Version: 1.0 (Draft – Normative)
This document defines the technical specification for onboarding users into Digital Energy Programs through multiple channels. This is a standards-track document.
- Scope
- Normative References
- Definitions
- Architectural Overview
- Identity & Authentication Specification
- Asset Model Specification
- Program Owner Specification (BPP Role)
- Enrolment Channel Specification
- Beckn-Based Enrollment Flow Specification
- Enrollment Criteria Specification
- Credential Specification
- Registries
- Security Considerations
- Privacy Considerations
- Compliance Requirements
- Appendix (Message Structures)
This specification defines the protocols, message structures, identifiers, interactions, and requirements for enrolling users into digital energy programs using:
- Utility Portals
- Certified Enrolment Agency Portals
- Network Participant Applications using an Onboarding SDK
The specification covers:
- Identity and authentication
- Meter and DER association
- Program discovery and eligibility verification
- Consent acquisition
- Credential issuance
- Multi-utility onboarding
- Multi-persona handling
- Beckn protocol interactions for search → select → init → confirm
This document is globally applicable and does not depend on any specific national identity scheme, tariff structure, or regulatory regime.
The following specifications are normative:
- Beckn Protocol 1.x / 2.0 — Discovery, Ordering, Fulfillment flows
- W3C DID Core
- W3C Verifiable Credentials (VC Data Model)
- OpenID Connect Core
- RFC 6749 – OAuth 2.0
- RFC 8259 – JSON
- ISO/IEC 30141 – IoT Reference Architecture
- DEG Vision Document (Identity, Verifiability, Interoperability principles)
One of:
- National ID (e.g., Social Security Number, Aadhaar, SIN, BankID, etc.)
- Program-level Meter Identifier (UMID)
- Utility Customer Identifier
A utility-certified entity authorized to conduct onboarding flows.
Entity operating a digital energy program. In Beckn terms, Program Owner implements a BPP.
Any BAP, BPP, NFO, EV app, DER app, or aggregator application integrating via the SDK.
Appliances consuming or producing energy through a user-side meter.
The onboarding architecture comprises:
- OIDC-based unified Identity Provider (IdP)
- Federation with national ID or utility ID providers
- All login returns a
subject_id
Defines relationships:
- User ↔ Utility ↔ Accounts ↔ Meters ↔ Sites ↔ DERs (EV, solar, battery)
Each Program Owner exposes:
- Beckn Discovery endpoint
- Beckn Select + Init + Confirm to communicate eligibility and enrollment requirements
- Issuance of Program Enrollment Credential
Three approved channels:
- Utility Portal
- Certified Enrolment Agency Portal
- Network Participant App (via SDK)
All enrollment outcomes must issue:
- Program Enrollment Credential as a Verifiable Credential
The IdP MUST:
-
Support OIDC Authorization Code Flow
-
Support at least three identifiers:
national_idmeter_id(UMID)utility_customer_id
-
Issue ID Tokens containing:
{
"sub": "<subject_id>",
"id_type": "national|meter|utility",
"meter_ids": ["<umid>"],
"utility_customer_ids": ["<>"],
"acr": "assurance_level",
"iss": "https://idp.example.com"
}The IdP MUST support:
- MFA (OTP, email, authenticator app, or national ID provider’s MFA)
- Federation with external trusted ID schemes
Every ecosystem MUST support the following data model:
User
subject_id- Contact info
Utility
utility_id- Service areas (CIM regions)
Meter
umid(universal meter identity)utility_meter_idutility_idsite_id
DER
der_idder_type(EV, solarPV, battery, heat pump, V2G-EV)primary_meter(umid)secondary_utilityfor cross-utility usage
Program
program_id- Owned by Program Owner (BPP)
Program Owners MUST expose:
POST /search(Beckn Search) Returns metadata:- Supported personas
- Supported utilities
- Enrollment prerequisites
The Init API MUST return:
{
"enrollment_criteria": {
"documents_required": [...],
"proof_required": [...],
"consents_required": [...],
"cross_utility_checks": [...],
"der_certification_required": true|false
},
"next_steps": "collect_documents"
}The Confirm API MUST:
- Approve or reject enrollment
- Issue Program Enrollment Credential
Three channels MUST use identical Beckn interactions.
- MUST redirect to IdP for login
- MUST invoke
search → select → init → confirmon Program Owner’s BPP - MUST store final Program Enrollment Credential for user
- MUST redirect to IdP
- MUST call Program Owner BPP
- MUST include EA identity header:
X-Enrollment-Agency-ID: <ea_id>
- MUST embed onboarding SDK
- MUST NOT directly call BPP
- SDK MUST perform all Beckn operations
- SDK MUST NOT override Enrollment decisions
-
search– Program discovery -
on_search– Program Owner BPP responds -
select– User selects program -
on_select– Program Owner returns preliminary eligibility -
init– User submits identifiers, meters, DERs -
on_init– Program Owner returns:- Required consents
- Required proofs
- Cross-utility checks
-
confirm– User submits consents + proofs -
on_confirm– Program Owner issues enrollment credential
init.request
{
"subject_id": "did:example:123",
"meters": ["umid-123", "umid-456"],
"ders": ["der-ev-001"],
"cross_utility_info": ["utilityB"],
"persona_type": "consumer_multimeter"
}Program Owners MUST publish criteria via Beckn Select/Init, not via registries.
Criteria MUST be returned as structured data:
{
"criteria": {
"identity": ["national_id|meter_id|utility_id"],
"meter_association": true,
"der_certification": true,
"utility_ownership_verification": true,
"cross_utility_consent_required": true,
"v2g_control_consent_required": false
}
}Required fields:
{
"@context": ["https://www.w3.org/2018/credentials/v1", "https://dedi.global/energy-program/v1"],
"type": ["VerifiableCredential", "ProgramEnrollmentCredential"],
"issuer": "<program_owner_did>",
"credentialSubject": {
"subject_id": "<user>",
"program_id": "<program>",
"meters": ["<umid>"],
"ders": ["<der_id>"],
"roles": ["consumer|prosumer|v2g-participant"],
"constraints": {...}
}
}Must support StatusList revocation.
Program discovery and criteria are not registries.
The following registries MUST exist on dedi.global:
Contains:
- Utility ID
- Public keys
- Service areas
Contains:
- EA ID
- Certification details
- Supported utilities
- Public signing keys
Contains:
- Program Enrollment Credential schema
- Meter/DER schemas
- Consent schema
Registries MUST be publicly accessible and versioned.
- All Beckn messages MUST be signed (non-repudiation).
- IdP must enforce MFA where legally required.
- DER control consents MUST be explicit.
- Cross-utility interactions MUST use mutual TLS.
- Programs MUST request minimum necessary data.
- National IDs must not be stored by Program Owners without legal basis.
- Cross-utility data sharing requires explicit consent.
- Users must be able to revoke participation at any time.
Entities MUST comply with:
- Data protection laws (GDPR, CCPA, PDPA, etc.)
- Grid/utility regulatory frameworks
- Beckn protocol compliance
- Credential issuance standards
- Deg Vision principles (identity, verifiability, interoperability)
{
"context": { "action": "init" },
"message": {
"order": {
"provider": { "id": "program-owner-bpp" },
"items": [{ "id": "program-id" }],
"fulfillments": [{
"customer": { "id": "<subject_id>" },
"instrument": {
"meters": ["umid-1"],
"ders": ["der-1"]
}
}]
}
}
}{
"message": {
"order": {
"provider": { "id": "program-owner-bpp" },
"id": "enrollment-12345",
"state": "CONFIRMED",
"documents": [{
"type": "ProgramEnrollmentCredential",
"url": "https://utility.example.com/credential/123"
}]
}
}
}