl5rgeFCY3i6GpvSa5JDEp6bDL9A7GhmJiG_KOa7rMw5EqlDTg3c3ZxFkIwSzQNElPkFcrPA7Sd-Dw",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsIm1lbWJlcnNoaXAiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXBUeXBlIiwid2Vic2l0ZSI6Im12ZC1jcmVkZW50aWFsczp3ZWJzaXRlIiwiY29udGFjdCI6Im12ZC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJtdmQtY3JlZGVudGlhbHM6c2luY2UifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwODMiLCJtZW1iZXJzaGlwIjp7Im1lbWJlcnNoaXBUeXBlIjoiRnVsbE1lbWJlciIsIndlYnNpdGUiOiJ3d3cud2hhdGV2ZXIuY29tIiwiY29udGFjdCI6Im1peC5tYXhAd2hhdGV2ZXIuY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTcyMTM4NTQ3N30.hpaXIX61B0yAXVDbXkpjVXEJyShYCJa-A0HJNUvWcpn_dpDgHoS9ocSPHUEfS3eNnJWodsQ0AFDSnyndjOymCA",
     "format": "JWT",
     "credential": {
       "credentialSubject": [
diff --git a/deployment/assets/credentials/local/provider/dataprocessor-credential.json b/deployment/assets/credentials/local/provider/dataprocessor-credential.json
index fd772b2f..f2bab6bd 100644
--- a/deployment/assets/credentials/local/provider/dataprocessor-credential.json
+++ b/deployment/assets/credentials/local/provider/dataprocessor-credential.json
@@ -9,7 +9,7 @@
   "reissuancePolicy": null,
   "verifiableCredential": {
     "format": "JWT",
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJjb250cmFjdFZlcnNpb24iOiJtdmQtY3JlZGVudGlhbHM6Y29udHJhY3RWZXJzaW9uIiwibGV2ZWwiOiJtdmQtY3JlZGVudGlhbHM6bGV2ZWwifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jRGF0YVByb2Nlc3NvckNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMiLCJjb250cmFjdFZlcnNpb24iOiIxLjAuMCIsImxldmVsIjoicHJvY2Vzc2luZyJ9fSwiaWF0IjoxNzIxMzg0ODcyfQ.beXpdPKlqEpDIBl1DoVtA2PQDQcF_Pl9hHjC2Bbz7T5AOm-o77YevEahUugh831QqjFvOKoYR8Ct1M7PWPE_Dg",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJjb250cmFjdFZlcnNpb24iOiJtdmQtY3JlZGVudGlhbHM6Y29udHJhY3RWZXJzaW9uIiwibGV2ZWwiOiJtdmQtY3JlZGVudGlhbHM6bGV2ZWwifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jRGF0YVByb2Nlc3NvckNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMiLCJjb250cmFjdFZlcnNpb24iOiIxLjAuMCIsImxldmVsIjoicHJvY2Vzc2luZyJ9fSwiaWF0IjoxNzIxMzg1NDc3fQ._i_hg7MgTYZOb_ZsDvQpZrKZQkiN7VDs8sHyBng7cSTAaQoGgCOt8br4yhMw38Qs1EYYHT87S4Fs_yTmp8niDw",
     "credential": {
       "credentialSubject": [
         {
@@ -23,7 +23,7 @@
       "id": "http://org.yourdataspace.com/credentials/1265",
       "type": [
         "VerifiableCredential",
-        "UseCaseFrameworkCondition"
+        "DataProcessorCredential"
       ],
       "issuer": {
         "id": "did:example:dataspace-issuer",
diff --git a/deployment/assets/credentials/local/provider/membership-credential.json b/deployment/assets/credentials/local/provider/membership-credential.json
index 37c6470d..4f25dfad 100644
--- a/deployment/assets/credentials/local/provider/membership-credential.json
+++ b/deployment/assets/credentials/local/provider/membership-credential.json
@@ -8,7 +8,7 @@
   "issuancePolicy": null,
   "reissuancePolicy": null,
   "verifiableCredential": {
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXAiLCJtZW1iZXJzaGlwVHlwZSI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwVHlwZSIsIndlYnNpdGUiOiJtdmQtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJtdmQtY3JlZGVudGlhbHM6Y29udGFjdCIsInNpbmNlIjoibXZkLWNyZWRlbnRpYWxzOnNpbmNlIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMTIzNCIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI01lbWJlcnNoaXBDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDkzIiwibWVtYmVyc2hpcCI6eyJtZW1iZXJzaGlwVHlwZSI6IlByb3NwZWN0TWVtYmVyIiwid2Vic2l0ZSI6Ind3dy5xdWl6enF1YXp6LmNvbSIsImNvbnRhY3QiOiJmb28uYmFyQHF1aXp6cXVhenouY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTcyMTM4NDg3Mn0.LhjWOy5yoxkwxvbDJnTKxmgLJjyJuNlaO970oqaQjXdomOtsvatzzO2_7Ir5JRynSHnEhtyr7tp95du_zriYCg",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXAiLCJtZW1iZXJzaGlwVHlwZSI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwVHlwZSIsIndlYnNpdGUiOiJtdmQtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJtdmQtY3JlZGVudGlhbHM6Y29udGFjdCIsInNpbmNlIjoibXZkLWNyZWRlbnRpYWxzOnNpbmNlIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMTIzNCIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI01lbWJlcnNoaXBDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDkzIiwibWVtYmVyc2hpcCI6eyJtZW1iZXJzaGlwVHlwZSI6IlByb3NwZWN0TWVtYmVyIiwid2Vic2l0ZSI6Ind3dy5xdWl6enF1YXp6LmNvbSIsImNvbnRhY3QiOiJmb28uYmFyQHF1aXp6cXVhenouY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTcyMTM4NTQ3N30.2-ZplCofXyq-Uj9rVmY1tt9rLcXxIw6HVByq-v338mx7qiQSQqt1cv_0RNZ5doMQqR5n1L2MycA5EQtRZGlqCg",
     "format": "JWT",
     "credential": {
       "credentialSubject": [
diff --git a/deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json b/deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json
index 2a07e091..8095b0bc 100644
--- a/deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json
+++ b/deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json
@@ -18,7 +18,7 @@
   "issuanceDate": "2023-08-18T00:00:00Z",
   "credentialSubject": {
     "id": "did:web:localhost%3A7093",
-    "contractVersion": "1.0.0",
-    "level": "processing"
+    "level": "processing",
+    "contractVersion": "1.0.0"
   }
 }
\ No newline at end of file
diff --git a/deployment/modules/catalog-server/variables.tf b/deployment/modules/catalog-server/variables.tf
index 7eaf52ef..4655ff1b 100644
--- a/deployment/modules/catalog-server/variables.tf
+++ b/deployment/modules/catalog-server/variables.tf
@@ -29,12 +29,12 @@ variable "image-pull-policy" {
 
 variable "humanReadableName" {
   type        = string
-  description = "Human readable name of the connector, NOT the BPN!!. Required."
+  description = "Human readable name of the connector, NOT the ID!!. Required."
 }
 
 variable "participantId" {
   type        = string
-  description = "Participant ID of the connector. In Catena-X, this MUST be the BPN"
+  description = "Participant ID of the connector. Usually a DID"
 }
 
 variable "participant-did" {
diff --git a/deployment/modules/identity-hub/variables.tf b/deployment/modules/identity-hub/variables.tf
index 5ad82961..1cbf1a84 100644
--- a/deployment/modules/identity-hub/variables.tf
+++ b/deployment/modules/identity-hub/variables.tf
@@ -23,12 +23,12 @@
 
 variable "humanReadableName" {
   type        = string
-  description = "Human readable name of the connector, NOT the BPN!!. Required."
+  description = "Human readable name of the connector, NOT the ID!!. Required."
 }
 
 variable "participantId" {
   type        = string
-  description = "Participant ID of the connector. In Catena-X, this MUST be the BPN"
+  description = "Participant ID of the connector. Usually a DID"
 }
 
 variable "namespace" {
diff --git a/deployment/postman/MVD K8S.postman_environment.json b/deployment/postman/MVD K8S.postman_environment.json
new file mode 100644
index 00000000..040e1f4a
--- /dev/null
+++ b/deployment/postman/MVD K8S.postman_environment.json	
@@ -0,0 +1,51 @@
+{
+	"id": "9432baf7-0849-46e4-a1a7-dece247a41be",
+	"name": "MVD K8S",
+	"values": [
+		{
+			"key": "HOST",
+			"value": "http://localhost/consumer/cp",
+			"type": "default",
+			"enabled": true
+		},
+		{
+			"key": "CS_URL",
+			"value": "http://localhost/consumer/cs/",
+			"type": "default",
+			"enabled": true
+		},
+		{
+			"key": "PROVIDER_ID",
+			"value": "did:web:provider-identityhub%3A7083:provider",
+			"type": "default",
+			"enabled": true
+		},
+		{
+			"key": "CATALOG_SERVER_DSP_URL",
+			"value": "http://provider-catalog-server-controlplane:8082",
+			"type": "default",
+			"enabled": true
+		},
+		{
+			"key": "CONSUMER_CATALOG_QUERY_URL",
+			"value": "http://localhost/consumer/fc",
+			"type": "default",
+			"enabled": true
+		},
+		{
+			"key": "PROVIDER_DSP_URL",
+			"value": "http://provider-qna-controlplane:8082",
+			"type": "default",
+			"enabled": true
+		},
+		{
+			"key": "PROVIDER_PUBLIC_API",
+			"value": "http://localhost/provider-qna/public",
+			"type": "default",
+			"enabled": true
+		}
+	],
+	"_postman_variable_scope": "environment",
+	"_postman_exported_at": "2024-07-19T12:19:41.675Z",
+	"_postman_exported_using": "Postman/11.4.0"
+}
\ No newline at end of file
diff --git a/deployment/postman/MVD Local Development.postman_environment.json b/deployment/postman/MVD Local Development.postman_environment.json
new file mode 100644
index 00000000..8f8a436a
--- /dev/null
+++ b/deployment/postman/MVD Local Development.postman_environment.json	
@@ -0,0 +1,51 @@
+{
+	"id": "35c096d9-84c2-499f-8ed0-8bcf3275370b",
+	"name": "MVD Local Development",
+	"values": [
+		{
+			"key": "HOST",
+			"value": "http://localhost:8081",
+			"type": "default",
+			"enabled": true
+		},
+		{
+			"key": "CS_URL",
+			"value": "http://localhost:7082",
+			"type": "default",
+			"enabled": true
+		},
+		{
+			"key": "PROVIDER_ID",
+			"value": "did:web:localhost%3A7093",
+			"type": "default",
+			"enabled": true
+		},
+		{
+			"key": "CATALOG_SERVER_DSP_URL",
+			"value": "http://localhost:8092",
+			"type": "default",
+			"enabled": true
+		},
+		{
+			"key": "CONSUMER_CATALOG_QUERY_URL",
+			"value": "http://localhost:8084",
+			"type": "default",
+			"enabled": true
+		},
+		{
+			"key": "PROVIDER_DSP_URL",
+			"value": "http://localhost:8192",
+			"type": "default",
+			"enabled": true
+		},
+		{
+			"key": "PROVIDER_PUBLIC_API",
+			"value": "http://localhost:12001",
+			"type": "default",
+			"enabled": true
+		}
+	],
+	"_postman_variable_scope": "environment",
+	"_postman_exported_at": "2024-07-19T12:19:50.250Z",
+	"_postman_exported_using": "Postman/11.4.0"
+}
\ No newline at end of file
diff --git a/deployment/postman/MVD.postman_collection.json b/deployment/postman/MVD.postman_collection.json
index 01bf99bb..fa29ce5f 100644
--- a/deployment/postman/MVD.postman_collection.json
+++ b/deployment/postman/MVD.postman_collection.json
@@ -91,7 +91,7 @@
 						],
 						"body": {
 							"mode": "raw",
-							"raw": "{\n    \"@context\": {\n        \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n    },\n    \"@type\": \"PolicyDefinitionRequestDto\",\n    \"@id\": \"require-membership\",\n    \"policy\": {\n        \"@type\": \"http://www.w3.org/ns/odrl/2/Set\",\n        \"odrl:permission\": [\n            {\n                \"odrl:action\": \"use\",\n                \"odrl:constraint\": {\n                    \"@type\": \"LogicalConstraint\",\n                    \"odrl:leftOperand\": \"MembershipCredential\",\n                    \"odrl:operator\": {\n                        \"@id\": \"odrl:eq\"\n                    },\n                    \"odrl:rightOperand\": \"active\"\n                }\n            }\n        ]\n    }\n}"
+							"raw": "{\n    \"@context\": {\n        \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n    },\n    \"@type\": \"PolicyDefinitionRequestDto\",\n    \"@id\": \"require-membership\",\n    \"policy\": {\n        \"@type\": \"http://www.w3.org/ns/odrl/2/Set\",\n        \"odrl:permission\": [\n            {\n                \"odrl:action\": \"USE\",\n                \"odrl:constraint\": {\n                    \"@type\": \"LogicalConstraint\",\n                    \"odrl:leftOperand\": \"MembershipCredential\",\n                    \"odrl:operator\": {\n                        \"@id\": \"odrl:eq\"\n                    },\n                    \"odrl:rightOperand\": \"active\"\n                }\n            }\n        ]\n    }\n}"
 						},
 						"url": {
 							"raw": "{{HOST}}/api/management/v3/policydefinitions",
@@ -124,7 +124,7 @@
 						],
 						"body": {
 							"mode": "raw",
-							"raw": "{\n    \"@context\": {\n        \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n    },\n    \"@type\": \"PolicyDefinitionRequestDto\",\n    \"@id\": \"require-dataprocessor\",\n    \"policy\": {\n        \"@type\": \"http://www.w3.org/ns/odrl/2/Set\",\n        \"odrl:obligation\": [\n            {\n                \"odrl:action\": \"use\",\n                \"odrl:constraint\": {\n                    \"@type\": \"LogicalConstraint\",\n                    \"odrl:leftOperand\": \"DataAccess.level\",\n                    \"odrl:operator\": {\n                        \"@id\": \"odrl:eq\"\n                    },\n                    \"odrl:rightOperand\": \"processing\"\n                }\n            }\n        ]\n    }\n}"
+							"raw": "{\n    \"@context\": {\n        \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n    },\n    \"@type\": \"PolicyDefinitionRequestDto\",\n    \"@id\": \"require-dataprocessor\",\n    \"policy\": {\n        \"@type\": \"http://www.w3.org/ns/odrl/2/Set\",\n        \"odrl:obligation\": [\n            {\n                \"odrl:action\": \"USE\",\n                \"odrl:constraint\": {\n                    \"@type\": \"LogicalConstraint\",\n                    \"odrl:leftOperand\": \"DataAccess.level\",\n                    \"odrl:operator\": {\n                        \"@id\": \"odrl:eq\"\n                    },\n                    \"odrl:rightOperand\": \"processing\"\n                }\n            }\n        ]\n    }\n}"
 						},
 						"url": {
 							"raw": "{{HOST}}/api/management/v3/policydefinitions",
@@ -570,7 +570,7 @@
 						],
 						"body": {
 							"mode": "raw",
-							"raw": "{\n    \"@context\": {\n        \"@vocab\": \"https://w3id.org/edc/v0.0.1/ns/\"\n    },\n    \"@type\": \"https://w3id.org/edc/v0.0.1/ns/ContractRequest\",\n    \"counterPartyAddress\": \"{{PROVIDER_DSP_URL}}/api/dsp\",\n    \"counterPartyId\": \"{{PROVIDER_ID}}\",\n    \"protocol\": \"dataspace-protocol-http\",\n    \"policy\": {\n        \"@context\": \"http://www.w3.org/ns/odrl.jsonld\",\n        \"@type\": \"http://www.w3.org/ns/odrl/2/Offer\",\n        \"@id\": \"bWVtYmVyLWFuZC1kYXRhcHJvY2Vzc29yLWRlZg==:YXNzZXQtMQ==:MjcyMzMyZjgtZWM2ZS00MTQ0LWIyYjgtM2ExMzIzMDFjZmQ1\",\n        \"assigner\": \"{{PROVIDER_ID}}\",\n        \"permission\": [],\n        \"prohibition\": [],\n        \"odrl:obligation\": {\n            \"odrl:action\": {\n                \"@id\": \"use\"\n            },\n            \"odrl:constraint\": {\n                \"odrl:leftOperand\": {\n                    \"@id\": \"DataAccess.level\"\n                },\n                \"odrl:operator\": {\n                    \"@id\": \"odrl:eq\"\n                },\n                \"odrl:rightOperand\": \"processing\"\n            }\n        },\n        \"target\": \"asset-1\"\n    },\n    \"callbackAddresses\": []\n}",
+							"raw": "{\n    \"@context\": {\n        \"@vocab\": \"https://w3id.org/edc/v0.0.1/ns/\"\n    },\n    \"@type\": \"https://w3id.org/edc/v0.0.1/ns/ContractRequest\",\n    \"counterPartyAddress\": \"{{PROVIDER_DSP_URL}}/api/dsp\",\n    \"counterPartyId\": \"{{PROVIDER_ID}}\",\n    \"protocol\": \"dataspace-protocol-http\",\n    \"policy\": {\n        \"@context\": \"http://www.w3.org/ns/odrl.jsonld\",\n        \"@type\": \"http://www.w3.org/ns/odrl/2/Offer\",\n        \"@id\": \"bWVtYmVyLWFuZC1kYXRhcHJvY2Vzc29yLWRlZg==:YXNzZXQtMQ==:NDFiMWQzZDUtOTA0OS00ZGRmLTk5MDEtNTYxOTVhYmQzNjNj\",\n        \"assigner\": \"{{PROVIDER_ID}}\",\n        \"permission\": [],\n        \"prohibition\": [],\n        \"odrl:obligation\": {\n            \"odrl:action\": {\n                \"@id\": \"USE\"\n            },\n            \"odrl:constraint\": {\n                \"odrl:leftOperand\": {\n                    \"@id\": \"DataAccess.level\"\n                },\n                \"odrl:operator\": {\n                    \"@id\": \"odrl:eq\"\n                },\n                \"odrl:rightOperand\": \"processing\"\n            }\n        },\n        \"target\": \"asset-1\"\n    },\n    \"callbackAddresses\": []\n}",
 							"options": {
 								"raw": {
 									"language": "json"
diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/AbstractCredentialEvaluationFunction.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/AbstractCredentialEvaluationFunction.java
new file mode 100644
index 00000000..f1564868
--- /dev/null
+++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/AbstractCredentialEvaluationFunction.java
@@ -0,0 +1,42 @@
+/*
+ *  Copyright (c) 2024 Metaform Systems, Inc.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Metaform Systems, Inc. - initial API and implementation
+ *
+ */
+
+package org.eclipse.edc.demo.dcp.policy;
+
+import org.eclipse.edc.iam.verifiablecredentials.spi.model.VerifiableCredential;
+import org.eclipse.edc.spi.agent.ParticipantAgent;
+import org.eclipse.edc.spi.result.Result;
+
+import java.util.List;
+
+public class AbstractCredentialEvaluationFunction {
+    private static final String VC_CLAIM = "vc";
+    protected static final String MVD_NAMESPACE = "https://w3id.org/mvd/credentials/";
+
+    protected Result<List<VerifiableCredential>> getCredentialList(ParticipantAgent agent) {
+        var vcListClaim = agent.getClaims().get(VC_CLAIM);
+
+        if (vcListClaim == null) {
+            return Result.failure("ParticipantAgent did not contain a '%s' claim.".formatted(VC_CLAIM));
+        }
+        if (!(vcListClaim instanceof List)) {
+            return Result.failure("ParticipantAgent contains a '%s' claim, but the type is incorrect. Expected %s, received %s.".formatted(VC_CLAIM, List.class.getName(), vcListClaim.getClass().getName()));
+        }
+        var vcList = (List<VerifiableCredential>) vcListClaim;
+        if (vcList.isEmpty()) {
+            return Result.failure("ParticipantAgent contains a '%s' claim but it did not contain any VerifiableCredentials.".formatted(VC_CLAIM));
+        }
+        return Result.success(vcList);
+    }
+}
diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/DataAccessLevelFunction.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/DataAccessLevelFunction.java
index b4ab48b1..86cbf899 100644
--- a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/DataAccessLevelFunction.java
+++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/DataAccessLevelFunction.java
@@ -23,13 +23,9 @@
 import java.util.Map;
 import java.util.Objects;
 
-public class DataAccessLevelFunction implements AtomicConstraintFunction<Duty> {
+public class DataAccessLevelFunction extends AbstractCredentialEvaluationFunction implements AtomicConstraintFunction<Duty> {
 
-    private final String level;
-
-    public DataAccessLevelFunction(String level) {
-        this.level = level;
-    }
+    private static final String DATAPROCESSOR_CRED_TYPE = "DataProcessorCredential";
 
     @Override
     public boolean evaluate(Operator operator, Object rightOperand, Duty duty, PolicyContext policyContext) {
@@ -37,22 +33,30 @@ public boolean evaluate(Operator operator, Object rightOperand, Duty duty, Polic
             policyContext.reportProblem("Cannot evaluate operator %s, only %s is supported".formatted(operator, Operator.EQ));
             return false;
         }
-        if (!"level".equalsIgnoreCase(rightOperand.toString())) {
-            policyContext.reportProblem("Data access credentials only support right operand 'level', but found '%s'".formatted(operator.toString()));
-            return false;
-        }
         var pa = policyContext.getContextData(ParticipantAgent.class);
         if (pa == null) {
             policyContext.reportProblem("ParticipantAgent not found on PolicyContext");
             return false;
         }
 
-        var claims = pa.getClaims();
+        var credentialResult = getCredentialList(pa);
+        if (credentialResult.failed()) {
+            policyContext.reportProblem(credentialResult.getFailureDetail());
+            return false;
+        }
+
+        return credentialResult.getContent()
+                .stream()
+                .filter(vc -> vc.getType().stream().anyMatch(t -> t.endsWith(DATAPROCESSOR_CRED_TYPE)))
+                .flatMap(credential -> credential.getCredentialSubject().stream())
+                .anyMatch(credentialSubject -> {
+                    var version = credentialSubject.getClaim(MVD_NAMESPACE, "contractVersion");
+                    var level = credentialSubject.getClaim(MVD_NAMESPACE, "level");
 
-        String version = getClaim("contractVersion", claims);
-        String level = getClaim("level", claims);
+                    return version != null && Objects.equals(level, rightOperand);
+                });
 
-        return version != null && Objects.equals(level, rightOperand);
+        
     }
 
     public String key() {
diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java
index f27a7ea4..5b8142a1 100644
--- a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java
+++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java
@@ -14,22 +14,25 @@
 
 package org.eclipse.edc.demo.dcp.policy;
 
+import org.eclipse.edc.iam.verifiablecredentials.spi.model.VerifiableCredential;
 import org.eclipse.edc.jsonld.spi.JsonLdKeywords;
 import org.eclipse.edc.policy.engine.spi.AtomicConstraintFunction;
 import org.eclipse.edc.policy.engine.spi.PolicyContext;
 import org.eclipse.edc.policy.model.Operator;
 import org.eclipse.edc.policy.model.Permission;
 import org.eclipse.edc.spi.agent.ParticipantAgent;
+import org.eclipse.edc.spi.result.Result;
 
 import java.time.Instant;
 import java.util.List;
 import java.util.Map;
 
-public class MembershipCredentialEvaluationFunction implements AtomicConstraintFunction<Permission> {
+public class MembershipCredentialEvaluationFunction extends AbstractCredentialEvaluationFunction implements AtomicConstraintFunction<Permission> {
     public static final String MEMBERSHIP_CONSTRAINT_KEY = "MembershipCredential";
 
-    private static final String MEMBERSHIP_CLAIM = "https://w3id.org/mvd/credentials/membership";
-    private static final String MEMBERSHIP_SINCE_CLAIM = "https://w3id.org/mvd/credentials/since";
+    private static final String MEMBERSHIP_CLAIM = "membership";
+    private static final String SINCE_CLAIM = "since";
+    private static final String ACTIVE = "active";
 
     @SuppressWarnings("unchecked")
     @Override
@@ -38,24 +41,30 @@ public boolean evaluate(Operator operator, Object rightOperand, Permission permi
             policyContext.reportProblem("Invalid operator '%s', only accepts '%s'".formatted(operator, Operator.EQ));
             return false;
         }
+        if (!ACTIVE.equals(rightOperand)) {
+            policyContext.reportProblem("Right-operand must be equal to '%s', but was '%s'".formatted(ACTIVE, rightOperand));
+            return false;
+        }
+
         var pa = policyContext.getContextData(ParticipantAgent.class);
         if (pa == null) {
             policyContext.reportProblem("No ParticipantAgent found on context.");
             return false;
         }
-        var claims = pa.getClaims();
-        Map<String, List<?>> membership = (Map<String, List<?>>) claims.get(MEMBERSHIP_CLAIM);
-        if ("active".equalsIgnoreCase(rightOperand.toString())) {
-            String since = getArrayValue(membership.get(MEMBERSHIP_SINCE_CLAIM));
-            var membershipStartDate = Instant.parse(since);
-
-            return membershipStartDate.isBefore(Instant.now());
+        var credentialResult = getCredentialList(pa);
+        if (credentialResult.failed()) {
+            policyContext.reportProblem(credentialResult.getFailureDetail());
+            return false;
         }
-        return false;
-    }
 
-    private <T> T getArrayValue(List entry) {
-        return (T) ((Map) entry.get(0)).get(JsonLdKeywords.VALUE);
+        return credentialResult.getContent()
+                .stream()
+                .filter(vc -> vc.getType().stream().anyMatch(t -> t.endsWith(MEMBERSHIP_CONSTRAINT_KEY)))
+                .flatMap(vc -> vc.getCredentialSubject().stream().filter(cs -> cs.getClaims().containsKey(MEMBERSHIP_CLAIM)))
+                .anyMatch(credential -> {
+                    var membershipClaim = (Map<String, ?>) credential.getClaim(MVD_NAMESPACE, MEMBERSHIP_CLAIM);
+                    var membershipStartDate = Instant.parse(membershipClaim.get(SINCE_CLAIM).toString());
+                    return membershipStartDate.isBefore(Instant.now());
+                });
     }
-
 }
diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java
index 6de506c3..e9f3e0d2 100644
--- a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java
+++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java
@@ -43,26 +43,22 @@ public class PolicyEvaluationExtension implements ServiceExtension {
     @Override
     public void initialize(ServiceExtensionContext context) {
         var fct = new MembershipCredentialEvaluationFunction();
-        this.bindPermissionFunction(fct, TRANSFER_PROCESS_SCOPE, MEMBERSHIP_CONSTRAINT_KEY);
-        this.bindPermissionFunction(fct, NEGOTIATION_SCOPE, MEMBERSHIP_CONSTRAINT_KEY);
-        this.bindPermissionFunction(fct, CATALOG_SCOPE, MEMBERSHIP_CONSTRAINT_KEY);
 
-        registerDataAccessLevelFunction("processing");
-        registerDataAccessLevelFunction("sensitive");
+        bindPermissionFunction(fct, TRANSFER_PROCESS_SCOPE, MEMBERSHIP_CONSTRAINT_KEY);
+        bindPermissionFunction(fct, NEGOTIATION_SCOPE, MEMBERSHIP_CONSTRAINT_KEY);
+        bindPermissionFunction(fct, CATALOG_SCOPE, MEMBERSHIP_CONSTRAINT_KEY);
+
+        registerDataAccessLevelFunction();
 
     }
 
-    private void registerDataAccessLevelFunction(String accessLevel) {
-        var function = new DataAccessLevelFunction(accessLevel);
+    private void registerDataAccessLevelFunction() {
+        var function = new DataAccessLevelFunction();
         var accessLevelKey = function.key();
 
         bindDutyFunction(function, TRANSFER_PROCESS_SCOPE, accessLevelKey);
         bindDutyFunction(function, NEGOTIATION_SCOPE, accessLevelKey);
         bindDutyFunction(function, CATALOG_SCOPE, accessLevelKey);
-
-        bindDutyFunction(function, TRANSFER_PROCESS_REQUEST_SCOPE, accessLevelKey);
-        bindDutyFunction(function, NEGOTIATION_REQUEST_SCOPE, accessLevelKey);
-        bindDutyFunction(function, CATALOG_REQUEST_SCOPE, accessLevelKey);
     }
 
     private void bindPermissionFunction(AtomicConstraintFunction<Permission> function, String scope, String constraintType) {
diff --git a/tests/end2end/src/test/java/org/eclipse/edc/demo/tests/transfer/TransferEndToEndTest.java b/tests/end2end/src/test/java/org/eclipse/edc/demo/tests/transfer/TransferEndToEndTest.java
index 9caa308a..43ff9edf 100644
--- a/tests/end2end/src/test/java/org/eclipse/edc/demo/tests/transfer/TransferEndToEndTest.java
+++ b/tests/end2end/src/test/java/org/eclipse/edc/demo/tests/transfer/TransferEndToEndTest.java
@@ -62,6 +62,8 @@ public class TransferEndToEndTest {
     // public API endpoint of the provider-qna connector, goes through the ingress controller
     private static final String PROVIDER_PUBLIC_URL = "http://127.0.0.1/provider-qna/public";
     private static final String PROVIDER_MANAGEMENT_URL = "http://127.0.0.1/provider-qna/cp";
+
+
     private static final Duration TEST_TIMEOUT_DURATION = Duration.ofSeconds(120);
     private static final Duration TEST_POLL_DELAY = Duration.ofSeconds(2);
 
@@ -96,7 +98,7 @@ public String fromIri(String s) {
     }
 
     @Test
-    void transferData() {
+    void transferData_hasPermission_shouldTransferData() {
         System.out.println("Waiting for Provider dataplane to come online");
         // wait until provider's dataplane is available
         await().atMost(TEST_TIMEOUT_DURATION)
@@ -247,4 +249,91 @@ void transferData() {
 
         assertThat(response).isNotEmpty();
     }
+
+    @Test
+    void transferData_doesNotHavePermission_shouldTerminate() {
+        System.out.println("Waiting for Provider dataplane to come online");
+        // wait until provider's dataplane is available
+        await().atMost(TEST_TIMEOUT_DURATION)
+                .pollDelay(TEST_POLL_DELAY)
+                .untilAsserted(() -> {
+                    var jp = baseRequest()
+                            .get(PROVIDER_MANAGEMENT_URL + "/api/management/v3/dataplanes")
+                            .then()
+                            .statusCode(200)
+                            .log().ifValidationFails()
+                            .extract().body().jsonPath();
+
+                    var state = jp.getString("state");
+                    assertThat(state).isEqualTo("[AVAILABLE]");
+                });
+
+        System.out.println("Provider dataplane is online, fetching catalog");
+
+        var emptyQueryBody = Json.createObjectBuilder()
+                .add("@context", Json.createObjectBuilder().add("edc", "https://w3id.org/edc/v0.0.1/ns/"))
+                .add("@type", "QuerySpec")
+                .build();
+        var offerId = new AtomicReference<String>();
+        // get catalog, extract offer ID
+        await().atMost(TEST_TIMEOUT_DURATION)
+                .pollDelay(TEST_POLL_DELAY)
+                .untilAsserted(() -> {
+                    var jo = baseRequest()
+                            .body(emptyQueryBody)
+                            .post(CONSUMER_CATALOG_URL + "/api/catalog/v1alpha/catalog/query")
+                            .then()
+                            .log().ifError()
+                            .statusCode(200)
+                            .extract().body().as(JsonArray.class);
+
+                    var offerIdsFiltered = jo.stream().map(jv -> {
+
+                        var expanded = jsonLd.expand(jv.asJsonObject()).orElseThrow(f -> new AssertionError(f.getFailureDetail()));
+                        var cat = transformerRegistry.transform(expanded, Catalog.class).orElseThrow(f -> new AssertionError(f.getFailureDetail()));
+                        return cat.getDatasets().stream().filter(ds -> ds instanceof Catalog) // filter for CatalogAssets
+                                .map(ds -> (Catalog) ds)
+                                .filter(sc -> sc.getDataServices().stream().anyMatch(dataService -> dataService.getEndpointUrl().contains("provider-qna"))) // filter for assets from the Q&A Provider
+                                .flatMap(c -> c.getDatasets().stream())
+                                .filter(dataset -> dataset.getId().equals("asset-2")) // we should not be allowed to negotiation for this asset!
+                                .map(Dataset::getOffers)
+                                .map(offers -> offers.keySet().iterator().next())
+                                .findFirst()
+                                .orElse(null);
+                    }).toList();
+                    assertThat(offerIdsFiltered).hasSize(1);
+                    var oid = offerIdsFiltered.get(0);
+                    assertThat(oid).isNotNull();
+                    offerId.set(oid);
+                });
+
+        System.out.println("Initiate contract negotiation");
+
+        // initiate negotiation
+        var negotiationRequest = TestUtils.getResourceFileContentAsString("negotiation-request.json")
+                .replace("{{PROVIDER_ID}}", PROVIDER_ID)
+                .replace("{{PROVIDER_DSP_URL}}", PROVIDER_DSP_URL)
+                .replace("{{OFFER_ID}}", offerId.get());
+        var negotiationId = baseRequest()
+                .body(negotiationRequest)
+                .post(CONSUMER_MANAGEMENT_URL + "/api/management/v3/contractnegotiations")
+                .then()
+                .log().ifError()
+                .statusCode(200)
+                .extract().body().jsonPath().getString("@id");
+        assertThat(negotiationId).isNotNull();
+
+        //wait until negotiation is TERMINATED
+        await().atMost(TEST_TIMEOUT_DURATION)
+                .pollDelay(TEST_POLL_DELAY)
+                .untilAsserted(() -> {
+                    var jp = baseRequest()
+                            .get(CONSUMER_MANAGEMENT_URL + "/api/management/v3/contractnegotiations/" + negotiationId)
+                            .then()
+                            .statusCode(200)
+                            .extract().body().jsonPath();
+                    var state = jp.getString("state");
+                    assertThat(state).isEqualTo("TERMINATED");
+                });
+    }
 }
diff --git a/tests/end2end/src/test/resources/negotiation-request.json b/tests/end2end/src/test/resources/negotiation-request.json
index 97218afc..b8a4c6c1 100644
--- a/tests/end2end/src/test/resources/negotiation-request.json
+++ b/tests/end2end/src/test/resources/negotiation-request.json
@@ -15,16 +15,16 @@
     "prohibition": [],
     "odrl:obligation": {
       "odrl:action": {
-        "@id": "use"
+        "@id": "USE"
       },
       "odrl:constraint": {
         "odrl:leftOperand": {
-          "@id": "FrameworkCredential.pcf"
+          "@id": "DataAccess.level"
         },
         "odrl:operator": {
           "@id": "odrl:eq"
         },
-        "odrl:rightOperand": "active"
+        "odrl:rightOperand": "processing"
       }
     },
     "target": "asset-1"

From 089519d5997059a54d12dd29da06a47462762ee2 Mon Sep 17 00:00:00 2001
From: Paul Latzelsperger <paul.latzelsperger@beardyinc.com>
Date: Fri, 19 Jul 2024 16:51:54 +0200
Subject: [PATCH 4/4] pr remarks, checkstyle

---
 deployment/postman/MVD.postman_collection.json   | 16 ++++++++--------
 .../MembershipCredentialEvaluationFunction.java  |  4 ----
 .../dcp/policy/PolicyEvaluationExtension.java    |  7 ++-----
 .../java/org/eclipse/edc/demo/dcp/JwtSigner.java |  7 ++-----
 .../tests/transfer/TransferEndToEndTest.java     |  6 +++++-
 .../src/test/resources/negotiation-request.json  |  2 +-
 6 files changed, 18 insertions(+), 24 deletions(-)

diff --git a/deployment/postman/MVD.postman_collection.json b/deployment/postman/MVD.postman_collection.json
index fa29ce5f..f665f08b 100644
--- a/deployment/postman/MVD.postman_collection.json
+++ b/deployment/postman/MVD.postman_collection.json
@@ -91,7 +91,7 @@
 						],
 						"body": {
 							"mode": "raw",
-							"raw": "{\n    \"@context\": {\n        \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n    },\n    \"@type\": \"PolicyDefinitionRequestDto\",\n    \"@id\": \"require-membership\",\n    \"policy\": {\n        \"@type\": \"http://www.w3.org/ns/odrl/2/Set\",\n        \"odrl:permission\": [\n            {\n                \"odrl:action\": \"USE\",\n                \"odrl:constraint\": {\n                    \"@type\": \"LogicalConstraint\",\n                    \"odrl:leftOperand\": \"MembershipCredential\",\n                    \"odrl:operator\": {\n                        \"@id\": \"odrl:eq\"\n                    },\n                    \"odrl:rightOperand\": \"active\"\n                }\n            }\n        ]\n    }\n}"
+							"raw": "{\n    \"@context\": {\n        \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n    },\n    \"@type\": \"PolicyDefinitionRequestDto\",\n    \"@id\": \"require-membership\",\n    \"policy\": {\n        \"@type\": \"http://www.w3.org/ns/odrl/2/Set\",\n        \"odrl:permission\": [\n            {\n                \"odrl:action\": \"use\",\n                \"odrl:constraint\": {\n                    \"@type\": \"LogicalConstraint\",\n                    \"odrl:leftOperand\": \"MembershipCredential\",\n                    \"odrl:operator\": {\n                        \"@id\": \"odrl:eq\"\n                    },\n                    \"odrl:rightOperand\": \"active\"\n                }\n            }\n        ]\n    }\n}"
 						},
 						"url": {
 							"raw": "{{HOST}}/api/management/v3/policydefinitions",
@@ -124,7 +124,7 @@
 						],
 						"body": {
 							"mode": "raw",
-							"raw": "{\n    \"@context\": {\n        \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n    },\n    \"@type\": \"PolicyDefinitionRequestDto\",\n    \"@id\": \"require-dataprocessor\",\n    \"policy\": {\n        \"@type\": \"http://www.w3.org/ns/odrl/2/Set\",\n        \"odrl:obligation\": [\n            {\n                \"odrl:action\": \"USE\",\n                \"odrl:constraint\": {\n                    \"@type\": \"LogicalConstraint\",\n                    \"odrl:leftOperand\": \"DataAccess.level\",\n                    \"odrl:operator\": {\n                        \"@id\": \"odrl:eq\"\n                    },\n                    \"odrl:rightOperand\": \"processing\"\n                }\n            }\n        ]\n    }\n}"
+							"raw": "{\n    \"@context\": {\n        \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n    },\n    \"@type\": \"PolicyDefinitionRequestDto\",\n    \"@id\": \"require-dataprocessor\",\n    \"policy\": {\n        \"@type\": \"http://www.w3.org/ns/odrl/2/Set\",\n        \"odrl:obligation\": [\n            {\n                \"odrl:action\": \"use\",\n                \"odrl:constraint\": {\n                    \"@type\": \"LogicalConstraint\",\n                    \"odrl:leftOperand\": \"DataAccess.level\",\n                    \"odrl:operator\": {\n                        \"@id\": \"odrl:eq\"\n                    },\n                    \"odrl:rightOperand\": \"processing\"\n                }\n            }\n        ]\n    }\n}"
 						},
 						"url": {
 							"raw": "{{HOST}}/api/management/v3/policydefinitions",
@@ -157,7 +157,7 @@
 						],
 						"body": {
 							"mode": "raw",
-							"raw": "{\n    \"@context\": {\n        \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n    },\n    \"@type\": \"PolicyDefinitionRequestDto\",\n    \"@id\": \"require-sensitive\",\n    \"policy\": {\n        \"@type\": \"http://www.w3.org/ns/odrl/2/Set\",\n        \"odrl:obligation\": [\n            {\n                \"odrl:action\": \"USE\",\n                \"odrl:constraint\": {\n                    \"@type\": \"LogicalConstraint\",\n                    \"odrl:leftOperand\": \"DataAccess.level\",\n                    \"odrl:operator\": {\n                        \"@id\": \"odrl:eq\"\n                    },\n                    \"odrl:rightOperand\": \"sensitive\"\n                }\n            }\n        ]\n    }\n}"
+							"raw": "{\n    \"@context\": {\n        \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n    },\n    \"@type\": \"PolicyDefinitionRequestDto\",\n    \"@id\": \"require-sensitive\",\n    \"policy\": {\n        \"@type\": \"http://www.w3.org/ns/odrl/2/Set\",\n        \"odrl:obligation\": [\n            {\n                \"odrl:action\": \"use\",\n                \"odrl:constraint\": {\n                    \"@type\": \"LogicalConstraint\",\n                    \"odrl:leftOperand\": \"DataAccess.level\",\n                    \"odrl:operator\": {\n                        \"@id\": \"odrl:eq\"\n                    },\n                    \"odrl:rightOperand\": \"sensitive\"\n                }\n            }\n        ]\n    }\n}"
 						},
 						"url": {
 							"raw": "{{HOST}}/api/management/v3/policydefinitions",
@@ -570,7 +570,7 @@
 						],
 						"body": {
 							"mode": "raw",
-							"raw": "{\n    \"@context\": {\n        \"@vocab\": \"https://w3id.org/edc/v0.0.1/ns/\"\n    },\n    \"@type\": \"https://w3id.org/edc/v0.0.1/ns/ContractRequest\",\n    \"counterPartyAddress\": \"{{PROVIDER_DSP_URL}}/api/dsp\",\n    \"counterPartyId\": \"{{PROVIDER_ID}}\",\n    \"protocol\": \"dataspace-protocol-http\",\n    \"policy\": {\n        \"@context\": \"http://www.w3.org/ns/odrl.jsonld\",\n        \"@type\": \"http://www.w3.org/ns/odrl/2/Offer\",\n        \"@id\": \"bWVtYmVyLWFuZC1kYXRhcHJvY2Vzc29yLWRlZg==:YXNzZXQtMQ==:NDFiMWQzZDUtOTA0OS00ZGRmLTk5MDEtNTYxOTVhYmQzNjNj\",\n        \"assigner\": \"{{PROVIDER_ID}}\",\n        \"permission\": [],\n        \"prohibition\": [],\n        \"odrl:obligation\": {\n            \"odrl:action\": {\n                \"@id\": \"USE\"\n            },\n            \"odrl:constraint\": {\n                \"odrl:leftOperand\": {\n                    \"@id\": \"DataAccess.level\"\n                },\n                \"odrl:operator\": {\n                    \"@id\": \"odrl:eq\"\n                },\n                \"odrl:rightOperand\": \"processing\"\n            }\n        },\n        \"target\": \"asset-1\"\n    },\n    \"callbackAddresses\": []\n}",
+							"raw": "{\n    \"@context\": {\n        \"@vocab\": \"https://w3id.org/edc/v0.0.1/ns/\"\n    },\n    \"@type\": \"https://w3id.org/edc/v0.0.1/ns/ContractRequest\",\n    \"counterPartyAddress\": \"{{PROVIDER_DSP_URL}}/api/dsp\",\n    \"counterPartyId\": \"{{PROVIDER_ID}}\",\n    \"protocol\": \"dataspace-protocol-http\",\n    \"policy\": {\n        \"@context\": \"http://www.w3.org/ns/odrl.jsonld\",\n        \"@type\": \"http://www.w3.org/ns/odrl/2/Offer\",\n        \"@id\": \"bWVtYmVyLWFuZC1kYXRhcHJvY2Vzc29yLWRlZg==:YXNzZXQtMQ==:MmQ0ZWZjZTYtYzJjNy00NTM5LTk5ODAtZDAwOTlkZDNkOWQy\",\n        \"assigner\": \"{{PROVIDER_ID}}\",\n        \"permission\": [],\n        \"prohibition\": [],\n        \"odrl:obligation\": {\n            \"odrl:action\": {\n                \"@id\": \"use\"\n            },\n            \"odrl:constraint\": {\n                \"odrl:leftOperand\": {\n                    \"@id\": \"DataAccess.level\"\n                },\n                \"odrl:operator\": {\n                    \"@id\": \"odrl:eq\"\n                },\n                \"odrl:rightOperand\": \"processing\"\n            }\n        },\n        \"target\": \"asset-1\"\n    },\n    \"callbackAddresses\": []\n}",
 							"options": {
 								"raw": {
 									"language": "json"
@@ -633,7 +633,7 @@
 						"header": [],
 						"body": {
 							"mode": "raw",
-							"raw": "{\n    \"@context\": {\n        \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n    },\n    \"assetId\": \"asset-1\",\n    \"counterPartyAddress\":  \"{{PROVIDER_DSP_URL}}/api/dsp\",\n    \"connectorId\": \"{{PROVIDER_ID}}\",\n    \"contractId\": \"5613c232-d12e-41de-b0d6-befc290e5309\",\n    \"dataDestination\": {\n        \"type\": \"HttpProxy\"\n    },\n    \"protocol\": \"dataspace-protocol-http\",\n    \"transferType\": \"HttpData-PULL\"\n}",
+							"raw": "{\n    \"@context\": {\n        \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n    },\n    \"assetId\": \"asset-1\",\n    \"counterPartyAddress\":  \"{{PROVIDER_DSP_URL}}/api/dsp\",\n    \"connectorId\": \"{{PROVIDER_ID}}\",\n    \"contractId\": \"47e43627-d9b0-4e35-b534-cef450d7de88\",\n    \"dataDestination\": {\n        \"type\": \"HttpProxy\"\n    },\n    \"protocol\": \"dataspace-protocol-http\",\n    \"transferType\": \"HttpData-PULL\"\n}",
 							"options": {
 								"raw": {
 									"language": "json"
@@ -734,7 +734,7 @@
 							}
 						],
 						"url": {
-							"raw": "{{HOST}}/api/management/v3/edrs/cb60556e-5544-4d37-a5ca-6412b293fc98/dataaddress",
+							"raw": "{{HOST}}/api/management/v3/edrs/713dfab7-c70a-4c7b-9756-d372647276b5/dataaddress",
 							"host": [
 								"{{HOST}}"
 							],
@@ -743,7 +743,7 @@
 								"management",
 								"v3",
 								"edrs",
-								"cb60556e-5544-4d37-a5ca-6412b293fc98",
+								"713dfab7-c70a-4c7b-9756-d372647276b5",
 								"dataaddress"
 							]
 						}
@@ -764,7 +764,7 @@
 							},
 							{
 								"key": "Authorization",
-								"value": "eyJraWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpwcm92aWRlciNrZXktMSIsImFsZyI6IkVTMjU2In0.eyJpc3MiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpwcm92aWRlciIsImF1ZCI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmNvbnN1bWVyIiwic3ViIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6cHJvdmlkZXIiLCJpYXQiOjE3MjExMjUwMTY4NTUsImp0aSI6ImMzODM0YWJmLWE3YjYtNDNmNC05ZWU3LTBjYjIzNzI2NGIzZiJ9.Ok7g_ekPgOuevytQEf3gDaixyUEphTbZa496lUqKYoyS0QIsKsxtYfkbD0tCitUtCkZIgGOIBsq5-A8ia_7UHg",
+								"value": "eyJraWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMja2V5LTEiLCJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMiLCJhdWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwODMiLCJzdWIiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMiLCJpYXQiOjE3MjEzOTMxNjU5ODgsImp0aSI6ImFmOWI2YWIyLTMwNjYtNDNlNi1hNjg1LWIyMDVjNTFkZmJhMyJ9.ute0sLuMgc0bzG_ZUGG9G3pliFfANf9pWDxReiRrWjGudgUa4YmR9ftB5LeZTOvKCBJshRpbZX-hnQxR8fXMWA",
 								"type": "text"
 							}
 						],
diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java
index 5b8142a1..ebdb3fa2 100644
--- a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java
+++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java
@@ -14,17 +14,13 @@
 
 package org.eclipse.edc.demo.dcp.policy;
 
-import org.eclipse.edc.iam.verifiablecredentials.spi.model.VerifiableCredential;
-import org.eclipse.edc.jsonld.spi.JsonLdKeywords;
 import org.eclipse.edc.policy.engine.spi.AtomicConstraintFunction;
 import org.eclipse.edc.policy.engine.spi.PolicyContext;
 import org.eclipse.edc.policy.model.Operator;
 import org.eclipse.edc.policy.model.Permission;
 import org.eclipse.edc.spi.agent.ParticipantAgent;
-import org.eclipse.edc.spi.result.Result;
 
 import java.time.Instant;
-import java.util.List;
 import java.util.Map;
 
 public class MembershipCredentialEvaluationFunction extends AbstractCredentialEvaluationFunction implements AtomicConstraintFunction<Permission> {
diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java
index e9f3e0d2..e22db2f0 100644
--- a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java
+++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java
@@ -24,11 +24,8 @@
 import org.eclipse.edc.spi.system.ServiceExtensionContext;
 
 import static org.eclipse.edc.demo.dcp.policy.MembershipCredentialEvaluationFunction.MEMBERSHIP_CONSTRAINT_KEY;
-import static org.eclipse.edc.demo.dcp.policy.PolicyScopes.CATALOG_REQUEST_SCOPE;
 import static org.eclipse.edc.demo.dcp.policy.PolicyScopes.CATALOG_SCOPE;
-import static org.eclipse.edc.demo.dcp.policy.PolicyScopes.NEGOTIATION_REQUEST_SCOPE;
 import static org.eclipse.edc.demo.dcp.policy.PolicyScopes.NEGOTIATION_SCOPE;
-import static org.eclipse.edc.demo.dcp.policy.PolicyScopes.TRANSFER_PROCESS_REQUEST_SCOPE;
 import static org.eclipse.edc.demo.dcp.policy.PolicyScopes.TRANSFER_PROCESS_SCOPE;
 import static org.eclipse.edc.policy.model.OdrlNamespace.ODRL_SCHEMA;
 
@@ -62,7 +59,7 @@ private void registerDataAccessLevelFunction() {
     }
 
     private void bindPermissionFunction(AtomicConstraintFunction<Permission> function, String scope, String constraintType) {
-        ruleBindingRegistry.bind("USE", scope);
+        ruleBindingRegistry.bind("use", scope);
         ruleBindingRegistry.bind(ODRL_SCHEMA + "use", scope);
         ruleBindingRegistry.bind(constraintType, scope);
 
@@ -70,7 +67,7 @@ private void bindPermissionFunction(AtomicConstraintFunction<Permission> functio
     }
 
     private void bindDutyFunction(AtomicConstraintFunction<Duty> function, String scope, String constraintType) {
-        ruleBindingRegistry.bind("USE", scope);
+        ruleBindingRegistry.bind("use", scope);
         ruleBindingRegistry.bind(ODRL_SCHEMA + "use", scope);
         ruleBindingRegistry.bind(constraintType, scope);
 
diff --git a/launchers/identity-hub/src/test/java/org/eclipse/edc/demo/dcp/JwtSigner.java b/launchers/identity-hub/src/test/java/org/eclipse/edc/demo/dcp/JwtSigner.java
index 916c38b1..9eec6ed5 100644
--- a/launchers/identity-hub/src/test/java/org/eclipse/edc/demo/dcp/JwtSigner.java
+++ b/launchers/identity-hub/src/test/java/org/eclipse/edc/demo/dcp/JwtSigner.java
@@ -55,7 +55,7 @@ public class JwtSigner {
     @SuppressWarnings("unchecked")
     @ParameterizedTest
     @ArgumentsSource(InputOutputProvider.class)
-    void generateJwt(String rawCredentialFilePAth, File vcResource, String did) throws JOSEException, IOException {
+    void generateJwt(String rawCredentialFilePath, File vcResource, String did) throws JOSEException, IOException {
 
         var header = new JWSHeader.Builder(JWSAlgorithm.EdDSA)
                 .keyID("did:example:dataspace-issuer#key-1")
@@ -63,10 +63,8 @@ void generateJwt(String rawCredentialFilePAth, File vcResource, String did) thro
                 .build();
 
 
-        //todo: change this to whatever credential JSON you want to sign
-        var credential = mapper.readValue(new File(rawCredentialFilePAth), Map.class);
+        var credential = mapper.readValue(new File(rawCredentialFilePath), Map.class);
 
-        //todo: change the claims to suit your needs
         var claims = new JWTClaimsSet.Builder()
                 .audience(did)
                 .subject(did)
@@ -85,7 +83,6 @@ void generateJwt(String rawCredentialFilePAth, File vcResource, String did) thro
 
         var content = Files.readString(vcResource.toPath());
         var updatedContent = content.replaceFirst("\"rawVc\":.*,", "\"rawVc\": \"%s\",".formatted(jwt.serialize()));
-//        mapper.writeValue(vcResource, updatedContent);
         Files.write(vcResource.toPath(), updatedContent.getBytes());
     }
 
diff --git a/tests/end2end/src/test/java/org/eclipse/edc/demo/tests/transfer/TransferEndToEndTest.java b/tests/end2end/src/test/java/org/eclipse/edc/demo/tests/transfer/TransferEndToEndTest.java
index 43ff9edf..e683f70c 100644
--- a/tests/end2end/src/test/java/org/eclipse/edc/demo/tests/transfer/TransferEndToEndTest.java
+++ b/tests/end2end/src/test/java/org/eclipse/edc/demo/tests/transfer/TransferEndToEndTest.java
@@ -35,6 +35,7 @@
 import org.eclipse.edc.transform.spi.TypeTransformerRegistry;
 import org.eclipse.edc.transform.transformer.edc.to.JsonValueToGenericTypeTransformer;
 import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
 
 import java.time.Duration;
@@ -97,6 +98,7 @@ public String fromIri(String s) {
         }).forEach(transformerRegistry::register);
     }
 
+    @DisplayName("Tests a successful End-to-End contract negotiation and data transfer")
     @Test
     void transferData_hasPermission_shouldTransferData() {
         System.out.println("Waiting for Provider dataplane to come online");
@@ -250,6 +252,7 @@ void transferData_hasPermission_shouldTransferData() {
         assertThat(response).isNotEmpty();
     }
 
+    @DisplayName("Tests a failing End-to-End contract negotiation because of an unfulfilled policy")
     @Test
     void transferData_doesNotHavePermission_shouldTerminate() {
         System.out.println("Waiting for Provider dataplane to come online");
@@ -313,7 +316,8 @@ void transferData_doesNotHavePermission_shouldTerminate() {
         var negotiationRequest = TestUtils.getResourceFileContentAsString("negotiation-request.json")
                 .replace("{{PROVIDER_ID}}", PROVIDER_ID)
                 .replace("{{PROVIDER_DSP_URL}}", PROVIDER_DSP_URL)
-                .replace("{{OFFER_ID}}", offerId.get());
+                .replace("{{OFFER_ID}}", offerId.get())
+                .replaceFirst("\"odrl:rightOperand\": \"processing\"", " \"odrl:rightOperand\": \"sensitive\"");
         var negotiationId = baseRequest()
                 .body(negotiationRequest)
                 .post(CONSUMER_MANAGEMENT_URL + "/api/management/v3/contractnegotiations")
diff --git a/tests/end2end/src/test/resources/negotiation-request.json b/tests/end2end/src/test/resources/negotiation-request.json
index b8a4c6c1..79c1ae4e 100644
--- a/tests/end2end/src/test/resources/negotiation-request.json
+++ b/tests/end2end/src/test/resources/negotiation-request.json
@@ -15,7 +15,7 @@
     "prohibition": [],
     "odrl:obligation": {
       "odrl:action": {
-        "@id": "USE"
+        "@id": "use"
       },
       "odrl:constraint": {
         "odrl:leftOperand": {