Overview
:::info Source
Sourced from services/certification-service/SERVICE_OVERVIEW.md in the documentation repo.
:::
1. Purpose
Issues verifiable certificates on course completion. Manages templates, JWS proof, verification tokens, revocation, offline issuance claims. Retention indefinite for verifiability.
2. Bounded Context
Certification (Supporting). Ubiquitous language: Certificate, CertificateTemplate, IssuanceProof, RevocationRecord, VerificationToken, OfflineIssuanceClaim.
3. Responsibilities
- Listen for
progress.completion.recorded.v1→ issue certificate. - Render PDF + PNG + OpenBadges 3.0 artifacts.
- Expose public verification endpoint (unauthenticated, rate-limited).
- Handle offline issuance claims (learner completes offline → local claim → verify + issue on reconnect).
- Support revocation with reason + propagation.
4. Non-Responsibilities
- Does not grade (assessment); does not record completion (progress); does not store learner PII beyond name + enrollment ref.
5. Dependencies
- Upstream: progress-service (completion event), authoring-service (template refs).
- Downstream: notification-service (issued cert notification), analytics-service, search-service (indexable).
- External: (optional) blockchain anchors for tamper-evident cert.
6. Slices & Milestones
- S1 (M1): certificate stub (issue + verify).
- S4 (M3): full templates + branding + OpenBadges.
- S5 (M4): offline issuance claim flow; mobile wallet support.
7. Architectural Freeze Points
- F13 — Certificate proof JWS schema: frozen M3 start; additive fields only.
- F14 — Verification token format: frozen M3 start.
8. Key Invariants
- One certificate per (enrollment, courseVersion) unless retake creates new attempt.
- Certificate state:
pending_offline_verification → issued → revoked. - JWS proof signed by tenant key; public key via JWKS on verification endpoint.
- Verification token is ULID with HMAC fingerprint.