To perform actions in the Origin marketplace, you have to be registered. This is necessary because actions like requesting and claiming certificates have to be mapped to specific entities in the system. This is the only way to ensure accountability and prevent double counting. To reflect the situation in the real world, the Origin marketplace has the concept of organizations. Organizations are registered with the system and have multiple user accounts associated with them. The users that are created by the organization can have different permissions. User accounts usually reflect the rights and responsibilities of specific employees or departments within the organization. Users can own devices which are usually electricity generators. Devices and their specific characteristics have to be registered in the system to provide trust in the validity of certificates that are issued for them. But not everyone that wants to access the Origin marketplace has to be registered. If you only want to see a list of registered devices or the posted supplies and demands, you do not need to have an account. But you will be asked to register once you want to interact with the system further.


Users and their permissions in the Origin marketplace are tied to digital entities that are called organizations. Every organization has an admin user that has to provide a set of mandatory information to register the organization. All required information and documents are provided through a user interface. After the organization is successfully registered, the admin user account can perform user management. New users can be invited to join the organization and can be given specific permissions. As the name suggests, organizations are mostly companies that specify permissions for the user accounts of their employees. To ensure that only registered users can perform actions in the system, every user has to be associated with an organization, be a lead user or go through a KYC process as a user.

If Origin is integrated into a certificate registry, organizations that own generation devices have to be authenticated as active members of the certificate registry to interact with the system. This means, that in order for users to be allowed to perform actions like device management or requesting certificates, their organization has to have a confirmed active membership in the registry. Accordingly, if the membership is suspended or terminated, this will prevent all the users associated with this organization from interacting with the Origin marketplace.


To manage users and devices, request certificates, post supplies and demands, and claim certificates, users need to have an account in Origin. The main account of every organization is the lead user. Organizations use it to create user accounts and perform user management. The lead user sets permissions for all created users based on their roles in the organization. One examples of a role is the device manager that is responsible for registering devices, providing generation evidence and requesting certificates. Another is the trader that is responsible for buying and selling of issued certificates. All users that are created by the organization's lead user are automatically associated to the organization and do not have to go through any additional KYC process.

In the case that Origin is integrated into a certificate registry, it is important to ensure synchronization between the systems on the user level. As a result, if a device owner organization registers a lead user in Origin, this will automatically trigger an application with the certificate registry as well. Similarly, users that already have an account in the certificate registry will be able to import this account into Origin. To securely import their account, users have to authenticate themselves using the authentication system of the certificate registry and transfer this information to Origin. Only then is the account verified. In Origin, the authentication token and registry ID can be used to confirm the users identity. This way, it can be ensured that every action that is performed in Origin is also valid in the certificate registry.

Buyer organizations mostly do not require synchronization with the certificate registry. As a result, they will not need an account in the compliance registry and Origin is the single point of truth for their user accounts. Buyers only have to register with Origin to interact with the marketplace.


Generation devices have to be registered with Origin because certificates are always tied to the device for which generation evidence was submitted. The certificate inherits many characteristics from the generation device. As a result, it is essential to have certainty about which device the certificate came from and that the stated device characteristics are actually correct. Only allowing generation evidence from registered devices therefore facilitates traceability and prevents misconduct. If Origin is fully integrated with a certificate registry, it relies on the registration process implemented by this registry. Only devices that have passed the rigorous requirements enforced by the registry, which often include on-site visits by independent device verifiers, can request certificates in Origin.

All necessary information and documents to register a device in Origin can be provided through a user interface. If Origin is integrated with a compliance registry, a registration request is automatically forwarded to the registry, where their registration process is initiated. Everything that involves the registration process of the registry, e.g. if there is a need for a on-site visit or additional documents, is handled directly between the user and the registry. Devices that are already registered with the compliance registry have to be imported into Origin. Only users that are authenticated as active members of the certificate registry can import their devices. This way it is ensured that no one else can import devices and claim certificates in Origin but the verified owner of the device.


  1. All users have to either be registered lead users, be associated with a registered organization or be authenticated through certificate registry

  2. Only registered organizations/lead users can create new user accounts

  3. Only registered organizations/lead users can set user permissions

  4. Only registered users with the right permissions can register and own devices

  5. Only registered users with the right permissions can request certificates

  6. Only registered users with the right permissions can trade certificates

  7. Only registered users with the right permissions can claim certificates

  8. Users can only request certificates for registered devices