Integrate digital credentials into existing systems. Without rebuilding.
SOWL sits between existing systems, wallets, and target systems and connects them through standardized workflows. Business systems remain authoritative, credentials become usable across systems.
This page shows how the architecture is structured and how it fits in.
Built for live production.
SOWL is designed to operate within existing system landscapes. Existing systems remain authoritative and are not replaced. Integration is carried out via clearly defined interfaces.
Credentials can be versioned, revoked, and time-limited. Every use includes a current status check. The trust basis is continuously evaluated throughout.
HOW SOWL WORKS IN EXISTING SYSTEM LANDSCAPES.
Standardized protocols
The architecture connects existing systems via open protocols. OpenID4VCI controls the issuance of credentials, OpenID4VP their presentation and verification. Formats such as SD-JWT and mDoc enable the selective disclosure of individual attributes.
Issuance from existing systems
The process starts in the existing system, such as IAM or KYC. Business decisions are passed to the issuer via defined interfaces and made available as signed credentials. This turns an internal verification result into a portable credential for use in other systems.
Use via wallets
Credentials are stored in the user's wallet and made available when needed in a specific use context. Target systems request precisely the credentials required for a decision. The wallet controls which information is disclosed, to what extent, and to which system.
Real-time verification
The verifier checks the signature, origin, status, and trust basis of a credential in the context of the specific request. Verification is automated with every use. Target systems do not receive a raw data package but a verified result that can be processed directly.
Decoupling of systems
Issuer, verifier, wallet, and business systems are technically separated from one another. Decision, credential, and use therefore remain independent and do not need to be mapped within a shared system. This simplifies scaling, makes it easier to connect additional systems, and reduces the need to modify existing architectures.
Integration into existing IAM structures
IAM systems remain responsible for authentication and authorization. SOWL extends existing decision logic with digital credentials without replacing role models or control mechanisms. Existing processes remain usable and are enhanced with a verifiable credential layer.
SOWL fully supports EUDI Wallet / eIDAS 2.0.
The complete technical ecosystem of the EUDI Wallet.
This includes the credential formats SD-JWT VC, mdoc/mDL, and VCDM 2.0, the issuance and presentation protocols OID4VCI and OID4VP, Authorization Code Flow with PKCE, W3C Digital Credentials API, and DCQL. For trust infrastructure: PID/(Q)EAA issuance, wallet instance and unit attestation, HSM/WSCD, ASL, CRL/ARL, short-lived credentials, trust lists, QES/QSeal, and EU Business Wallet.
Additional trust ecosystems.
SOWL also supports: swiyu / Swiss E-ID with did:webvh and OpenID Federation, GLEIF vLEI (KERI/ACDC), AnonCreds with zero-knowledge proofs, DIDs/DIDComm (including Hyperledger Aries/Indy), C2PA/Content Credentials, and Trust over IP with TSP and TRQP.
Understanding the architecture in your environment.
In the first conversation, we walk through your existing system landscape and show where credentials can be meaningfully integrated. You receive a concrete assessment, not a product pitch.
