diff --git a/Cargo.lock b/Cargo.lock
index 13e2925ab2..6b1cb397e7 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -991,6 +991,8 @@ dependencies = [
  "parachain-info",
  "parity-scale-codec",
  "polkadot-parachain",
+ "public-credentials",
+ "public-credentials-runtime-api",
  "runtime-common",
  "scale-info",
  "serde",
@@ -1929,6 +1931,7 @@ dependencies = [
  "log",
  "pallet-balances",
  "parity-scale-codec",
+ "public-credentials",
  "scale-info",
  "serde",
  "sp-core",
@@ -1998,7 +2001,7 @@ dependencies = [
 
 [[package]]
 name = "did-rpc"
-version = "1.6.2"
+version = "1.7.2"
 dependencies = [
  "did-rpc-runtime-api",
  "jsonrpsee",
@@ -2011,7 +2014,7 @@ dependencies = [
 
 [[package]]
 name = "did-rpc-runtime-api"
-version = "1.6.2"
+version = "1.7.2"
 dependencies = [
  "did",
  "kilt-support",
@@ -3593,6 +3596,21 @@ version = "0.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f9b7d56ba4a8344d6be9729995e6b06f928af29998cdf79fe390cbf6b1fee838"
 
+[[package]]
+name = "kilt-asset-dids"
+version = "1.7.2"
+dependencies = [
+ "base58",
+ "frame-support",
+ "hex",
+ "hex-literal",
+ "log",
+ "parity-scale-codec",
+ "scale-info",
+ "sp-core",
+ "sp-std",
+]
+
 [[package]]
 name = "kilt-parachain"
 version = "1.7.2"
@@ -3618,6 +3636,7 @@ dependencies = [
  "hex-literal",
  "jsonrpsee",
  "log",
+ "node-common",
  "pallet-did-lookup",
  "pallet-transaction-payment-rpc",
  "parity-scale-codec",
@@ -3627,6 +3646,8 @@ dependencies = [
  "polkadot-parachain",
  "polkadot-primitives",
  "polkadot-service",
+ "public-credentials",
+ "public-credentials-rpc",
  "runtime-common",
  "sc-basic-authorship",
  "sc-chain-spec",
@@ -4598,9 +4619,12 @@ dependencies = [
  "jsonrpsee",
  "log",
  "mashnet-node-runtime",
+ "node-common",
  "pallet-did-lookup",
  "pallet-transaction-payment",
  "pallet-transaction-payment-rpc",
+ "public-credentials",
+ "public-credentials-rpc",
  "runtime-common",
  "sc-basic-authorship",
  "sc-cli",
@@ -4673,6 +4697,8 @@ dependencies = [
  "pallet-utility",
  "pallet-web3-names",
  "parity-scale-codec",
+ "public-credentials",
+ "public-credentials-runtime-api",
  "runtime-common",
  "scale-info",
  "serde",
@@ -5047,6 +5073,16 @@ dependencies = [
  "libc",
 ]
 
+[[package]]
+name = "node-common"
+version = "1.7.2"
+dependencies = [
+ "kilt-support",
+ "public-credentials",
+ "public-credentials-rpc",
+ "serde",
+]
+
 [[package]]
 name = "nodrop"
 version = "0.1.14"
@@ -6511,6 +6547,8 @@ dependencies = [
  "parachain-staking",
  "parity-scale-codec",
  "polkadot-parachain",
+ "public-credentials",
+ "public-credentials-runtime-api",
  "runtime-common",
  "scale-info",
  "serde",
@@ -7990,6 +8028,49 @@ dependencies = [
  "cc",
 ]
 
+[[package]]
+name = "public-credentials"
+version = "1.7.2"
+dependencies = [
+ "base58",
+ "ctype",
+ "frame-benchmarking",
+ "frame-support",
+ "frame-system",
+ "hex",
+ "kilt-support",
+ "log",
+ "pallet-balances",
+ "parity-scale-codec",
+ "scale-info",
+ "sp-core",
+ "sp-io",
+ "sp-keystore",
+ "sp-runtime",
+ "sp-std",
+]
+
+[[package]]
+name = "public-credentials-rpc"
+version = "1.7.2"
+dependencies = [
+ "jsonrpsee",
+ "parity-scale-codec",
+ "public-credentials-runtime-api",
+ "sp-api",
+ "sp-blockchain",
+ "sp-runtime",
+]
+
+[[package]]
+name = "public-credentials-runtime-api"
+version = "1.7.2"
+dependencies = [
+ "parity-scale-codec",
+ "sp-api",
+ "sp-std",
+]
+
 [[package]]
 name = "quick-error"
 version = "1.2.3"
@@ -8440,6 +8521,8 @@ dependencies = [
  "attestation",
  "frame-support",
  "frame-system",
+ "kilt-asset-dids",
+ "kilt-support",
  "log",
  "pallet-authorship",
  "pallet-balances",
@@ -8448,6 +8531,7 @@ dependencies = [
  "parachain-staking",
  "parity-scale-codec",
  "polkadot-parachain",
+ "public-credentials",
  "scale-info",
  "serde",
  "smallvec",
@@ -10822,6 +10906,8 @@ dependencies = [
  "parachain-staking",
  "parity-scale-codec",
  "polkadot-parachain",
+ "public-credentials",
+ "public-credentials-runtime-api",
  "runtime-common",
  "scale-info",
  "serde",
diff --git a/Cargo.toml b/Cargo.toml
index 040d093c24..a91307b735 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -7,6 +7,9 @@ members = [
   "pallets/*",
   "rpc/did",
   "rpc/did/runtime-api",
+  "rpc/public-credentials",
+  "rpc/public-credentials/runtime-api",
   "runtimes/*",
   "support",
+  "crates/*",
 ]
diff --git a/README.md b/README.md
index 6b15195d69..d52b685d45 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# KILT-node · [![tests](https://gitlab.com/kiltprotocol/mashnet-node/badges/develop/pipeline.svg)](https://gitlab.com/kiltprotocol/mashnet-node/-/commits/develop)
+# KILT-node · [![tests](https://gitlab.com/kiltprotocol/kilt-node/badges/develop/pipeline.svg)](https://gitlab.com/kiltprotocol/kilt-node/-/commits/develop)
 
 
 <p align="center">
diff --git a/crates/assets/Cargo.toml b/crates/assets/Cargo.toml
new file mode 100644
index 0000000000..8a94802e8f
--- /dev/null
+++ b/crates/assets/Cargo.toml
@@ -0,0 +1,36 @@
+[package]
+authors = ["KILT <info@kilt.io>"]
+description = "Asset DIDs and related structs, suitable for no_std environments."
+edition = "2021"
+name = "kilt-asset-dids"
+repository = "https://github.com/KILTprotocol/kilt-node"
+version = "1.7.2"
+
+[dependencies]
+# External dependencies
+base58 = {version = "0.2.0", default-features = false}
+hex = {version = "0.4.3", default-features = false}
+hex-literal = {version = "0.3.4", default-features = false}
+log = {version = "0.4.17", default-features = false}
+
+# Parity dependencies
+codec = {package = "parity-scale-codec", version = "3.1.2", default-features = false, features = ["derive"]}
+scale-info = {version = "2.1.1", default-features = false, features = ["derive"]}
+
+# Substrate dependencies
+frame-support = {branch = "polkadot-v0.9.28", default-features = false, git = "https://github.com/paritytech/substrate"}
+sp-core = {branch = "polkadot-v0.9.28", default-features = false, git = "https://github.com/paritytech/substrate"}
+sp-std = {branch = "polkadot-v0.9.28", default-features = false, git = "https://github.com/paritytech/substrate"}
+
+[features]
+default = ["std"]
+
+std = [
+  "codec/std",
+  "hex/std",
+  "log/std",
+  "scale-info/std",
+  "frame-support/std",
+  "sp-core/std",
+  "sp-std/std",
+]
diff --git a/crates/assets/src/asset.rs b/crates/assets/src/asset.rs
new file mode 100644
index 0000000000..413adb10b9
--- /dev/null
+++ b/crates/assets/src/asset.rs
@@ -0,0 +1,947 @@
+// KILT Blockchain – https://botlabs.org
+// Copyright (C) 2019-2022 BOTLabs GmbH
+
+// The KILT Blockchain is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// The KILT Blockchain is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+// If you feel like getting in touch with us, you can do so at info@botlabs.org
+
+// Exported types. This will always only re-export the latest version by
+// default.
+pub use v1::*;
+
+pub mod v1 {
+	use crate::errors::asset::{Error, IdentifierError, NamespaceError, ReferenceError};
+
+	use codec::{Decode, Encode, MaxEncodedLen};
+	use scale_info::TypeInfo;
+
+	use core::{format_args, str};
+
+	use frame_support::{sp_runtime::RuntimeDebug, traits::ConstU32, BoundedVec};
+	use sp_core::U256;
+	use sp_std::{fmt::Display, vec::Vec};
+
+	/// The minimum length, including separator symbols, an asset ID can have
+	/// according to the minimum values defined by the CAIP-19 definition.
+	pub const MINIMUM_ASSET_ID_LENGTH: usize = MINIMUM_NAMESPACE_LENGTH + 1 + MINIMUM_REFERENCE_LENGTH;
+	/// The maximum length, including separator symbols, an asset ID can have
+	/// according to the minimum values defined by the CAIP-19 definition.
+	pub const MAXIMUM_ASSET_ID_LENGTH: usize =
+		MAXIMUM_NAMESPACE_LENGTH + 1 + MAXIMUM_REFERENCE_LENGTH + 1 + MAXIMUM_IDENTIFIER_LENGTH;
+
+	/// The minimum length of a valid asset ID namespace.
+	pub const MINIMUM_NAMESPACE_LENGTH: usize = 3;
+	/// The maximum length of a valid asset ID namespace.
+	pub const MAXIMUM_NAMESPACE_LENGTH: usize = 8;
+	const MAXIMUM_NAMESPACE_LENGTH_U32: u32 = MAXIMUM_NAMESPACE_LENGTH as u32;
+	/// The minimum length of a valid asset ID reference.
+	pub const MINIMUM_REFERENCE_LENGTH: usize = 1;
+	/// The maximum length of a valid asset ID reference.
+	pub const MAXIMUM_REFERENCE_LENGTH: usize = 64;
+	const MAXIMUM_REFERENCE_LENGTH_U32: u32 = MAXIMUM_REFERENCE_LENGTH as u32;
+	/// The minimum length of a valid asset ID identifier.
+	pub const MINIMUM_IDENTIFIER_LENGTH: usize = 1;
+	/// The maximum length of a valid asset ID reference.
+	pub const MAXIMUM_IDENTIFIER_LENGTH: usize = 78;
+	const MAXIMUM_IDENTIFIER_LENGTH_U32: u32 = MAXIMUM_IDENTIFIER_LENGTH as u32;
+
+	/// Separator between asset namespace and asset reference.
+	const NAMESPACE_REFERENCE_SEPARATOR: u8 = b':';
+	/// Separator between asset reference and asset identifier.
+	const REFERENCE_IDENTIFIER_SEPARATOR: u8 = b':';
+
+	/// Namespace for Slip44 assets.
+	pub const SLIP44_NAMESPACE: &[u8] = b"slip44";
+	/// Namespace for Erc20 assets.
+	pub const ERC20_NAMESPACE: &[u8] = b"erc20";
+	/// Namespace for Erc721 assets.
+	pub const ERC721_NAMESPACE: &[u8] = b"erc721";
+	/// Namespace for Erc1155 assets.
+	pub const ERC1155_NAMESPACE: &[u8] = b"erc1155";
+
+	// TODO: Add link to the Asset DID spec once merged.
+
+	/// The Asset ID component as specified in the Asset DID specification.
+	#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug, Encode, Decode, MaxEncodedLen, TypeInfo)]
+	pub enum AssetId {
+		// A SLIP44 asset reference.
+		Slip44(Slip44Reference),
+		// An ERC20 asset reference.
+		Erc20(EvmSmartContractFungibleReference),
+		// An ERC721 asset reference.
+		Erc721(EvmSmartContractNonFungibleReference),
+		// An ERC1155 asset reference.
+		Erc1155(EvmSmartContractNonFungibleReference),
+		// A generic asset.
+		Generic(GenericAssetId),
+	}
+
+	impl From<Slip44Reference> for AssetId {
+		fn from(reference: Slip44Reference) -> Self {
+			Self::Slip44(reference)
+		}
+	}
+
+	impl From<EvmSmartContractFungibleReference> for AssetId {
+		fn from(reference: EvmSmartContractFungibleReference) -> Self {
+			Self::Erc20(reference)
+		}
+	}
+
+	impl AssetId {
+		/// Try to parse an `AssetId` instance from the provided UTF8-encoded
+		/// input.
+		pub fn from_utf8_encoded<I>(input: I) -> Result<Self, Error>
+		where
+			I: AsRef<[u8]> + Into<Vec<u8>>,
+		{
+			let input = input.as_ref();
+			let input_length = input.len();
+			if !(MINIMUM_ASSET_ID_LENGTH..=MAXIMUM_ASSET_ID_LENGTH).contains(&input_length) {
+				log::trace!(
+					"Length of provided input {} is not included in the inclusive range [{},{}]",
+					input_length,
+					MINIMUM_ASSET_ID_LENGTH,
+					MAXIMUM_ASSET_ID_LENGTH
+				);
+				return Err(Error::InvalidFormat);
+			}
+
+			let AssetComponents {
+				namespace,
+				reference,
+				identifier,
+			} = split_components(input);
+
+			match (namespace, reference, identifier) {
+				// "slip44:" assets -> https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-20.md
+				(Some(SLIP44_NAMESPACE), _, Some(_)) => {
+					log::trace!("Slip44 namespace does not accept an asset identifier.");
+					Err(Error::InvalidFormat)
+				}
+				(Some(SLIP44_NAMESPACE), Some(slip44_reference), None) => {
+					Slip44Reference::from_utf8_encoded(slip44_reference).map(Self::Slip44)
+				}
+				// "erc20:" assets -> https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-21.md
+				(Some(ERC20_NAMESPACE), _, Some(_)) => {
+					log::trace!("Erc20 namespace does not accept an asset identifier.");
+					Err(Error::InvalidFormat)
+				}
+				(Some(ERC20_NAMESPACE), Some(erc20_reference), None) => {
+					EvmSmartContractFungibleReference::from_utf8_encoded(erc20_reference).map(Self::Erc20)
+				}
+				// "erc721:" assets -> https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-22.md
+				(Some(ERC721_NAMESPACE), Some(erc721_reference), identifier) => {
+					let reference = EvmSmartContractFungibleReference::from_utf8_encoded(erc721_reference)?;
+					let identifier = identifier.map_or(Ok(None), |id| {
+						EvmSmartContractNonFungibleIdentifier::from_utf8_encoded(id).map(Some)
+					})?;
+					Ok(Self::Erc721(EvmSmartContractNonFungibleReference(
+						reference, identifier,
+					)))
+				}
+				// "erc1155:" assets-> https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-29.md
+				(Some(ERC1155_NAMESPACE), Some(erc1155_reference), identifier) => {
+					let reference = EvmSmartContractFungibleReference::from_utf8_encoded(erc1155_reference)?;
+					let identifier = identifier.map_or(Ok(None), |id| {
+						EvmSmartContractNonFungibleIdentifier::from_utf8_encoded(id).map(Some)
+					})?;
+					Ok(Self::Erc1155(EvmSmartContractNonFungibleReference(
+						reference, identifier,
+					)))
+				}
+				// Generic yet valid asset IDs
+				_ => GenericAssetId::from_utf8_encoded(input).map(Self::Generic),
+			}
+		}
+	}
+
+	impl Display for AssetId {
+		fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
+			match self {
+				Self::Slip44(reference) => {
+					write!(
+						f,
+						"{}",
+						str::from_utf8(SLIP44_NAMESPACE)
+							.expect("Conversion of Slip44 namespace to string should never fail.")
+					)?;
+					write!(f, "{}", char::from(NAMESPACE_REFERENCE_SEPARATOR))?;
+					reference.fmt(f)?;
+				}
+				Self::Erc20(reference) => {
+					write!(
+						f,
+						"{}",
+						str::from_utf8(ERC20_NAMESPACE)
+							.expect("Conversion of Erc20 namespace to string should never fail.")
+					)?;
+					write!(f, "{}", char::from(NAMESPACE_REFERENCE_SEPARATOR))?;
+					reference.fmt(f)?;
+				}
+				Self::Erc721(EvmSmartContractNonFungibleReference(reference, identifier)) => {
+					write!(
+						f,
+						"{}",
+						str::from_utf8(ERC721_NAMESPACE)
+							.expect("Conversion of Erc721 namespace to string should never fail.")
+					)?;
+					write!(f, "{}", char::from(NAMESPACE_REFERENCE_SEPARATOR))?;
+					reference.fmt(f)?;
+					if let Some(id) = identifier {
+						write!(f, "{}", char::from(REFERENCE_IDENTIFIER_SEPARATOR))?;
+						id.fmt(f)?;
+					}
+				}
+				Self::Erc1155(EvmSmartContractNonFungibleReference(reference, identifier)) => {
+					write!(
+						f,
+						"{}",
+						str::from_utf8(ERC1155_NAMESPACE)
+							.expect("Conversion of Erc1155 namespace to string should never fail.")
+					)?;
+					write!(f, "{}", char::from(NAMESPACE_REFERENCE_SEPARATOR))?;
+					reference.fmt(f)?;
+					if let Some(id) = identifier {
+						write!(f, "{}", char::from(REFERENCE_IDENTIFIER_SEPARATOR))?;
+						id.fmt(f)?;
+					}
+				}
+				Self::Generic(GenericAssetId {
+					namespace,
+					reference,
+					id,
+				}) => {
+					namespace.fmt(f)?;
+					write!(f, "{}", char::from(NAMESPACE_REFERENCE_SEPARATOR))?;
+					reference.fmt(f)?;
+					if let Some(identifier) = id {
+						write!(f, "{}", char::from(REFERENCE_IDENTIFIER_SEPARATOR))?;
+						identifier.fmt(f)?;
+					}
+				}
+			}
+			Ok(())
+		}
+	}
+
+	const fn check_namespace_length_bounds(namespace: &[u8]) -> Result<(), NamespaceError> {
+		let namespace_length = namespace.len();
+		if namespace_length < MINIMUM_NAMESPACE_LENGTH {
+			Err(NamespaceError::TooShort)
+		} else if namespace_length > MAXIMUM_NAMESPACE_LENGTH {
+			Err(NamespaceError::TooLong)
+		} else {
+			Ok(())
+		}
+	}
+
+	const fn check_reference_length_bounds(reference: &[u8]) -> Result<(), ReferenceError> {
+		let reference_length = reference.len();
+		if reference_length < MINIMUM_REFERENCE_LENGTH {
+			Err(ReferenceError::TooShort)
+		} else if reference_length > MAXIMUM_REFERENCE_LENGTH {
+			Err(ReferenceError::TooLong)
+		} else {
+			Ok(())
+		}
+	}
+
+	const fn check_identifier_length_bounds(identifier: &[u8]) -> Result<(), IdentifierError> {
+		let identifier_length = identifier.len();
+		if identifier_length < MINIMUM_IDENTIFIER_LENGTH {
+			Err(IdentifierError::TooShort)
+		} else if identifier_length > MAXIMUM_IDENTIFIER_LENGTH {
+			Err(IdentifierError::TooLong)
+		} else {
+			Ok(())
+		}
+	}
+
+	/// Split the given input into its components, i.e., namespace, reference,
+	/// and identifier, if the proper separators are found.
+	fn split_components(input: &[u8]) -> AssetComponents {
+		let mut split = input.splitn(2, |c| *c == NAMESPACE_REFERENCE_SEPARATOR);
+		let (namespace, reference) = (split.next(), split.next());
+
+		// Split the remaining reference to extract the identifier, if present
+		let (reference, identifier) = if let Some(r) = reference {
+			let mut split = r.splitn(2, |c| *c == REFERENCE_IDENTIFIER_SEPARATOR);
+			// Split the reference further, if present
+			(split.next(), split.next())
+		} else {
+			// Return the old reference, which is None if we are at this point
+			(reference, None)
+		};
+
+		AssetComponents {
+			namespace,
+			reference,
+			identifier,
+		}
+	}
+
+	struct AssetComponents<'a> {
+		namespace: Option<&'a [u8]>,
+		reference: Option<&'a [u8]>,
+		identifier: Option<&'a [u8]>,
+	}
+
+	/// A Slip44 asset reference.
+	/// It is a modification of the [CAIP-20 spec](https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-20.md)
+	/// according to the rules defined in the Asset DID method specification.
+	#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug, Encode, Decode, MaxEncodedLen, TypeInfo)]
+	pub struct Slip44Reference(pub(crate) U256);
+
+	impl Slip44Reference {
+		/// Parse a UTF8-encoded decimal Slip44 asset reference, failing if the
+		/// input string is not valid.
+		pub(crate) fn from_utf8_encoded<I>(input: I) -> Result<Self, Error>
+		where
+			I: AsRef<[u8]> + Into<Vec<u8>>,
+		{
+			let input = input.as_ref();
+			check_reference_length_bounds(input)?;
+
+			let decoded = str::from_utf8(input).map_err(|_| {
+				log::trace!("Provided input is not a valid UTF8 string as expected by a Slip44 reference.");
+				ReferenceError::InvalidFormat
+			})?;
+			let parsed = U256::from_dec_str(decoded).map_err(|_| {
+				log::trace!("Provided input is not a valid u256 value as expected by a Slip44 reference.");
+				ReferenceError::InvalidFormat
+			})?;
+			// Unchecked since we already checked for maximum length and hence maximum value
+			Ok(Self(parsed))
+		}
+	}
+
+	impl TryFrom<U256> for Slip44Reference {
+		type Error = Error;
+
+		fn try_from(value: U256) -> Result<Self, Self::Error> {
+			// Max value for 64-digit decimal values (used for Slip44 references so far).
+			// TODO: This could be enforced at compilation time once constraints on generics
+			// will be available.
+			// https://rust-lang.github.io/rfcs/2000-const-generics.html
+			if value
+				<= U256::from_str_radix("9999999999999999999999999999999999999999999999999999999999999999", 10)
+					.expect("Casting the maximum value for a Slip44 reference into a U256 should never fail.")
+			{
+				Ok(Self(value))
+			} else {
+				Err(ReferenceError::TooLong.into())
+			}
+		}
+	}
+
+	impl From<u128> for Slip44Reference {
+		fn from(value: u128) -> Self {
+			Self(value.into())
+		}
+	}
+
+	// Getters
+	impl Slip44Reference {
+		pub fn inner(&self) -> &U256 {
+			&self.0
+		}
+	}
+
+	impl Display for Slip44Reference {
+		fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
+			write!(f, "{}", self.0)
+		}
+	}
+
+	/// An asset reference that is identifiable only by an EVM smart contract
+	/// (e.g., a fungible token). It is a modification of the [CAIP-21 spec](https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-21.md)
+	/// according to the rules defined in the Asset DID method specification.
+	#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug, Encode, Decode, MaxEncodedLen, TypeInfo)]
+	pub struct EvmSmartContractFungibleReference(pub(crate) [u8; 20]);
+
+	impl EvmSmartContractFungibleReference {
+		/// Parse a UTF8-encoded smart contract HEX address (including the `0x`
+		/// prefix), failing if the input string is not valid.
+		pub(crate) fn from_utf8_encoded<I>(input: I) -> Result<Self, Error>
+		where
+			I: AsRef<[u8]> + Into<Vec<u8>>,
+		{
+			let input = input.as_ref();
+			// If the prefix is "0x" => parse the address
+			if let [b'0', b'x', contract_address @ ..] = input {
+				check_reference_length_bounds(contract_address)?;
+
+				let decoded = hex::decode(contract_address).map_err(|_| {
+					log::trace!("Provided input is not a valid hex value as expected by a smart contract reference.");
+					ReferenceError::InvalidFormat
+				})?;
+				let inner: [u8; 20] = decoded.try_into().map_err(|_| {
+					log::trace!("Provided input is not 20 bytes long as expected by a smart contract reference.");
+					ReferenceError::InvalidFormat
+				})?;
+				Ok(Self(inner))
+			// Otherwise fail
+			} else {
+				log::trace!("Provided input does not have the `0x` prefix as expected by a smart contract reference.");
+				Err(ReferenceError::InvalidFormat.into())
+			}
+		}
+	}
+
+	// Getters
+	impl EvmSmartContractFungibleReference {
+		pub fn inner(&self) -> &[u8] {
+			&self.0
+		}
+	}
+
+	impl Display for EvmSmartContractFungibleReference {
+		fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
+			write!(f, "0x{}", hex::encode(self.0))
+		}
+	}
+
+	/// An asset reference that is identifiable by an EVM smart contract and an
+	/// optional identifier (e.g., an NFT collection or instance thereof). It is
+	/// a modification of the [CAIP-22 spec](https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-22.md) and
+	/// [CAIP-29 spec](https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-29.md)
+	/// according to the rules defined in the Asset DID method specification.
+	#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug, Encode, Decode, MaxEncodedLen, TypeInfo)]
+	pub struct EvmSmartContractNonFungibleReference(
+		pub(crate) EvmSmartContractFungibleReference,
+		pub(crate) Option<EvmSmartContractNonFungibleIdentifier>,
+	);
+
+	// Getters
+	impl EvmSmartContractNonFungibleReference {
+		pub fn smart_contract(&self) -> &EvmSmartContractFungibleReference {
+			&self.0
+		}
+
+		pub fn identifier(&self) -> &Option<EvmSmartContractNonFungibleIdentifier> {
+			&self.1
+		}
+	}
+
+	/// An asset identifier for an EVM smart contract collection (e.g., an NFT
+	/// instance).
+	/// Since the identifier can be up to 78 characters long of an unknown
+	/// alphabet, this type simply contains the UTF-8 encoding of such an
+	/// identifier without applying any special parsing/decoding logic.
+	#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug, Encode, Decode, MaxEncodedLen, TypeInfo)]
+	pub struct EvmSmartContractNonFungibleIdentifier(
+		pub(crate) BoundedVec<u8, ConstU32<MAXIMUM_IDENTIFIER_LENGTH_U32>>,
+	);
+
+	impl EvmSmartContractNonFungibleIdentifier {
+		/// Parse a UTF8-encoded smart contract asset identifier, failing if the
+		/// input string is not valid.
+		pub(crate) fn from_utf8_encoded<I>(input: I) -> Result<Self, Error>
+		where
+			I: AsRef<[u8]> + Into<Vec<u8>>,
+		{
+			let input = input.as_ref();
+			check_identifier_length_bounds(input)?;
+
+			input.iter().try_for_each(|c| {
+				if !(b'0'..=b'9').contains(c) {
+					log::trace!("Provided input has some invalid values as expected by a smart contract-based asset identifier.");
+					Err(IdentifierError::InvalidFormat)
+				} else {
+					Ok(())
+				}
+			})?;
+
+			Ok(Self(
+				Vec::<u8>::from(input)
+					.try_into()
+					.map_err(|_| IdentifierError::InvalidFormat)?,
+			))
+		}
+	}
+
+	// Getters
+	impl EvmSmartContractNonFungibleIdentifier {
+		pub fn inner(&self) -> &[u8] {
+			&self.0
+		}
+	}
+
+	impl Display for EvmSmartContractNonFungibleIdentifier {
+		fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
+			// We checked when the type is created that all characters are valid digits.
+			write!(
+				f,
+				"{}",
+				str::from_utf8(&self.0)
+					.expect("Conversion of EvmSmartContractNonFungibleIdentifier to string should never fail.")
+			)
+		}
+	}
+
+	/// A generic asset ID compliant with the [CAIP-19 spec](https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-19.md) that cannot be boxed in any of the supported variants.
+	#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug, Encode, Decode, MaxEncodedLen, TypeInfo)]
+	pub struct GenericAssetId {
+		pub(crate) namespace: GenericAssetNamespace,
+		pub(crate) reference: GenericAssetReference,
+		pub(crate) id: Option<GenericAssetIdentifier>,
+	}
+
+	impl GenericAssetId {
+		/// Parse a generic UTF8-encoded asset ID, failing if the input does not
+		/// respect the CAIP-19 requirements.
+		pub(crate) fn from_utf8_encoded<I>(input: I) -> Result<Self, Error>
+		where
+			I: AsRef<[u8]> + Into<Vec<u8>>,
+		{
+			let AssetComponents {
+				namespace,
+				reference,
+				identifier,
+			} = split_components(input.as_ref());
+
+			match (namespace, reference, identifier) {
+				(Some(namespace), Some(reference), identifier) => Ok(Self {
+					namespace: GenericAssetNamespace::from_utf8_encoded(namespace)?,
+					reference: GenericAssetReference::from_utf8_encoded(reference)?,
+					// Transform Option<Result> to Result<Option> and bubble Err case up, keeping Ok(Option) for
+					// successful cases.
+					id: identifier.map_or(Ok(None), |id| GenericAssetIdentifier::from_utf8_encoded(id).map(Some))?,
+				}),
+				_ => Err(Error::InvalidFormat),
+			}
+		}
+	}
+
+	// Getters
+	impl GenericAssetId {
+		pub fn namespace(&self) -> &GenericAssetNamespace {
+			&self.namespace
+		}
+		pub fn reference(&self) -> &GenericAssetReference {
+			&self.reference
+		}
+		pub fn id(&self) -> &Option<GenericAssetIdentifier> {
+			&self.id
+		}
+	}
+
+	/// A generic asset namespace as defined in the [CAIP-19 spec](https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-19.md).
+	/// It stores the provided UTF8-encoded namespace without trying to apply
+	/// any parsing/decoding logic.
+	#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug, Encode, Decode, MaxEncodedLen, TypeInfo)]
+	pub struct GenericAssetNamespace(pub(crate) BoundedVec<u8, ConstU32<MAXIMUM_NAMESPACE_LENGTH_U32>>);
+
+	impl GenericAssetNamespace {
+		/// Parse a generic UTF8-encoded asset namespace, failing if the input
+		/// does not respect the CAIP-19 requirements.
+		pub(crate) fn from_utf8_encoded<I>(input: I) -> Result<Self, Error>
+		where
+			I: AsRef<[u8]> + Into<Vec<u8>>,
+		{
+			let input = input.as_ref();
+			check_namespace_length_bounds(input)?;
+
+			input.iter().try_for_each(|c| {
+				if !matches!(c, b'-' | b'a'..=b'z' | b'0'..=b'9') {
+					log::trace!("Provided input has some invalid values as expected by a generic asset namespace.");
+					Err(NamespaceError::InvalidFormat)
+				} else {
+					Ok(())
+				}
+			})?;
+			Ok(Self(
+				Vec::<u8>::from(input)
+					.try_into()
+					.map_err(|_| NamespaceError::InvalidFormat)?,
+			))
+		}
+	}
+
+	// Getters
+	impl GenericAssetNamespace {
+		pub fn inner(&self) -> &[u8] {
+			&self.0
+		}
+	}
+
+	impl Display for GenericAssetNamespace {
+		fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
+			// We checked when the type is created that all characters are valid UTF8
+			// (actually ASCII) characters.
+			write!(
+				f,
+				"{}",
+				str::from_utf8(&self.0).expect("Conversion of GenericAssetNamespace to string should never fail.")
+			)
+		}
+	}
+
+	/// A generic asset reference as defined in the [CAIP-19 spec](https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-19.md).
+	#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug, Encode, Decode, MaxEncodedLen, TypeInfo)]
+	pub struct GenericAssetReference(pub(crate) BoundedVec<u8, ConstU32<MAXIMUM_REFERENCE_LENGTH_U32>>);
+
+	impl GenericAssetReference {
+		/// Parse a generic UTF8-encoded asset reference, failing if the input
+		/// does not respect the CAIP-19 requirements.
+		pub(crate) fn from_utf8_encoded<I>(input: I) -> Result<Self, Error>
+		where
+			I: AsRef<[u8]> + Into<Vec<u8>>,
+		{
+			let input = input.as_ref();
+			check_reference_length_bounds(input)?;
+
+			input.iter().try_for_each(|c| {
+				if !matches!(c, b'-' | b'a'..=b'z' | b'A'..=b'Z' | b'0'..=b'9') {
+					log::trace!("Provided input has some invalid values as expected by a generic asset reference.");
+					Err(ReferenceError::InvalidFormat)
+				} else {
+					Ok(())
+				}
+			})?;
+			Ok(Self(
+				Vec::<u8>::from(input)
+					.try_into()
+					.map_err(|_| ReferenceError::InvalidFormat)?,
+			))
+		}
+	}
+
+	// Getters
+	impl GenericAssetReference {
+		pub fn inner(&self) -> &[u8] {
+			&self.0
+		}
+	}
+
+	impl Display for GenericAssetReference {
+		fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
+			// We checked when the type is created that all characters are valid UTF8
+			// (actually ASCII) characters.
+			write!(
+				f,
+				"{}",
+				str::from_utf8(&self.0).expect("Conversion of GenericAssetReference to string should never fail.")
+			)
+		}
+	}
+
+	/// A generic asset identifier as defined in the [CAIP-19 spec](https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-19.md).
+	#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug, Encode, Decode, MaxEncodedLen, TypeInfo)]
+	pub struct GenericAssetIdentifier(pub(crate) BoundedVec<u8, ConstU32<MAXIMUM_IDENTIFIER_LENGTH_U32>>);
+
+	impl GenericAssetIdentifier {
+		/// Parse a generic UTF8-encoded asset identifier, failing if the input
+		/// does not respect the CAIP-19 requirements.
+		pub(crate) fn from_utf8_encoded<I>(input: I) -> Result<Self, Error>
+		where
+			I: AsRef<[u8]> + Into<Vec<u8>>,
+		{
+			let input = input.as_ref();
+			check_identifier_length_bounds(input)?;
+
+			input.iter().try_for_each(|c| {
+				if !matches!(c, b'-' | b'a'..=b'z' | b'A'..=b'Z' | b'0'..=b'9') {
+					log::trace!("Provided input has some invalid values as expected by a generic asset identifier.");
+					Err(IdentifierError::InvalidFormat)
+				} else {
+					Ok(())
+				}
+			})?;
+			Ok(Self(
+				Vec::<u8>::from(input)
+					.try_into()
+					.map_err(|_| IdentifierError::InvalidFormat)?,
+			))
+		}
+	}
+
+	// Getters
+	impl GenericAssetIdentifier {
+		pub fn inner(&self) -> &[u8] {
+			&self.0
+		}
+	}
+
+	impl Display for GenericAssetIdentifier {
+		fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
+			// We checked when the type is created that all characters are valid UTF8
+			// (actually ASCII) characters.
+			write!(
+				f,
+				"{}",
+				str::from_utf8(&self.0).expect("Conversion of GenericAssetIdentifier to string should never fail.")
+			)
+		}
+	}
+
+	#[cfg(test)]
+	mod test {
+		use super::*;
+
+		#[test]
+		fn test_slip44_assets() {
+			let valid_assets = [
+				"slip44:60",
+				"slip44:0",
+				"slip44:2",
+				"slip44:714",
+				"slip44:234",
+				"slip44:134",
+				"slip44:0",
+				"slip44:9999999999999999999999999999999999999999999999999999999999999999",
+			];
+
+			for asset in valid_assets {
+				let asset_id = AssetId::from_utf8_encoded(asset.as_bytes())
+					.unwrap_or_else(|_| panic!("Asset ID {:?} should not fail to parse for slip44 assets", asset));
+				// Verify that the ToString implementation prints exactly the original input
+				assert_eq!(asset_id.to_string(), asset);
+			}
+
+			let invalid_assets = [
+				// Too short
+				"",
+				"s",
+				"sl",
+				"sli",
+				"slip",
+				"slip4",
+				"slip44",
+				"slip44:",
+				// Not a number
+				"slip44:a",
+				"slip44::",
+				"slip44:›",
+				"slip44:😁",
+				// Max chars + 1
+				"slip44:99999999999999999999999999999999999999999999999999999999999999999",
+			];
+			for asset in invalid_assets {
+				assert!(
+					AssetId::from_utf8_encoded(asset.as_bytes()).is_err(),
+					"Asset ID {:?} should fail to parse for slip44 assets",
+					asset
+				);
+			}
+		}
+
+		#[test]
+		fn test_erc20_assets() {
+			let valid_assets = [
+				"erc20:0x6b175474e89094c44da98b954eedeac495271d0f",
+				"erc20:0x8f8221AFBB33998D8584A2B05749BA73C37A938A",
+			];
+
+			for asset in valid_assets {
+				let asset_id = AssetId::from_utf8_encoded(asset.as_bytes())
+					.unwrap_or_else(|_| panic!("Asset ID {:?} should not fail to parse for erc20 assets", asset));
+				// Verify that the ToString implementation prints exactly the original input
+				assert_eq!(asset_id.to_string(), asset.to_lowercase());
+			}
+
+			let invalid_assets = [
+				// Too short
+				"",
+				"e",
+				"er",
+				"erc",
+				"erc2",
+				"erc20",
+				"erc20:",
+				// Not valid HEX characters
+				"erc20::",
+				"erc20:›",
+				"erc20:😁",
+				// Max chars - 2
+				"erc20:0x8f8221AFBB33998D8584A2B05749BA73C37A93",
+				// Max chars - 1
+				"erc20:0x8f8221AFBB33998D8584A2B05749BA73C37A938",
+				// Max chars + 1
+				"erc20:0x8f8221AFBB33998D8584A2B05749BA73C37A938A1",
+				// Asset ID (not supported for erc20 standard)
+				"erc20:0x8f8221AFBB33998D8584A2B05749BA73C37A938A1:1",
+				// Smart contract without leading `0x`
+				"erc20:8f8221AFBB33998D8584A2B05749BA73C37A938A1",
+			];
+			for asset in invalid_assets {
+				assert!(
+					AssetId::from_utf8_encoded(asset.as_bytes()).is_err(),
+					"Asset ID {:?} should fail to parse for erc20 assets",
+					asset
+				);
+			}
+		}
+
+		#[test]
+		fn test_erc721_assets() {
+			let valid_assets = [
+			"erc721:0x6b175474e89094c44da98b954eedeac495271d0f",
+			"erc721:0x8f8221AFBB33998D8584A2B05749BA73C37A938A",
+			"erc721:0x8f8221AFBB33998D8584A2B05749BA73C37A938A:0",
+			"erc721:0x8f8221AFBB33998D8584A2B05749BA73C37A938A:999999999999999999999999999999999999999999999999999999999999999999999999",
+		];
+
+			for asset in valid_assets {
+				let asset_id = AssetId::from_utf8_encoded(asset.as_bytes())
+					.unwrap_or_else(|_| panic!("Asset ID {:?} should not fail to parse for erc721 assets", asset));
+				// Verify that the ToString implementation prints exactly the original input
+				assert_eq!(asset_id.to_string(), asset.to_lowercase());
+			}
+
+			let invalid_assets = [
+			// Too short
+			"",
+			"e",
+			"er",
+			"erc",
+			"erc7",
+			"erc72",
+			"erc721",
+			"erc721:",
+			// Not valid HEX characters
+			"erc721::",
+			"erc721:›",
+			"erc721:😁",
+			// Max chars - 2
+			"erc721:0x8f8221AFBB33998D8584A2B05749BA73C37A93",
+			// Max chars - 1
+			"erc721:0x8f8221AFBB33998D8584A2B05749BA73C37A938",
+			// Max chars + 1
+			"erc721:0x8f8221AFBB33998D8584A2B05749BA73C37A938A1",
+			// Wrong asset IDs
+			"erc721:0x8f8221AFBB33998D8584A2B05749BA73C37A938A1:",
+			"erc721:0x8f8221AFBB33998D8584A2B05749BA73C37A938A1:a",
+			"erc721:0x8f8221AFBB33998D8584A2B05749BA73C37A938A1:9999999999999999999999999999999999999999999999999999999999999999999999999",
+			"erc721:0x8f8221AFBB33998D8584A2B05749BA73C37A938A1:‹",
+			"erc721:0x8f8221AFBB33998D8584A2B05749BA73C37A938A1:😁",
+			// Smart contract without leading `0x`
+			"erc721:8f8221AFBB33998D8584A2B05749BA73C37A938A1",
+		];
+			for asset in invalid_assets {
+				assert!(
+					AssetId::from_utf8_encoded(asset.as_bytes()).is_err(),
+					"Asset ID {:?} should fail to parse for erc721 assets",
+					asset
+				);
+			}
+		}
+
+		#[test]
+		fn test_erc1155_assets() {
+			let valid_assets = [
+			"erc1155:0x6b175474e89094c44da98b954eedeac495271d0f",
+			"erc1155:0x8f8221AFBB33998D8584A2B05749BA73C37A938A",
+			"erc1155:0x8f8221AFBB33998D8584A2B05749BA73C37A938A:0",
+			"erc1155:0x8f8221AFBB33998D8584A2B05749BA73C37A938A:999999999999999999999999999999999999999999999999999999999999999999999999",
+		];
+
+			for asset in valid_assets {
+				let asset_id = AssetId::from_utf8_encoded(asset.as_bytes())
+					.unwrap_or_else(|_| panic!("Asset ID {:?} should not fail to parse for erc1155 assets", asset));
+				// Verify that the ToString implementation prints exactly the original input
+				assert_eq!(asset_id.to_string(), asset.to_lowercase());
+			}
+
+			let invalid_assets = [
+			// Too short
+			"",
+			"e",
+			"er",
+			"erc",
+			"erc1",
+			"erc11",
+			"erc115",
+			"erc1155",
+			"erc1155:",
+			// Not valid HEX characters
+			"erc1155::",
+			"erc1155:›",
+			"erc1155:😁",
+			// Max chars - 2
+			"erc1155:0x8f8221AFBB33998D8584A2B05749BA73C37A93",
+			// Max chars - 1
+			"erc1155:0x8f8221AFBB33998D8584A2B05749BA73C37A938",
+			// Max chars + 1
+			"erc1155:0x8f8221AFBB33998D8584A2B05749BA73C37A938A1",
+			// Wrong asset IDs
+			"erc1155:0x8f8221AFBB33998D8584A2B05749BA73C37A938A1:",
+			"erc1155:0x8f8221AFBB33998D8584A2B05749BA73C37A938A1:a",
+			"erc1155:0x8f8221AFBB33998D8584A2B05749BA73C37A938A1:9999999999999999999999999999999999999999999999999999999999999999999999999",
+			"erc1155:0x8f8221AFBB33998D8584A2B05749BA73C37A938A1:‹",
+			"erc1155:0x8f8221AFBB33998D8584A2B05749BA73C37A938A1:😁",
+			// Smart contract without leading `0x`
+			"erc721:8f8221AFBB33998D8584A2B05749BA73C37A938A1",
+		];
+			for asset in invalid_assets {
+				assert!(
+					AssetId::from_utf8_encoded(asset.as_bytes()).is_err(),
+					"Asset ID {:?} should fail to parse for erc1155 assets",
+					asset
+				);
+			}
+		}
+
+		#[test]
+		fn test_generic_assets() {
+			let valid_assets = [
+			"123:a",
+			"12345678:-abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-",
+			"12345678:-abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-:-abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ012345678901234567890123-",
+			"para:411f057b9107718c9624d6aa4a3f23c1",
+			"para:kilt-spiritnet",
+			"w3n:john-doe",
+		];
+
+			for asset in valid_assets {
+				let asset_id = AssetId::from_utf8_encoded(asset.as_bytes())
+					.unwrap_or_else(|_| panic!("Asset ID {:?} should not fail to parse for generic assets", asset));
+				// Verify that the ToString implementation prints exactly the original input
+				assert_eq!(asset_id.to_string(), asset);
+			}
+
+			let invalid_assets = [
+				// Too short
+				"",
+				"a",
+				"as",
+				"as:",
+				"‹",
+				"‹:",
+				"asd:",
+				":",
+				"::",
+				":::",
+				"::::",
+				"valid:valid:",
+				// Too long
+				"too-loong:valid",
+				"valid:too-loooooooooooooooooooooooooooooooooooooooooooooooooooooooooong",
+				"valid:valid:too-loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong",
+				// Wrong characters
+				"no-val!d:valid",
+				"valid:no-val!d",
+				"valid:valid:no-val!d",
+			];
+			for asset in invalid_assets {
+				assert!(
+					AssetId::from_utf8_encoded(asset.as_bytes()).is_err(),
+					"Asset ID {:?} should fail to parse for generic assets",
+					asset
+				);
+			}
+		}
+	}
+}
diff --git a/crates/assets/src/chain.rs b/crates/assets/src/chain.rs
new file mode 100644
index 0000000000..7f081ee185
--- /dev/null
+++ b/crates/assets/src/chain.rs
@@ -0,0 +1,900 @@
+// KILT Blockchain – https://botlabs.org
+// Copyright (C) 2019-2022 BOTLabs GmbH
+
+// The KILT Blockchain is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// The KILT Blockchain is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+// If you feel like getting in touch with us, you can do so at info@botlabs.org
+
+// Exported types. This will always only re-export the latest version by
+// default.
+pub use v1::*;
+
+mod v1 {
+	use crate::errors::chain::{Error, NamespaceError, ReferenceError};
+
+	use base58::{FromBase58, ToBase58};
+	use hex_literal::hex;
+
+	use core::str;
+
+	use codec::{Decode, Encode, MaxEncodedLen};
+	use scale_info::TypeInfo;
+
+	use frame_support::{sp_runtime::RuntimeDebug, traits::ConstU32, BoundedVec};
+	use sp_std::{fmt::Display, vec, vec::Vec};
+
+	/// The minimum length, including separator symbols, a chain ID can have
+	/// according to the minimum values defined by the CAIP-2 definition.
+	pub const MINIMUM_CHAIN_ID_LENGTH: usize = MINIMUM_NAMESPACE_LENGTH + 1 + MINIMUM_REFERENCE_LENGTH;
+	/// The maximum length, including separator symbols, a chain ID can have
+	/// according to the minimum values defined by the CAIP-2 definition.
+	pub const MAXIMUM_CHAIN_ID_LENGTH: usize = MAXIMUM_NAMESPACE_LENGTH + 1 + MAXIMUM_REFERENCE_LENGTH;
+
+	/// The minimum length of a valid chain ID namespace.
+	pub const MINIMUM_NAMESPACE_LENGTH: usize = 3;
+	/// The maximum length of a valid chain ID namespace.
+	pub const MAXIMUM_NAMESPACE_LENGTH: usize = 8;
+	const MAXIMUM_NAMESPACE_LENGTH_U32: u32 = MAXIMUM_NAMESPACE_LENGTH as u32;
+	/// The minimum length of a valid chain ID reference.
+	pub const MINIMUM_REFERENCE_LENGTH: usize = 1;
+	/// The maximum length of a valid chain ID reference.
+	pub const MAXIMUM_REFERENCE_LENGTH: usize = 32;
+	const MAXIMUM_REFERENCE_LENGTH_U32: u32 = MAXIMUM_REFERENCE_LENGTH as u32;
+
+	/// Separator between chain namespace and chain reference.
+	const NAMESPACE_REFERENCE_SEPARATOR: u8 = b':';
+	/// Namespace for Eip155 chains.
+	pub const EIP155_NAMESPACE: &[u8] = b"eip155";
+	/// Namespace for Bip122 chains.
+	pub const BIP122_NAMESPACE: &[u8] = b"bip122";
+	/// Namespace for Dotsama chains.
+	pub const DOTSAMA_NAMESPACE: &[u8] = b"polkadot";
+	/// Namespace for Solana chains.
+	pub const SOLANA_NAMESPACE: &[u8] = b"solana";
+
+	// TODO: Add link to the Asset DID spec once merged.
+
+	/// The Chain ID component as specified in the Asset DID specification.
+	#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug, Encode, Decode, MaxEncodedLen, TypeInfo)]
+	pub enum ChainId {
+		// An EIP155 chain reference.
+		Eip155(Eip155Reference),
+		// A BIP122 chain reference.
+		Bip122(GenesisHexHash32Reference),
+		// A Dotsama chain reference.
+		Dotsama(GenesisHexHash32Reference),
+		// A Solana chain reference.
+		Solana(GenesisBase58Hash32Reference),
+		// A generic chain.
+		Generic(GenericChainId),
+	}
+
+	impl From<Eip155Reference> for ChainId {
+		fn from(reference: Eip155Reference) -> Self {
+			Self::Eip155(reference)
+		}
+	}
+
+	impl From<GenesisBase58Hash32Reference> for ChainId {
+		fn from(reference: GenesisBase58Hash32Reference) -> Self {
+			Self::Solana(reference)
+		}
+	}
+
+	impl From<GenericChainId> for ChainId {
+		fn from(chain_id: GenericChainId) -> Self {
+			Self::Generic(chain_id)
+		}
+	}
+
+	impl ChainId {
+		/// The chain ID for the Ethereum mainnet.
+		pub fn ethereum_mainnet() -> Self {
+			Eip155Reference::ethereum_mainnet().into()
+		}
+
+		/// The chain ID for the Moonriver EVM parachain.
+		pub fn moonriver_eth() -> Self {
+			// Info taken from https://chainlist.org/
+			Eip155Reference::moonriver_eth().into()
+		}
+
+		/// The chain ID for the Moonbeam EVM parachain.
+		pub fn moonbeam_eth() -> Self {
+			// Info taken from https://chainlist.org/
+			Eip155Reference::moonbeam_eth().into()
+		}
+
+		/// The chain ID for the Bitcoin mainnet.
+		pub fn bitcoin_mainnet() -> Self {
+			Self::Bip122(GenesisHexHash32Reference::bitcoin_mainnet())
+		}
+
+		/// The chain ID for the Litecoin mainnet.
+		pub fn litecoin_mainnet() -> Self {
+			Self::Bip122(GenesisHexHash32Reference::litecoin_mainnet())
+		}
+
+		/// The chain ID for the Polkadot relaychain.
+		pub fn polkadot() -> Self {
+			Self::Dotsama(GenesisHexHash32Reference::polkadot())
+		}
+
+		/// The chain ID for the Kusama relaychain.
+		pub fn kusama() -> Self {
+			Self::Dotsama(GenesisHexHash32Reference::kusama())
+		}
+
+		/// The chain ID for the KILT Spiritnet parachain.
+		pub fn kilt_spiritnet() -> Self {
+			Self::Dotsama(GenesisHexHash32Reference::kilt_spiritnet())
+		}
+
+		/// The chain ID for the Solana mainnet.
+		pub fn solana_mainnet() -> Self {
+			GenesisBase58Hash32Reference::solana_mainnet().into()
+		}
+	}
+
+	impl ChainId {
+		/// Try to parse a `ChainId` instance from the provided UTF8-encoded
+		/// input, according to the AssetDID method rules.
+		pub fn from_utf8_encoded<I>(input: I) -> Result<Self, Error>
+		where
+			I: AsRef<[u8]> + Into<Vec<u8>>,
+		{
+			let input = input.as_ref();
+			let input_length = input.len();
+			if !(MINIMUM_CHAIN_ID_LENGTH..=MAXIMUM_CHAIN_ID_LENGTH).contains(&input_length) {
+				log::trace!(
+					"Length of provided input {} is not included in the inclusive range [{},{}]",
+					input_length,
+					MINIMUM_CHAIN_ID_LENGTH,
+					MAXIMUM_CHAIN_ID_LENGTH
+				);
+				return Err(Error::InvalidFormat);
+			}
+
+			let ChainComponents { namespace, reference } = split_components(input);
+
+			match (namespace, reference) {
+				// "eip155:" chains -> https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-3.md
+				(Some(EIP155_NAMESPACE), Some(eip155_reference)) => {
+					Eip155Reference::from_utf8_encoded(eip155_reference).map(Self::Eip155)
+				}
+				// "bip122:" chains -> https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-4.md
+				(Some(BIP122_NAMESPACE), Some(bip122_reference)) => {
+					GenesisHexHash32Reference::from_utf8_encoded(bip122_reference).map(Self::Bip122)
+				}
+				// "polkadot:" chains -> https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-13.md
+				(Some(DOTSAMA_NAMESPACE), Some(dotsama_reference)) => {
+					GenesisHexHash32Reference::from_utf8_encoded(dotsama_reference).map(Self::Dotsama)
+				}
+				// "solana:" chains -> https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-30.md
+				(Some(SOLANA_NAMESPACE), Some(solana_reference)) => {
+					GenesisBase58Hash32Reference::from_utf8_encoded(solana_reference).map(Self::Solana)
+				}
+				// Other chains that are still compatible with the CAIP-2 spec -> https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-2.md
+				_ => GenericChainId::from_utf8_encoded(input).map(Self::Generic),
+			}
+		}
+	}
+
+	impl Display for ChainId {
+		fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
+			match self {
+				Self::Bip122(reference) => {
+					write!(
+						f,
+						"{}",
+						str::from_utf8(BIP122_NAMESPACE)
+							.expect("Conversion of Bip122 namespace to string should never fail.")
+					)?;
+					write!(f, "{}", char::from(NAMESPACE_REFERENCE_SEPARATOR))?;
+					reference.fmt(f)?;
+				}
+				Self::Eip155(reference) => {
+					write!(
+						f,
+						"{}",
+						str::from_utf8(EIP155_NAMESPACE)
+							.expect("Conversion of Eip155 namespace to string should never fail.")
+					)?;
+					write!(f, "{}", char::from(NAMESPACE_REFERENCE_SEPARATOR))?;
+					reference.fmt(f)?;
+				}
+				Self::Dotsama(reference) => {
+					write!(
+						f,
+						"{}",
+						str::from_utf8(DOTSAMA_NAMESPACE)
+							.expect("Conversion of Dotsama namespace to string should never fail.")
+					)?;
+					write!(f, "{}", char::from(NAMESPACE_REFERENCE_SEPARATOR))?;
+					reference.fmt(f)?;
+				}
+				Self::Solana(reference) => {
+					write!(
+						f,
+						"{}",
+						str::from_utf8(SOLANA_NAMESPACE)
+							.expect("Conversion of Solana namespace to string should never fail.")
+					)?;
+					write!(f, "{}", char::from(NAMESPACE_REFERENCE_SEPARATOR))?;
+					reference.fmt(f)?;
+				}
+				Self::Generic(GenericChainId { namespace, reference }) => {
+					namespace.fmt(f)?;
+					write!(f, "{}", char::from(NAMESPACE_REFERENCE_SEPARATOR))?;
+					reference.fmt(f)?;
+				}
+			}
+			Ok(())
+		}
+	}
+
+	const fn check_namespace_length_bounds(namespace: &[u8]) -> Result<(), NamespaceError> {
+		let namespace_length = namespace.len();
+		if namespace_length < MINIMUM_NAMESPACE_LENGTH {
+			Err(NamespaceError::TooShort)
+		} else if namespace_length > MAXIMUM_NAMESPACE_LENGTH {
+			Err(NamespaceError::TooLong)
+		} else {
+			Ok(())
+		}
+	}
+
+	const fn check_reference_length_bounds(reference: &[u8]) -> Result<(), ReferenceError> {
+		let reference_length = reference.len();
+		if reference_length < MINIMUM_REFERENCE_LENGTH {
+			Err(ReferenceError::TooShort)
+		} else if reference_length > MAXIMUM_REFERENCE_LENGTH {
+			Err(ReferenceError::TooLong)
+		} else {
+			Ok(())
+		}
+	}
+
+	/// Split the given input into its components, i.e., namespace, and
+	/// reference, if the proper separator is found.
+	fn split_components(input: &[u8]) -> ChainComponents {
+		let mut split = input.as_ref().splitn(2, |c| *c == NAMESPACE_REFERENCE_SEPARATOR);
+		ChainComponents {
+			namespace: split.next(),
+			reference: split.next(),
+		}
+	}
+
+	struct ChainComponents<'a> {
+		namespace: Option<&'a [u8]>,
+		reference: Option<&'a [u8]>,
+	}
+
+	/// An EIP155 chain reference.
+	/// It is a modification of the [CAIP-3 spec](https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-3.md)
+	/// according to the rules defined in the Asset DID method specification.
+	#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug, Encode, Decode, MaxEncodedLen, TypeInfo)]
+	pub struct Eip155Reference(pub(crate) u128);
+
+	impl Eip155Reference {
+		/// The EIP155 reference for the Ethereum mainnet.
+		pub const fn ethereum_mainnet() -> Self {
+			Self(1)
+		}
+
+		/// The EIP155 reference for the Moonriver parachain.
+		pub const fn moonriver_eth() -> Self {
+			// Info taken from https://chainlist.org/
+			Self(1285)
+		}
+
+		/// The EIP155 reference for the Moonbeam parachain.
+		pub const fn moonbeam_eth() -> Self {
+			// Info taken from https://chainlist.org/
+			Self(1284)
+		}
+	}
+
+	impl Eip155Reference {
+		/// Parse a UTF8-encoded EIP155 chain reference, failing if the input
+		/// string is not valid.
+		pub(crate) fn from_utf8_encoded<I>(input: I) -> Result<Self, Error>
+		where
+			I: AsRef<[u8]> + Into<Vec<u8>>,
+		{
+			let input = input.as_ref();
+			check_reference_length_bounds(input)?;
+
+			let decoded = str::from_utf8(input).map_err(|_| {
+				log::trace!("Provided input is not a valid UTF8 string as expected by an Eip155 reference.");
+				ReferenceError::InvalidFormat
+			})?;
+			let parsed = decoded.parse::<u128>().map_err(|_| {
+				log::trace!("Provided input is not a valid u128 value as expected by an Eip155 reference.");
+				ReferenceError::InvalidFormat
+			})?;
+			// Unchecked since we already checked for maximum length and hence maximum value
+			Ok(Self(parsed))
+		}
+	}
+
+	// Getters
+	impl Eip155Reference {
+		pub fn inner(&self) -> &u128 {
+			&self.0
+		}
+	}
+
+	impl TryFrom<u128> for Eip155Reference {
+		type Error = Error;
+
+		fn try_from(value: u128) -> Result<Self, Self::Error> {
+			// Max value for 32-digit decimal values (used for EIP chains so far).
+			// TODO: This could be enforced at compilation time once constraints on generics
+			// will be available.
+			// https://rust-lang.github.io/rfcs/2000-const-generics.html
+			if value <= 99999999999999999999999999999999 {
+				Ok(Self(value))
+			} else {
+				Err(ReferenceError::TooLong.into())
+			}
+		}
+	}
+
+	impl From<u64> for Eip155Reference {
+		fn from(value: u64) -> Self {
+			Self(value.into())
+		}
+	}
+
+	impl Display for Eip155Reference {
+		fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
+			write!(f, "{}", self.0)
+		}
+	}
+
+	/// A chain reference for CAIP-2 chains that are identified by a HEX genesis
+	/// hash of 32 characters.
+	#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug, Encode, Decode, MaxEncodedLen, TypeInfo)]
+	pub struct GenesisHexHash32Reference(pub(crate) [u8; 16]);
+
+	impl GenesisHexHash32Reference {
+		/// The CAIP-2 reference for the Bitcoin mainnet.
+		pub const fn bitcoin_mainnet() -> Self {
+			Self(hex!("000000000019d6689c085ae165831e93"))
+		}
+
+		/// The CAIP-2 reference for the Litecoin mainnet.
+		pub const fn litecoin_mainnet() -> Self {
+			Self(hex!("12a765e31ffd4059bada1e25190f6e98"))
+		}
+
+		/// The CAIP-2 reference for the Polkadot relaychain.
+		pub const fn polkadot() -> Self {
+			Self(hex!("91b171bb158e2d3848fa23a9f1c25182"))
+		}
+
+		/// The CAIP-2 reference for the Kusama relaychain.
+		pub const fn kusama() -> Self {
+			Self(hex!("b0a8d493285c2df73290dfb7e61f870f"))
+		}
+
+		/// The CAIP-2 reference for the KILT Spiritnet parachain.
+		pub const fn kilt_spiritnet() -> Self {
+			Self(hex!("411f057b9107718c9624d6aa4a3f23c1"))
+		}
+	}
+
+	impl GenesisHexHash32Reference {
+		/// Parse a UTF8-encoded HEX chain reference, failing if the input
+		/// string is not valid.
+		pub(crate) fn from_utf8_encoded<I>(input: I) -> Result<Self, Error>
+		where
+			I: AsRef<[u8]> + Into<Vec<u8>>,
+		{
+			let input = input.as_ref();
+			check_reference_length_bounds(input)?;
+
+			let decoded = hex::decode(input).map_err(|_| {
+				log::trace!("Provided input is not a valid hex value as expected by a genesis HEX reference.");
+				ReferenceError::InvalidFormat
+			})?;
+			let inner: [u8; 16] = decoded.try_into().map_err(|_| {
+				log::trace!("Provided input is not 16 bytes long as expected by a genesis HEX reference.");
+				ReferenceError::InvalidFormat
+			})?;
+			Ok(Self(inner))
+		}
+	}
+
+	// Getters
+	impl GenesisHexHash32Reference {
+		pub fn inner(&self) -> &[u8] {
+			&self.0
+		}
+	}
+
+	impl Display for GenesisHexHash32Reference {
+		fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
+			write!(f, "{}", hex::encode(self.0))
+		}
+	}
+
+	/// A chain reference for CAIP-2 chains that are identified by a
+	/// Base58-encoded genesis hash of 32 characters.
+	#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug, Encode, Decode, MaxEncodedLen, TypeInfo)]
+	pub struct GenesisBase58Hash32Reference(pub(crate) BoundedVec<u8, ConstU32<32>>);
+
+	impl GenesisBase58Hash32Reference {
+		/// The CAIP-2 reference for the Solana mainnet.
+		pub fn solana_mainnet() -> Self {
+			// Base58 decoding of Solana genesis hash 4sGjMW1sUnHzSxGspuhpqLDx6wiyjNtZ
+			Self(
+				vec![
+					187, 54, 81, 91, 131, 4, 217, 218, 81, 6, 169, 34, 88, 214, 125, 109, 223, 209, 236, 21, 49, 109,
+					82,
+				]
+				.try_into()
+				.expect("Well-known chain ID for solana mainnet should never fail."),
+			)
+		}
+	}
+
+	impl GenesisBase58Hash32Reference {
+		/// Parse a UTF8-encoded Base58 chain reference, failing if the input
+		/// string is not valid.
+		pub(crate) fn from_utf8_encoded<I>(input: I) -> Result<Self, Error>
+		where
+			I: AsRef<[u8]> + Into<Vec<u8>>,
+		{
+			let input = input.as_ref();
+			check_reference_length_bounds(input)?;
+
+			let decoded_string = str::from_utf8(input).map_err(|_| {
+				log::trace!("Provided input is not a valid UTF8 string as expected by a genesis base58 reference.");
+				ReferenceError::InvalidFormat
+			})?;
+			let decoded = decoded_string.from_base58().map_err(|_| {
+				log::trace!("Provided input is not a valid base58 value as expected by a genesis base58 reference.");
+				ReferenceError::InvalidFormat
+			})?;
+			// Max length in bytes of a 32-character Base58 string is 32 -> it is the string
+			// formed by all "1". Otherwise, it is always between 23 and 24 characters.
+			let inner: BoundedVec<u8, ConstU32<32>> = decoded.try_into().map_err(|_| ReferenceError::InvalidFormat)?;
+			Ok(Self(inner))
+		}
+	}
+
+	// Getters
+	impl GenesisBase58Hash32Reference {
+		pub fn inner(&self) -> &[u8] {
+			&self.0
+		}
+	}
+
+	impl Display for GenesisBase58Hash32Reference {
+		fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
+			write!(f, "{}", &self.0.to_base58())
+		}
+	}
+
+	/// A generic chain ID compliant with the [CAIP-2 spec](https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-2.md) that cannot be boxed in any of the supported variants.
+	#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug, Encode, Decode, MaxEncodedLen, TypeInfo)]
+	pub struct GenericChainId {
+		pub(crate) namespace: GenericChainNamespace,
+		pub(crate) reference: GenericChainReference,
+	}
+
+	impl GenericChainId {
+		/// Parse a generic UTF8-encoded chain ID, failing if the input does not
+		/// respect the CAIP-2 requirements.
+		pub(crate) fn from_utf8_encoded<I>(input: I) -> Result<Self, Error>
+		where
+			I: AsRef<[u8]> + Into<Vec<u8>>,
+		{
+			let ChainComponents { namespace, reference } = split_components(input.as_ref());
+
+			match (namespace, reference) {
+				(Some(namespace), Some(reference)) => Ok(Self {
+					namespace: GenericChainNamespace::from_utf8_encoded(namespace)?,
+					reference: GenericChainReference::from_utf8_encoded(reference)?,
+				}),
+				_ => Err(Error::InvalidFormat),
+			}
+		}
+	}
+
+	// Getters
+	impl GenericChainId {
+		pub fn namespace(&self) -> &GenericChainNamespace {
+			&self.namespace
+		}
+		pub fn reference(&self) -> &GenericChainReference {
+			&self.reference
+		}
+	}
+
+	/// A generic chain namespace as defined in the [CAIP-2 spec](https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-2.md).
+	/// It stores the provided UTF8-encoded namespace without trying to apply
+	/// any parsing/decoding logic.
+	#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug, Encode, Decode, MaxEncodedLen, TypeInfo)]
+	pub struct GenericChainNamespace(pub(crate) BoundedVec<u8, ConstU32<MAXIMUM_NAMESPACE_LENGTH_U32>>);
+
+	impl GenericChainNamespace {
+		/// Parse a generic UTF8-encoded chain namespace, failing if the input
+		/// does not respect the CAIP-2 requirements.
+		pub(crate) fn from_utf8_encoded<I>(input: I) -> Result<Self, Error>
+		where
+			I: AsRef<[u8]> + Into<Vec<u8>>,
+		{
+			let input = input.as_ref();
+			check_namespace_length_bounds(input)?;
+
+			input.iter().try_for_each(|c| {
+				if !matches!(c, b'-' | b'a'..=b'z' | b'0'..=b'9') {
+					log::trace!("Provided input has some invalid values as expected by a generic chain namespace.");
+					Err(NamespaceError::InvalidFormat)
+				} else {
+					Ok(())
+				}
+			})?;
+			Ok(Self(
+				Vec::<u8>::from(input)
+					.try_into()
+					.map_err(|_| NamespaceError::InvalidFormat)?,
+			))
+		}
+	}
+
+	// Getters
+	impl GenericChainNamespace {
+		pub fn inner(&self) -> &[u8] {
+			&self.0
+		}
+	}
+
+	impl Display for GenericChainNamespace {
+		fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
+			// We checked when the type is created that all characters are valid UTF8
+			// (actually ASCII) characters.
+			write!(
+				f,
+				"{}",
+				str::from_utf8(&self.0).expect("Conversion of GenericChainNamespace to string should never fail.")
+			)
+		}
+	}
+
+	/// A generic chain reference as defined in the [CAIP-2 spec](https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-2.md).
+	#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug, Encode, Decode, MaxEncodedLen, TypeInfo)]
+	pub struct GenericChainReference(pub(crate) BoundedVec<u8, ConstU32<MAXIMUM_REFERENCE_LENGTH_U32>>);
+
+	impl GenericChainReference {
+		/// Parse a generic UTF8-encoded chain reference, failing if the input
+		/// does not respect the CAIP-2 requirements.
+		pub(crate) fn from_utf8_encoded<I>(input: I) -> Result<Self, Error>
+		where
+			I: AsRef<[u8]> + Into<Vec<u8>>,
+		{
+			let input = input.as_ref();
+			check_reference_length_bounds(input)?;
+
+			input.iter().try_for_each(|c| {
+				if !matches!(c, b'-' | b'a'..=b'z' | b'A'..=b'Z' | b'0'..=b'9') {
+					log::trace!("Provided input has some invalid values as expected by a generic chain reference.");
+					Err(ReferenceError::InvalidFormat)
+				} else {
+					Ok(())
+				}
+			})?;
+			Ok(Self(
+				Vec::<u8>::from(input)
+					.try_into()
+					.map_err(|_| ReferenceError::InvalidFormat)?,
+			))
+		}
+	}
+
+	// Getters
+	impl GenericChainReference {
+		pub fn inner(&self) -> &[u8] {
+			&self.0
+		}
+	}
+
+	impl Display for GenericChainReference {
+		fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
+			// We checked when the type is created that all characters are valid UTF8
+			// (actually ASCII) characters.
+			write!(
+				f,
+				"{}",
+				str::from_utf8(&self.0).expect("Conversion of GenericChainReference to string should never fail.")
+			)
+		}
+	}
+
+	#[cfg(test)]
+	mod test {
+		use super::*;
+
+		#[test]
+		fn test_eip155_chains() {
+			let valid_chains = [
+				"eip155:1",
+				"eip155:5",
+				"eip155:99999999999999999999999999999999",
+				"eip155:0",
+			];
+			for chain in valid_chains {
+				let chain_id = ChainId::from_utf8_encoded(chain.as_bytes())
+					.unwrap_or_else(|_| panic!("Chain ID {:?} should not fail for eip155 chains", chain));
+				// Verify that the ToString implementation prints exactly the original input
+				assert_eq!(chain_id.to_string(), chain);
+			}
+
+			let invalid_chains = [
+				// Too short
+				"",
+				"e",
+				"ei",
+				"eip",
+				"eip1",
+				"eip15",
+				"eip155",
+				"eip155:",
+				// Not a number
+				"eip155:a",
+				"eip155::",
+				"eip155:›",
+				"eip155:😁",
+				// Max chars + 1
+				"eip155:999999999999999999999999999999999",
+			];
+			for chain in invalid_chains {
+				assert!(
+					ChainId::from_utf8_encoded(chain.as_bytes()).is_err(),
+					"Chain ID {:?} should fail to parse for eip155 chains",
+					chain
+				);
+			}
+		}
+
+		#[test]
+		fn test_bip122_chains() {
+			let valid_chains = [
+				"bip122:000000000019d6689c085ae165831e93",
+				"bip122:12a765e31ffd4059bada1e25190f6e98",
+				"bip122:fdbe99b90c90bae7505796461471d89a",
+				"bip122:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+			];
+			for chain in valid_chains {
+				let chain_id = ChainId::from_utf8_encoded(chain.as_bytes())
+					.unwrap_or_else(|_| panic!("Chain ID {:?} should not fail for bip122 chains", chain));
+				// Verify that the ToString implementation prints exactly the original input
+				assert_eq!(chain_id.to_string(), chain);
+			}
+
+			let invalid_chains = [
+				// Too short
+				"",
+				"b",
+				"bi",
+				"bip",
+				"bip1",
+				"bip12",
+				"bip122",
+				"bip122:",
+				// Not an HEX string
+				"bip122:gg",
+				"bip122::",
+				"bip122:›",
+				"bip122:😁",
+				// Not the expected length
+				"bip122:a",
+				"bip122:aa",
+				"bip122:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+			];
+			for chain in invalid_chains {
+				assert!(
+					ChainId::from_utf8_encoded(chain.as_bytes()).is_err(),
+					"Chain ID {:?} should fail to parse for bip122 chains",
+					chain
+				);
+			}
+		}
+
+		#[test]
+		fn test_dotsama_chains() {
+			let valid_chains = [
+				"polkadot:b0a8d493285c2df73290dfb7e61f870f",
+				"polkadot:742a2ca70c2fda6cee4f8df98d64c4c6",
+				"polkadot:37e1f8125397a98630013a4dff89b54c",
+				"polkadot:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+			];
+			for chain in valid_chains {
+				let chain_id = ChainId::from_utf8_encoded(chain.as_bytes())
+					.unwrap_or_else(|_| panic!("Chain ID {:?} should not fail for dotsama chains", chain));
+				// Verify that the ToString implementation prints exactly the original input
+				assert_eq!(chain_id.to_string(), chain);
+			}
+
+			let invalid_chains = [
+				// Too short
+				"",
+				"p",
+				"po",
+				"pol",
+				"polk",
+				"polka",
+				"polkad",
+				"polkado",
+				"polkadot",
+				"polkadot:",
+				// Not an HEX string
+				"polkadot:gg",
+				"polkadot::",
+				"polkadot:›",
+				"polkadot:😁",
+				// Not the expected length
+				"polkadot:a",
+				"polkadot:aa",
+				"polkadot:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+			];
+			for chain in invalid_chains {
+				assert!(
+					ChainId::from_utf8_encoded(chain.as_bytes()).is_err(),
+					"Chain ID {:?} should fail to parse for polkadot chains",
+					chain
+				);
+			}
+		}
+
+		#[test]
+		fn test_solana_chains() {
+			let valid_chains = [
+				"solana:4sGjMW1sUnHzSxGspuhpqLDx6wiyjNtZ",
+				"solana:8E9rvCKLFQia2Y35HXjjpWzj8weVo44K",
+			];
+			for chain in valid_chains {
+				let chain_id = ChainId::from_utf8_encoded(chain.as_bytes())
+					.unwrap_or_else(|_| panic!("Chain ID {:?} should not fail for solana chains", chain));
+				// Verify that the ToString implementation prints exactly the original input
+				assert_eq!(chain_id.to_string(), chain);
+			}
+
+			let invalid_chains = [
+				// Too short
+				"",
+				"s",
+				"so",
+				"sol",
+				"sola",
+				"solan",
+				"solana",
+				"solana:",
+				// Not a Base58 string
+				"solana::",
+				"solana:›",
+				"solana:😁",
+				"solana:random-string",
+				// Valid base58 text, too long (34 chars)
+				"solana:TJ24pxm996UCBScuQRwjYo4wvPjUa8pzKo",
+			];
+			for chain in invalid_chains {
+				assert!(
+					ChainId::from_utf8_encoded(chain.as_bytes()).is_err(),
+					"Chain ID {:?} should fail to parse for generic chains",
+					chain
+				);
+			}
+		}
+
+		#[test]
+		fn test_generic_chains() {
+			let valid_chains = [
+				// Edge cases
+				"abc:-",
+				"-as01-aa:A",
+				"12345678:abcdefghjklmnopqrstuvwxyzABCD012",
+				// Filecoin examples -> https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-23.md
+				"fil:t",
+				"fil:f",
+				// Tezos examples -> https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-26.md
+				"tezos:NetXdQprcVkpaWU",
+				"tezos:NetXm8tYqnMWky1",
+				// Cosmos examples -> https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-5.md
+				"cosmos:cosmoshub-2",
+				"cosmos:cosmoshub-3",
+				"cosmos:Binance-Chain-Tigris",
+				"cosmos:iov-mainnet",
+				"cosmos:x",
+				"cosmos:hash-",
+				"cosmos:hashed",
+				// Lisk examples -> https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-6.md
+				"lip9:9ee11e9df416b18b",
+				"lip9:e48feb88db5b5cf5",
+				// EOSIO examples -> https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-7.md
+				"eosio:aca376f206b8fc25a6ed44dbdc66547c",
+				"eosio:e70aaab8997e1dfce58fbfac80cbbb8f",
+				"eosio:4667b205c6838ef70ff7988f6e8257e8",
+				"eosio:1eaa0824707c8c16bd25145493bf062a",
+				// Stellar examples -> https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-28.md
+				"stellar:testnet",
+				"stellar:pubnet",
+			];
+			for chain in valid_chains {
+				let chain_id = ChainId::from_utf8_encoded(chain.as_bytes())
+					.unwrap_or_else(|_| panic!("Chain ID {:?} should not fail for generic chains", chain));
+				// Verify that the ToString implementation prints exactly the original input
+				assert_eq!(chain_id.to_string(), chain);
+			}
+
+			let invalid_chains = [
+				// Too short
+				"",
+				"a",
+				"ab",
+				"01:",
+				"ab-:",
+				// Too long
+				"123456789:1",
+				"12345678:123456789123456789123456789123456",
+				"123456789:123456789123456789123456789123456",
+				// Unallowed characters
+				"::",
+				"c?1:›",
+				"de:😁",
+			];
+			for chain in invalid_chains {
+				assert!(
+					ChainId::from_utf8_encoded(chain.as_bytes()).is_err(),
+					"Chain ID {:?} should fail to parse for solana chains",
+					chain
+				);
+			}
+		}
+
+		#[test]
+		fn test_helpers() {
+			// These functions should never panic. We just check that here.
+			assert_eq!(ChainId::ethereum_mainnet().to_string(), "eip155:1");
+			assert_eq!(ChainId::moonbeam_eth().to_string(), "eip155:1284");
+			assert_eq!(
+				ChainId::bitcoin_mainnet().to_string(),
+				"bip122:000000000019d6689c085ae165831e93"
+			);
+			assert_eq!(
+				ChainId::litecoin_mainnet().to_string(),
+				"bip122:12a765e31ffd4059bada1e25190f6e98"
+			);
+			assert_eq!(
+				ChainId::polkadot().to_string(),
+				"polkadot:91b171bb158e2d3848fa23a9f1c25182"
+			);
+			assert_eq!(
+				ChainId::kusama().to_string(),
+				"polkadot:b0a8d493285c2df73290dfb7e61f870f"
+			);
+			assert_eq!(
+				ChainId::kilt_spiritnet().to_string(),
+				"polkadot:411f057b9107718c9624d6aa4a3f23c1"
+			);
+			assert_eq!(
+				ChainId::solana_mainnet().to_string(),
+				"solana:4sGjMW1sUnHzSxGspuhpqLDx6wiyjNtZ"
+			);
+		}
+	}
+}
diff --git a/crates/assets/src/errors.rs b/crates/assets/src/errors.rs
new file mode 100644
index 0000000000..039937de51
--- /dev/null
+++ b/crates/assets/src/errors.rs
@@ -0,0 +1,163 @@
+// KILT Blockchain – https://botlabs.org
+// Copyright (C) 2019-2022 BOTLabs GmbH
+
+// The KILT Blockchain is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// The KILT Blockchain is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+// If you feel like getting in touch with us, you can do so at info@botlabs.org
+
+use frame_support::sp_runtime::RuntimeDebug;
+
+// Only re-export the main enum, with the variant values still being namespaced
+pub use asset::Error as AssetError;
+pub use chain::Error as ChainError;
+
+/// An error in the Asset DID parsing logic.
+#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug)]
+pub enum AssetDidError {
+	/// An error in the chain ID parsing logic.
+	ChainId(ChainError),
+	/// An error in the asset ID parsing logic.
+	AssetId(AssetError),
+	/// A generic error not belonging to any of the other categories.
+	InvalidFormat,
+}
+
+impl From<ChainError> for AssetDidError {
+	fn from(err: ChainError) -> Self {
+		Self::ChainId(err)
+	}
+}
+
+impl From<AssetError> for AssetDidError {
+	fn from(err: AssetError) -> Self {
+		Self::AssetId(err)
+	}
+}
+
+pub mod chain {
+	use super::*;
+
+	/// An error in the chain ID parsing logic.
+	#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug)]
+	pub enum Error {
+		/// An error in the chain namespace parsing logic.
+		Namespace(NamespaceError),
+		/// An error in the chain reference parsing logic.
+		Reference(ReferenceError),
+		/// A generic error not belonging to any of the other categories.
+		InvalidFormat,
+	}
+
+	/// An error in the chain namespace parsing logic.
+	#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug)]
+	pub enum NamespaceError {
+		/// Namespace too long.
+		TooLong,
+		/// Namespace too short.
+		TooShort,
+		/// A generic error not belonging to any of the other categories.
+		InvalidFormat,
+	}
+
+	/// An error in the chain reference parsing logic.
+	#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug)]
+	pub enum ReferenceError {
+		/// Reference too long.
+		TooLong,
+		/// Reference too short.
+		TooShort,
+		/// A generic error not belonging to any of the other categories.
+		InvalidFormat,
+	}
+
+	impl From<NamespaceError> for Error {
+		fn from(err: NamespaceError) -> Self {
+			Self::Namespace(err)
+		}
+	}
+
+	impl From<ReferenceError> for Error {
+		fn from(err: ReferenceError) -> Self {
+			Self::Reference(err)
+		}
+	}
+}
+
+pub mod asset {
+	use super::*;
+
+	/// An error in the asset ID parsing logic.
+	#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug)]
+	pub enum Error {
+		/// An error in the asset namespace parsing logic.
+		Namespace(NamespaceError),
+		/// An error in the asset reference parsing logic.
+		Reference(ReferenceError),
+		/// An error in the asset identifier parsing logic.
+		Identifier(IdentifierError),
+		/// A generic error not belonging to any of the other categories.
+		InvalidFormat,
+	}
+
+	/// An error in the asset namespace parsing logic.
+	#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug)]
+	pub enum NamespaceError {
+		/// Namespace too long.
+		TooLong,
+		/// Namespace too short.
+		TooShort,
+		/// A generic error not belonging to any of the other categories.
+		InvalidFormat,
+	}
+
+	/// An error in the asset reference parsing logic.
+	#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug)]
+	pub enum ReferenceError {
+		/// Reference too long.
+		TooLong,
+		/// Reference too short.
+		TooShort,
+		/// A generic error not belonging to any of the other categories.
+		InvalidFormat,
+	}
+
+	/// An error in the asset identifier parsing logic.
+	#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug)]
+	pub enum IdentifierError {
+		/// Identifier too long.
+		TooLong,
+		/// Identifier too short.
+		TooShort,
+		/// A generic error not belonging to any of the other categories.
+		InvalidFormat,
+	}
+
+	impl From<NamespaceError> for Error {
+		fn from(err: NamespaceError) -> Self {
+			Self::Namespace(err)
+		}
+	}
+
+	impl From<ReferenceError> for Error {
+		fn from(err: ReferenceError) -> Self {
+			Self::Reference(err)
+		}
+	}
+
+	impl From<IdentifierError> for Error {
+		fn from(err: IdentifierError) -> Self {
+			Self::Identifier(err)
+		}
+	}
+}
diff --git a/crates/assets/src/lib.rs b/crates/assets/src/lib.rs
new file mode 100644
index 0000000000..994ae5bad6
--- /dev/null
+++ b/crates/assets/src/lib.rs
@@ -0,0 +1,37 @@
+// KILT Blockchain – https://botlabs.org
+// Copyright (C) 2019-2022 BOTLabs GmbH
+
+// The KILT Blockchain is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// The KILT Blockchain is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+// If you feel like getting in touch with us, you can do so at info@botlabs.org
+
+//! Library to parse the raw byte vectors into supported Asset DIDs, according
+//! to the spec.
+//!
+//! The library is suitable for no_std environment, such as WASM-based
+//! blockchain runtimes.
+
+#![cfg_attr(not(feature = "std"), no_std)]
+
+pub mod asset;
+pub mod chain;
+pub mod v1;
+
+mod errors;
+
+// Re-export relevant types
+pub use asset::*;
+pub use chain::*;
+pub use errors::*;
+pub use v1::*;
diff --git a/crates/assets/src/v1.rs b/crates/assets/src/v1.rs
new file mode 100644
index 0000000000..487225f27c
--- /dev/null
+++ b/crates/assets/src/v1.rs
@@ -0,0 +1,205 @@
+// KILT Blockchain – https://botlabs.org
+// Copyright (C) 2019-2022 BOTLabs GmbH
+
+// The KILT Blockchain is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// The KILT Blockchain is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+// If you feel like getting in touch with us, you can do so at info@botlabs.org
+use codec::{Decode, Encode, MaxEncodedLen};
+use hex_literal::hex;
+use scale_info::TypeInfo;
+
+use frame_support::sp_runtime::RuntimeDebug;
+use sp_std::{fmt::Display, vec::Vec};
+
+use core::str;
+
+use crate::*;
+
+/// The minimum length, including separator symbols, an asset DID can have
+/// according to the Asset DID specification.
+/// The minimum length is given by the length of the "did:asset:" prefix,
+/// plus the minimum length of a valid CAIP-2 chain ID, the minimum length of
+/// a valid CAIP-19 asset ID, and the separator symbol between the two.
+pub const MINIMUM_ASSET_DID_LENGTH: usize =
+	DID_ASSET_PREFIX.len() + MINIMUM_CHAIN_ID_LENGTH + 1 + MINIMUM_ASSET_ID_LENGTH;
+/// The maximum length, including separator symbols, an asset DID can have
+/// according to the Asset DID specification.
+/// The maximum length is given by the length of the "did:asset:" prefix,
+/// plus the maximum length of a valid CAIP-2 chain ID, the maximum length of
+/// a valid CAIP-19 asset ID, and the separator symbol between the two.
+pub const MAXIMUM_ASSET_DID_LENGTH: usize =
+	DID_ASSET_PREFIX.len() + MAXIMUM_CHAIN_ID_LENGTH + 1 + MAXIMUM_ASSET_ID_LENGTH;
+
+const DID_ASSET_PREFIX: &[u8] = b"did:asset:";
+const CHAIN_ASSET_SEPARATOR: u8 = b'.';
+
+/// An Asset DID as specified in the Asset DID method specification.
+#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug, Encode, Decode, MaxEncodedLen, TypeInfo)]
+pub struct AssetDid {
+	pub chain_id: ChainId,
+	pub asset_id: AssetId,
+}
+
+impl AssetDid {
+	pub fn ether_currency() -> Self {
+		Self {
+			chain_id: Eip155Reference::ethereum_mainnet().into(),
+			asset_id: Slip44Reference(60.into()).into(),
+		}
+	}
+
+	pub fn bitcoin_currency() -> Self {
+		Self {
+			chain_id: ChainId::Bip122(GenesisHexHash32Reference::bitcoin_mainnet()),
+			asset_id: Slip44Reference(0.into()).into(),
+		}
+	}
+
+	pub fn litecoin_currency() -> Self {
+		Self {
+			chain_id: ChainId::Bip122(GenesisHexHash32Reference::litecoin_mainnet()),
+			asset_id: Slip44Reference(2.into()).into(),
+		}
+	}
+
+	pub fn dai_currency() -> Self {
+		Self {
+			chain_id: Eip155Reference::ethereum_mainnet().into(),
+			asset_id: EvmSmartContractFungibleReference(hex!("6b175474e89094c44da98b954eedeac495271d0f")).into(),
+		}
+	}
+
+	pub fn req_currency() -> Self {
+		Self {
+			chain_id: Eip155Reference::ethereum_mainnet().into(),
+			asset_id: EvmSmartContractFungibleReference(hex!("8f8221afbb33998d8584a2b05749ba73c37a938a")).into(),
+		}
+	}
+
+	pub fn cryptokitties_collection() -> Self {
+		Self {
+			chain_id: Eip155Reference::ethereum_mainnet().into(),
+			asset_id: AssetId::Erc721(EvmSmartContractNonFungibleReference(
+				EvmSmartContractFungibleReference(hex!("06012c8cf97BEaD5deAe237070F9587f8E7A266d")),
+				None,
+			)),
+		}
+	}
+
+	pub fn themanymatts_collection() -> Self {
+		Self {
+			chain_id: Eip155Reference::ethereum_mainnet().into(),
+			asset_id: AssetId::Erc1155(EvmSmartContractNonFungibleReference(
+				EvmSmartContractFungibleReference(hex!("28959Cf125ccB051E70711D0924a62FB28EAF186")),
+				None,
+			)),
+		}
+	}
+}
+
+impl AssetDid {
+	/// Try to parse an `AssetDID` instance from the provided UTF8-encoded
+	/// input.
+	pub fn from_utf8_encoded<I>(input: I) -> Result<Self, AssetDidError>
+	where
+		I: AsRef<[u8]> + Into<Vec<u8>>,
+	{
+		let input = input.as_ref();
+		let input_length = input.len();
+		if !(MINIMUM_ASSET_DID_LENGTH..=MAXIMUM_ASSET_DID_LENGTH).contains(&input_length) {
+			log::trace!(
+				"Length of provided input {} is not included in the inclusive range [{},{}]",
+				input_length,
+				MINIMUM_ASSET_DID_LENGTH,
+				MAXIMUM_ASSET_DID_LENGTH
+			);
+			return Err(AssetDidError::InvalidFormat);
+		}
+
+		let asset_id = input
+			.as_ref()
+			.strip_prefix(DID_ASSET_PREFIX)
+			.ok_or(AssetDidError::InvalidFormat)?;
+
+		let mut split = asset_id.splitn(2, |c| *c == CHAIN_ASSET_SEPARATOR);
+		let (chain, asset) = (split.next(), split.next());
+
+		if let (Some(chain), Some(asset)) = (chain, asset) {
+			let chain_id = ChainId::from_utf8_encoded(chain).map_err(AssetDidError::ChainId)?;
+			let asset_id = AssetId::from_utf8_encoded(asset).map_err(AssetDidError::AssetId)?;
+			Ok(Self { chain_id, asset_id })
+		} else {
+			Err(AssetDidError::InvalidFormat)?
+		}
+	}
+}
+
+impl Display for AssetDid {
+	fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
+		write!(
+			f,
+			"{}{}{}{}",
+			str::from_utf8(DID_ASSET_PREFIX).expect("Conversion of Asset DID prefix to string should never fail."),
+			self.chain_id,
+			char::from(CHAIN_ASSET_SEPARATOR),
+			self.asset_id
+		)
+	}
+}
+
+#[cfg(test)]
+mod test {
+	use super::*;
+
+	#[test]
+	fn valid_ids() {
+		let raw_ids = [
+			// Test cases from https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-20.md
+			"did:asset:eip155:1.slip44:60",
+			"did:asset:bip122:000000000019d6689c085ae165831e93.slip44:0",
+			"did:asset:cosmos:cosmoshub-3.slip44:118",
+			"did:asset:bip122:12a765e31ffd4059bada1e25190f6e98.slip44:2",
+			"did:asset:cosmos:Binance-Chain-Tigris.slip44:714",
+			"did:asset:cosmos:iov-mainnet.slip44:234",
+			// Test cases from https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-21.md
+			"did:asset:eip155:1.erc20:0x6b175474e89094c44da98b954eedeac495271d0f",
+			"did:asset:eip155:1.erc20:0x8f8221afbb33998d8584a2b05749ba73c37a938a",
+			// Test cases from https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-22.md
+			"did:asset:eip155:1.erc721:0x06012c8cf97BEaD5deAe237070F9587f8E7A266d",
+			"did:asset:eip155:1.erc721:0x06012c8cf97BEaD5deAe237070F9587f8E7A266d:771769",
+			// Test cases from https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-29.md
+			"did:asset:eip155:1.erc1155:0x28959Cf125ccB051E70711D0924a62FB28EAF186",
+			"did:asset:eip155:1.erc1155:0x28959Cf125ccB051E70711D0924a62FB28EAF186:0",
+		];
+
+		for id in raw_ids {
+			let asset_did = AssetDid::from_utf8_encoded(id.as_bytes())
+				.unwrap_or_else(|_| panic!("Test for valid IDs failed for {:?}", id));
+			// Verify that the ToString implementation prints exactly the original input
+			assert_eq!(asset_did.to_string().to_lowercase(), id.to_lowercase());
+		}
+	}
+
+	#[test]
+	fn helpers() {
+		// These functions should never panic. We just check that here.
+		AssetDid::ether_currency();
+		AssetDid::bitcoin_currency();
+		AssetDid::litecoin_currency();
+		AssetDid::dai_currency();
+		AssetDid::req_currency();
+		AssetDid::cryptokitties_collection();
+		AssetDid::themanymatts_collection();
+	}
+}
diff --git a/nodes/common/Cargo.toml b/nodes/common/Cargo.toml
new file mode 100644
index 0000000000..ab97705e98
--- /dev/null
+++ b/nodes/common/Cargo.toml
@@ -0,0 +1,18 @@
+[package]
+authors = ["KILT <info@kilt.io>"]
+edition = "2021"
+description = "Set of common utility types, functions, and traits that all node executables can tap into."
+name = "node-common"
+version = "1.7.2"
+
+[dependencies]
+# Client dependencies
+serde = {version = "1.0.137", features = ["derive"]}
+
+# Runtime dependencies
+kilt-support = {path = "../../support"}
+public-credentials = {path = "../../pallets/public-credentials"}
+public-credentials-rpc = {path = "../../rpc/public-credentials"}
+
+[features]
+default = []
diff --git a/nodes/common/src/lib.rs b/nodes/common/src/lib.rs
new file mode 100644
index 0000000000..5ace9a26fa
--- /dev/null
+++ b/nodes/common/src/lib.rs
@@ -0,0 +1,21 @@
+// KILT Blockchain – https://botlabs.org
+// Copyright (C) 2019-2022 BOTLabs GmbH
+
+// The KILT Blockchain is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// The KILT Blockchain is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+// If you feel like getting in touch with us, you can do so at info@botlabs.org
+
+pub mod public_credentials;
+
+pub use crate::public_credentials::*;
diff --git a/nodes/common/src/public_credentials.rs b/nodes/common/src/public_credentials.rs
new file mode 100644
index 0000000000..13ad2d5c7b
--- /dev/null
+++ b/nodes/common/src/public_credentials.rs
@@ -0,0 +1,86 @@
+// KILT Blockchain – https://botlabs.org
+// Copyright (C) 2019-2022 BOTLabs GmbH
+
+// The KILT Blockchain is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// The KILT Blockchain is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+// If you feel like getting in touch with us, you can do so at info@botlabs.org
+
+use serde::{Deserialize, Serialize};
+
+use kilt_support::deposit::Deposit;
+use public_credentials::CredentialEntry;
+
+use public_credentials_rpc::PublicCredentialsFilter;
+
+#[derive(Serialize, Deserialize)]
+/// Thin wrapper around a runtime credential entry as specified in the
+/// `public-credentials` pallet. This wrapper implements all the
+/// (de-)serialization logic.
+pub struct OuterCredentialEntry<CTypeHash, Attester, BlockNumber, AccountId, Balance, AuthorizationId> {
+	pub ctype_hash: CTypeHash,
+	pub attester: Attester,
+	pub revoked: bool,
+	pub block_number: BlockNumber,
+	#[serde(bound(
+		serialize = "AccountId: Serialize, Balance: std::fmt::Display",
+		deserialize = "AccountId: Deserialize<'de>, Balance: std::str::FromStr"
+	))]
+	pub deposit: Deposit<AccountId, Balance>,
+	pub authorization_id: Option<AuthorizationId>,
+}
+
+impl<CTypeHash, Attester, BlockNumber, AccountId, Balance, AuthorizationId>
+	From<CredentialEntry<CTypeHash, Attester, BlockNumber, AccountId, Balance, AuthorizationId>>
+	for OuterCredentialEntry<CTypeHash, Attester, BlockNumber, AccountId, Balance, AuthorizationId>
+{
+	fn from(value: CredentialEntry<CTypeHash, Attester, BlockNumber, AccountId, Balance, AuthorizationId>) -> Self {
+		Self {
+			ctype_hash: value.ctype_hash,
+			attester: value.attester,
+			revoked: value.revoked,
+			block_number: value.block_number,
+			deposit: value.deposit,
+			authorization_id: value.authorization_id,
+		}
+	}
+}
+
+/// Filter for public credentials retrieved for a provided subject as specified
+/// in the RPC interface.
+#[derive(Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub enum PublicCredentialFilter<CTypeHash, Attester> {
+	/// Filter credentials that match a specified Ctype.
+	CtypeHash(CTypeHash),
+	/// Filter credentials that have been issued by the specified attester.
+	Attester(Attester),
+}
+
+impl<CTypeHash, Attester, BlockNumber, AccountId, Balance, AuthorizationId>
+	PublicCredentialsFilter<CredentialEntry<CTypeHash, Attester, BlockNumber, AccountId, Balance, AuthorizationId>>
+	for PublicCredentialFilter<CTypeHash, Attester>
+where
+	CTypeHash: Eq,
+	Attester: Eq,
+{
+	fn should_include(
+		&self,
+		credential: &CredentialEntry<CTypeHash, Attester, BlockNumber, AccountId, Balance, AuthorizationId>,
+	) -> bool {
+		match self {
+			Self::CtypeHash(ctype_hash) => ctype_hash == &credential.ctype_hash,
+			Self::Attester(attester) => attester == &credential.attester,
+		}
+	}
+}
diff --git a/nodes/parachain/Cargo.toml b/nodes/parachain/Cargo.toml
index ec02617b37..7c0d8545f4 100644
--- a/nodes/parachain/Cargo.toml
+++ b/nodes/parachain/Cargo.toml
@@ -18,8 +18,11 @@ substrate-build-script-utils = {git = "https://github.com/paritytech/substrate",
 # Internal dependencies
 clone-runtime = {path = "../../runtimes/clone"}
 did-rpc = {path = "../../rpc/did"}
+node-common = {path = "../common"}
 pallet-did-lookup = {path = "../../pallets/pallet-did-lookup"}
 peregrine-runtime = {path = "../../runtimes/peregrine"}
+public-credentials = {path = "../../pallets/public-credentials"}
+public-credentials-rpc = {path = "../../rpc/public-credentials"}
 runtime-common = {path = "../../runtimes/common"}
 spiritnet-runtime = {path = "../../runtimes/spiritnet"}
 
@@ -107,6 +110,7 @@ runtime-benchmarks = [
   "pallet-did-lookup/runtime-benchmarks",
   "polkadot-service/runtime-benchmarks",
   "peregrine-runtime/runtime-benchmarks",
+  "public-credentials/runtime-benchmarks",
   "spiritnet-runtime/runtime-benchmarks",
 ]
 try-runtime = [
diff --git a/nodes/parachain/src/rpc.rs b/nodes/parachain/src/rpc.rs
index aab5b672ac..26e189a3b5 100644
--- a/nodes/parachain/src/rpc.rs
+++ b/nodes/parachain/src/rpc.rs
@@ -34,7 +34,11 @@ use sp_block_builder::BlockBuilder;
 use sp_blockchain::{Error as BlockChainError, HeaderBackend, HeaderMetadata};
 
 use pallet_did_lookup::linkable_account::LinkableAccountId;
-use runtime_common::{AccountId, Balance, Block, BlockNumber, DidIdentifier, Hash, Index};
+use public_credentials::CredentialEntry;
+use runtime_common::{
+	assets::AssetDid, authorization::AuthorizationId, AccountId, Balance, Block, BlockNumber, DidIdentifier, Hash,
+	Index,
+};
 
 /// Full client dependencies.
 pub struct FullDeps<C, P> {
@@ -56,11 +60,18 @@ where
 	C::Api: pallet_transaction_payment_rpc::TransactionPaymentRuntimeApi<Block, Balance>,
 	C::Api: BlockBuilder<Block>,
 	C::Api: did_rpc::DidRuntimeApi<Block, DidIdentifier, AccountId, LinkableAccountId, Balance, Hash, BlockNumber>,
+	C::Api: public_credentials_rpc::PublicCredentialsRuntimeApi<
+		Block,
+		AssetDid,
+		Hash,
+		CredentialEntry<Hash, DidIdentifier, BlockNumber, AccountId, Balance, AuthorizationId<Hash>>,
+	>,
 	P: TransactionPool + 'static,
 {
 	use did_rpc::{DidApiServer, DidQuery};
 	use frame_rpc_system::{System, SystemApiServer};
 	use pallet_transaction_payment_rpc::{TransactionPayment, TransactionPaymentApiServer};
+	use public_credentials_rpc::{PublicCredentialsApiServer, PublicCredentialsQuery};
 
 	let mut module = RpcModule::new(());
 	let FullDeps {
@@ -76,7 +87,35 @@ where
 	// to call into the runtime.
 	//
 	// `module.merge(YourRpcStruct::new(ReferenceToClient).into_rpc())?;`
-	module.merge(DidQuery::new(client).into_rpc())?;
+	module.merge(DidQuery::new(client.clone()).into_rpc())?;
+	module.merge(
+		PublicCredentialsQuery::<
+			C,
+			Block,
+			// Input subject ID
+			String,
+			// Runtime subject ID
+			AssetDid,
+			// Input/output credential ID
+			Hash,
+			// Runtime credential ID
+			Hash,
+			// Input/output credential entry
+			node_common::OuterCredentialEntry<
+				Hash,
+				DidIdentifier,
+				BlockNumber,
+				AccountId,
+				Balance,
+				AuthorizationId<Hash>,
+			>,
+			// Runtime credential entry
+			CredentialEntry<Hash, DidIdentifier, BlockNumber, AccountId, Balance, AuthorizationId<Hash>>,
+			// Credential filter
+			node_common::PublicCredentialFilter<Hash, DidIdentifier>,
+		>::new(client)
+		.into_rpc(),
+	)?;
 
 	Ok(module)
 }
diff --git a/nodes/parachain/src/service.rs b/nodes/parachain/src/service.rs
index 09047f0abd..6f16bbac30 100644
--- a/nodes/parachain/src/service.rs
+++ b/nodes/parachain/src/service.rs
@@ -44,7 +44,11 @@ use std::{sync::Arc, time::Duration};
 use substrate_prometheus_endpoint::Registry;
 
 use pallet_did_lookup::linkable_account::LinkableAccountId;
-use runtime_common::{AccountId, AuthorityId, Balance, BlockNumber, DidIdentifier, Index};
+use public_credentials::CredentialEntry;
+use runtime_common::{
+	assets::AssetDid, authorization::AuthorizationId, AccountId, AuthorityId, Balance, BlockNumber, DidIdentifier,
+	Index,
+};
 
 type Header = sp_runtime::generic::Header<BlockNumber, sp_runtime::traits::BlakeTwo256>;
 pub type Block = sp_runtime::generic::Block<Header, sp_runtime::OpaqueExtrinsic>;
@@ -254,7 +258,13 @@ where
 		+ cumulus_primitives_core::CollectCollationInfo<Block>
 		+ pallet_transaction_payment_rpc::TransactionPaymentRuntimeApi<Block, Balance>
 		+ frame_rpc_system::AccountNonceApi<Block, AccountId, Index>
-		+ did_rpc::DidRuntimeApi<Block, DidIdentifier, AccountId, LinkableAccountId, Balance, Hash, BlockNumber>,
+		+ did_rpc::DidRuntimeApi<Block, DidIdentifier, AccountId, LinkableAccountId, Balance, Hash, BlockNumber>
+		+ public_credentials_rpc::PublicCredentialsRuntimeApi<
+			Block,
+			AssetDid,
+			Hash,
+			CredentialEntry<Hash, DidIdentifier, BlockNumber, AccountId, Balance, AuthorizationId<Hash>>,
+		>,
 	sc_client_api::StateBackendFor<TFullBackend<Block>, Block>: sp_api::StateBackend<BlakeTwo256>,
 	Executor: sc_executor::NativeExecutionDispatch + 'static,
 	RB: FnOnce(
@@ -493,7 +503,13 @@ where
 		+ pallet_transaction_payment_rpc::TransactionPaymentRuntimeApi<Block, Balance>
 		+ sp_consensus_aura::AuraApi<Block, AuthorityId>
 		+ cumulus_primitives_core::CollectCollationInfo<Block>
-		+ did_rpc::DidRuntimeApi<Block, DidIdentifier, AccountId, LinkableAccountId, Balance, Hash, BlockNumber>,
+		+ did_rpc::DidRuntimeApi<Block, DidIdentifier, AccountId, LinkableAccountId, Balance, Hash, BlockNumber>
+		+ public_credentials_rpc::PublicCredentialsRuntimeApi<
+			Block,
+			AssetDid,
+			Hash,
+			CredentialEntry<Hash, DidIdentifier, BlockNumber, AccountId, Balance, AuthorizationId<Hash>>,
+		>,
 	sc_client_api::StateBackendFor<TFullBackend<Block>, Block>: sp_api::StateBackend<BlakeTwo256>,
 {
 	start_node_impl::<API, RE, _, _, _>(
diff --git a/nodes/standalone/Cargo.toml b/nodes/standalone/Cargo.toml
index 8b9f6cca80..e6896cb6ec 100644
--- a/nodes/standalone/Cargo.toml
+++ b/nodes/standalone/Cargo.toml
@@ -16,8 +16,11 @@ substrate-build-script-utils = {git = "https://github.com/paritytech/substrate",
 
 # Internal dependencies
 did-rpc = {path = "../../rpc/did"}
-pallet-did-lookup = {path = "../../pallets/pallet-did-lookup"}
 mashnet-node-runtime = {path = "../../runtimes/standalone"}
+node-common = {path = "../common"}
+pallet-did-lookup = {path = "../../pallets/pallet-did-lookup"}
+public-credentials = {path = "../../pallets/public-credentials"}
+public-credentials-rpc = {path = "../../rpc/public-credentials"}
 runtime-common = {path = "../../runtimes/common"}
 
 # External dependencies
@@ -75,6 +78,7 @@ default = []
 runtime-benchmarks = [
   "mashnet-node-runtime/runtime-benchmarks",
   "pallet-did-lookup/runtime-benchmarks",
+  "public-credentials/runtime-benchmarks",
   "runtime-common/runtime-benchmarks",
 ]
 try-runtime = [
diff --git a/nodes/standalone/src/command.rs b/nodes/standalone/src/command.rs
index 833e15b315..d8e6e458b7 100644
--- a/nodes/standalone/src/command.rs
+++ b/nodes/standalone/src/command.rs
@@ -47,7 +47,7 @@ impl SubstrateCli for Cli {
 	}
 
 	fn support_url() -> String {
-		"https://github.com/KILTprotocol/mashnet-node/issues/new".to_string()
+		"https://github.com/KILTprotocol/kilt-node/issues/new".to_string()
 	}
 
 	fn copyright_start_year() -> i32 {
diff --git a/nodes/standalone/src/rpc.rs b/nodes/standalone/src/rpc.rs
index b2bc290ab3..d3cf5d45f0 100644
--- a/nodes/standalone/src/rpc.rs
+++ b/nodes/standalone/src/rpc.rs
@@ -27,14 +27,19 @@ use std::sync::Arc;
 
 use jsonrpsee::RpcModule;
 
-use pallet_did_lookup::linkable_account::LinkableAccountId;
-use runtime_common::{AccountId, Balance, Block, BlockNumber, DidIdentifier, Hash, Index};
 pub use sc_rpc_api::DenyUnsafe;
 use sc_transaction_pool_api::TransactionPool;
 use sp_api::ProvideRuntimeApi;
 use sp_block_builder::BlockBuilder;
 use sp_blockchain::{Error as BlockChainError, HeaderBackend, HeaderMetadata};
 
+use pallet_did_lookup::linkable_account::LinkableAccountId;
+use public_credentials::CredentialEntry;
+use runtime_common::{
+	assets::AssetDid, authorization::AuthorizationId, AccountId, Balance, Block, BlockNumber, DidIdentifier, Hash,
+	Index,
+};
+
 /// Full client dependencies.
 pub struct FullDeps<C, P> {
 	/// The client instance to use.
@@ -55,11 +60,18 @@ where
 	C::Api: pallet_transaction_payment_rpc::TransactionPaymentRuntimeApi<Block, Balance>,
 	C::Api: BlockBuilder<Block>,
 	C::Api: did_rpc::DidRuntimeApi<Block, DidIdentifier, AccountId, LinkableAccountId, Balance, Hash, BlockNumber>,
+	C::Api: public_credentials_rpc::PublicCredentialsRuntimeApi<
+		Block,
+		AssetDid,
+		Hash,
+		CredentialEntry<Hash, DidIdentifier, BlockNumber, AccountId, Balance, AuthorizationId<Hash>>,
+	>,
 	P: TransactionPool + 'static,
 {
 	use did_rpc::{DidApiServer, DidQuery};
 	use frame_rpc_system::{System, SystemApiServer};
 	use pallet_transaction_payment_rpc::{TransactionPayment, TransactionPaymentApiServer};
+	use public_credentials_rpc::{PublicCredentialsApiServer, PublicCredentialsQuery};
 
 	let mut module = RpcModule::new(());
 	let FullDeps {
@@ -76,7 +88,35 @@ where
 	// to call into the runtime.
 	//
 	// `module.merge(YourRpcStruct::new(ReferenceToClient).into_rpc())?;`
-	module.merge(DidQuery::new(client).into_rpc())?;
+	module.merge(DidQuery::new(client.clone()).into_rpc())?;
+	module.merge(
+		PublicCredentialsQuery::<
+			C,
+			Block,
+			// Input subject ID
+			String,
+			// Runtime subject ID
+			AssetDid,
+			// Input/output credential ID
+			Hash,
+			// Runtime credential ID
+			Hash,
+			// Input/output credential entry
+			node_common::OuterCredentialEntry<
+				Hash,
+				DidIdentifier,
+				BlockNumber,
+				AccountId,
+				Balance,
+				AuthorizationId<Hash>,
+			>,
+			// Runtime credential entry
+			CredentialEntry<Hash, DidIdentifier, BlockNumber, AccountId, Balance, AuthorizationId<Hash>>,
+			// Credential filter
+			node_common::PublicCredentialFilter<Hash, DidIdentifier>,
+		>::new(client)
+		.into_rpc(),
+	)?;
 
 	Ok(module)
 }
diff --git a/nodes/standalone/src/service.rs b/nodes/standalone/src/service.rs
index 3a05ecb5f3..82e93e733d 100644
--- a/nodes/standalone/src/service.rs
+++ b/nodes/standalone/src/service.rs
@@ -19,7 +19,6 @@
 //! Service and ServiceFactory implementation. Specialized wrapper over
 //! substrate service.
 
-use mashnet_node_runtime::{self, opaque::Block, RuntimeApi};
 use sc_client_api::{BlockBackend, ExecutorProvider};
 use sc_consensus_aura::{ImportQueueParams, SlotProportion, StartAuraParams};
 pub use sc_executor::NativeElseWasmExecutor;
@@ -30,6 +29,8 @@ use sc_telemetry::{Telemetry, TelemetryWorker};
 use sp_consensus_aura::ed25519::AuthorityPair as AuraPair;
 use std::{sync::Arc, time::Duration};
 
+use mashnet_node_runtime::{self, opaque::Block, RuntimeApi};
+
 // Our native executor instance.
 pub struct ExecutorDispatch;
 
diff --git a/pallets/attestation/Cargo.toml b/pallets/attestation/Cargo.toml
index 0ab76f9c34..974f1e1b06 100644
--- a/pallets/attestation/Cargo.toml
+++ b/pallets/attestation/Cargo.toml
@@ -3,7 +3,7 @@ authors = ["KILT <info@kilt.io>"]
 description = "Enables adding and revoking attestations."
 edition = "2021"
 name = "attestation"
-repository = "https://github.com/KILTprotocol/mashnet-node"
+repository = "https://github.com/KILTprotocol/kilt-node"
 version = "1.7.2"
 
 [package.metadata.docs.rs]
diff --git a/pallets/attestation/src/lib.rs b/pallets/attestation/src/lib.rs
index 63a56849c7..41c632b7ba 100644
--- a/pallets/attestation/src/lib.rs
+++ b/pallets/attestation/src/lib.rs
@@ -87,10 +87,9 @@ pub mod pallet {
 		traits::{Currency, Get, ReservableCurrency, StorageVersion},
 	};
 	use frame_system::pallet_prelude::*;
-	use sp_runtime::DispatchError;
 
 	use ctype::CtypeHashOf;
-	use kilt_support::{deposit::Deposit, traits::CallSources};
+	use kilt_support::traits::CallSources;
 
 	/// The current storage version.
 	const STORAGE_VERSION: StorageVersion = StorageVersion::new(1);
@@ -244,11 +243,11 @@ pub mod pallet {
 			let deposit_amount = <T as Config>::Deposit::get();
 
 			ensure!(
-				<ctype::Ctypes<T>>::contains_key(&ctype_hash),
+				ctype::Ctypes::<T>::contains_key(&ctype_hash),
 				ctype::Error::<T>::CTypeNotFound
 			);
 			ensure!(
-				!<Attestations<T>>::contains_key(&claim_hash),
+				!Attestations::<T>::contains_key(&claim_hash),
 				Error::<T>::AlreadyAttested
 			);
 
@@ -259,7 +258,7 @@ pub mod pallet {
 				.transpose()?;
 			let authorization_id = authorization.as_ref().map(|ac| ac.authorization_id());
 
-			let deposit = Pallet::<T>::reserve_deposit(payer, deposit_amount)?;
+			let deposit = kilt_support::reserve_deposit::<AccountIdOf<T>, CurrencyOf<T>>(payer, deposit_amount)?;
 
 			// *** No Fail beyond this point ***
 
@@ -313,7 +312,7 @@ pub mod pallet {
 			let source = <T as Config>::EnsureOrigin::ensure_origin(origin)?;
 			let who = source.subject();
 
-			let attestation = <Attestations<T>>::get(&claim_hash).ok_or(Error::<T>::AttestationNotFound)?;
+			let attestation = Attestations::<T>::get(&claim_hash).ok_or(Error::<T>::AttestationNotFound)?;
 
 			ensure!(!attestation.revoked, Error::<T>::AlreadyRevoked);
 
@@ -440,7 +439,7 @@ pub mod pallet {
 			Self::deposit_event(Event::DepositReclaimed(sender.clone(), claim_hash));
 
 			let deposit_amount = <T as Config>::Deposit::get();
-			let deposit = Pallet::<T>::reserve_deposit(sender, deposit_amount)?;
+			let deposit = kilt_support::reserve_deposit::<AccountIdOf<T>, CurrencyOf<T>>(sender, deposit_amount)?;
 
 			Attestations::<T>::insert(&claim_hash, AttestationDetails { deposit, ..attestation });
 			Ok(())
@@ -448,21 +447,6 @@ pub mod pallet {
 	}
 
 	impl<T: Config> Pallet<T> {
-		/// Reserve the deposit and record the deposit on chain.
-		///
-		/// Fails if the `payer` has a balance less than deposit.
-		pub(crate) fn reserve_deposit(
-			payer: AccountIdOf<T>,
-			deposit: BalanceOf<T>,
-		) -> Result<Deposit<AccountIdOf<T>, BalanceOf<T>>, DispatchError> {
-			CurrencyOf::<T>::reserve(&payer, deposit)?;
-
-			Ok(Deposit::<AccountIdOf<T>, BalanceOf<T>> {
-				owner: payer,
-				amount: deposit,
-			})
-		}
-
 		fn remove_attestation(attestation: AttestationDetails<T>, claim_hash: ClaimHashOf<T>) {
 			kilt_support::free_deposit::<AccountIdOf<T>, CurrencyOf<T>>(&attestation.deposit);
 			Attestations::<T>::remove(&claim_hash);
diff --git a/pallets/attestation/src/mock.rs b/pallets/attestation/src/mock.rs
index f1649b384b..0406451b19 100644
--- a/pallets/attestation/src/mock.rs
+++ b/pallets/attestation/src/mock.rs
@@ -34,7 +34,7 @@ use kilt_support::deposit::Deposit;
 
 use crate::{
 	pallet::AuthorizationIdOf, AccountIdOf, AttestationAccessControl, AttestationDetails, AttesterOf, BalanceOf,
-	ClaimHashOf, Config,
+	ClaimHashOf, Config, CurrencyOf,
 };
 
 #[cfg(test)]
@@ -153,8 +153,11 @@ where
 }
 
 pub fn insert_attestation<T: Config>(claim_hash: ClaimHashOf<T>, details: AttestationDetails<T>) {
-	crate::Pallet::<T>::reserve_deposit(details.deposit.owner.clone(), details.deposit.amount)
-		.expect("Should have balance");
+	kilt_support::reserve_deposit::<AccountIdOf<T>, CurrencyOf<T>>(
+		details.deposit.owner.clone(),
+		details.deposit.amount,
+	)
+	.expect("Should have balance");
 
 	crate::Attestations::<T>::insert(&claim_hash, details.clone());
 	if let Some(delegation_id) = details.authorization_id.as_ref() {
diff --git a/pallets/ctype/Cargo.toml b/pallets/ctype/Cargo.toml
index 64b0a5ef60..665f38dff5 100644
--- a/pallets/ctype/Cargo.toml
+++ b/pallets/ctype/Cargo.toml
@@ -3,7 +3,7 @@ authors = ["KILT <info@kilt.io>"]
 description = "Enables adding CTypes."
 edition = "2021"
 name = "ctype"
-repository = "https://github.com/KILTprotocol/mashnet-node"
+repository = "https://github.com/KILTprotocol/kilt-node"
 version = "1.7.2"
 
 [package.metadata.docs.rs]
diff --git a/pallets/delegation/Cargo.toml b/pallets/delegation/Cargo.toml
index 6449c761d7..65381b1a4f 100644
--- a/pallets/delegation/Cargo.toml
+++ b/pallets/delegation/Cargo.toml
@@ -3,7 +3,7 @@ authors = ["KILT <info@kilt.io>"]
 description = "Enables creating and revoking root nodes of delegation hierarchies; adding and revoking delegation nodes based on root nodes."
 edition = "2021"
 name = "delegation"
-repository = "https://github.com/KILTprotocol/mashnet-node"
+repository = "https://github.com/KILTprotocol/kilt-node"
 version = "1.7.2"
 
 [package.metadata.docs.rs]
@@ -31,8 +31,9 @@ sp-keystore = {branch = "polkadot-v0.9.28", git = "https://github.com/paritytech
 attestation = {default-features = false, path = "../attestation"}
 ctype = {default-features = false, path = "../ctype"}
 kilt-support = {default-features = false, path = "../../support"}
+public-credentials = {default-features = false, path = "../public-credentials"}
 
-#External dependencies
+# External dependencies
 bitflags = {default-features = false, version = "1.3.2"}
 codec = {package = "parity-scale-codec", version = "3.1.5", default-features = false, features = ["derive"]}
 log = "0.4.17"
@@ -77,6 +78,7 @@ std = [
   "kilt-support/std",
   "log/std",
   "pallet-balances/std",
+  "public-credentials/std",
   "scale-info/std",
   "sp-core/std",
   "sp-io/std",
diff --git a/pallets/delegation/src/access_control.rs b/pallets/delegation/src/access_control.rs
index 3702cd4c14..0d20124d33 100644
--- a/pallets/delegation/src/access_control.rs
+++ b/pallets/delegation/src/access_control.rs
@@ -23,6 +23,7 @@ use sp_runtime::DispatchError;
 
 use attestation::ClaimHashOf;
 use ctype::CtypeHashOf;
+use public_credentials::CredentialIdOf;
 
 use crate::{
 	default_weights::WeightInfo, Config, DelegationHierarchies, DelegationNodeIdOf, DelegationNodes, DelegatorIdOf,
@@ -87,9 +88,10 @@ impl<T: Config>
 		// NOTE: The node IDs of the sender (provided by the user through `who`) and
 		// attester (provided by the attestation pallet through on-chain storage) can be
 		// different!
-		match Pallet::<T>::is_delegating(who, attester_node_id, self.max_checks)? {
-			(true, checks) => Ok(<T as Config>::WeightInfo::can_revoke(checks)),
-			_ => Err(Error::<T>::AccessDenied.into()),
+		if let (true, checks) = Pallet::<T>::is_delegating(who, attester_node_id, self.max_checks)? {
+			Ok(<T as Config>::WeightInfo::can_revoke(checks))
+		} else {
+			Err(Error::<T>::AccessDenied.into())
 		}
 	}
 
@@ -120,6 +122,99 @@ impl<T: Config>
 	}
 }
 
+// Duplicates the same logic that exists for attestations, and uses the result
+// of `can_revoke()` to define `can_unrevoke()`.
+impl<T: Config + public_credentials::Config>
+	public_credentials::PublicCredentialsAccessControl<
+		DelegatorIdOf<T>,
+		DelegationNodeIdOf<T>,
+		CtypeHashOf<T>,
+		CredentialIdOf<T>,
+	> for DelegationAc<T>
+{
+	fn can_issue(
+		&self,
+		who: &DelegatorIdOf<T>,
+		ctype: &CtypeHashOf<T>,
+		_credential_id: &CredentialIdOf<T>,
+	) -> Result<Weight, DispatchError> {
+		let delegation_node =
+			DelegationNodes::<T>::get(self.authorization_id()).ok_or(Error::<T>::DelegationNotFound)?;
+		let root =
+			DelegationHierarchies::<T>::get(delegation_node.hierarchy_root_id).ok_or(Error::<T>::DelegationNotFound)?;
+		ensure!(
+			// has permission
+			((delegation_node.details.permissions & Permissions::ATTEST) == Permissions::ATTEST)
+				// not revoked
+				&& !delegation_node.details.revoked
+				// is owner of delegation
+				&& &delegation_node.details.owner == who
+				// delegation matches the ctype
+				&& &root.ctype_hash == ctype,
+			Error::<T>::AccessDenied
+		);
+
+		Ok(<T as Config>::WeightInfo::can_attest())
+	}
+
+	fn can_revoke(
+		&self,
+		who: &DelegatorIdOf<T>,
+		_ctype: &CtypeHashOf<T>,
+		_credential_id: &CredentialIdOf<T>,
+		attester_node_id: &DelegationNodeIdOf<T>,
+	) -> Result<Weight, DispatchError> {
+		// NOTE: The node IDs of the sender (provided by the user through `who`) and
+		// attester (provided by the attestation pallet through on-chain storage) can be
+		// different!
+		if let (true, checks) = Pallet::<T>::is_delegating(who, attester_node_id, self.max_checks)? {
+			Ok(<T as Config>::WeightInfo::can_revoke(checks))
+		} else {
+			Err(Error::<T>::AccessDenied.into())
+		}
+	}
+
+	fn can_unrevoke(
+		&self,
+		who: &DelegatorIdOf<T>,
+		ctype: &CtypeHashOf<T>,
+		credential_id: &CredentialIdOf<T>,
+		attester_node_id: &DelegationNodeIdOf<T>,
+	) -> Result<Weight, DispatchError> {
+		self.can_revoke(who, ctype, credential_id, attester_node_id)
+	}
+
+	fn can_remove(
+		&self,
+		who: &DelegatorIdOf<T>,
+		ctype: &CtypeHashOf<T>,
+		credential_id: &CredentialIdOf<T>,
+		auth_id: &DelegationNodeIdOf<T>,
+	) -> Result<Weight, DispatchError> {
+		self.can_revoke(who, ctype, credential_id, auth_id)
+	}
+
+	fn authorization_id(&self) -> DelegationNodeIdOf<T> {
+		self.subject_node_id
+	}
+
+	fn can_issue_weight(&self) -> Weight {
+		<T as Config>::WeightInfo::can_attest()
+	}
+
+	fn can_revoke_weight(&self) -> Weight {
+		<T as Config>::WeightInfo::can_revoke(self.max_checks)
+	}
+
+	fn can_unrevoke_weight(&self) -> Weight {
+		<T as Config>::WeightInfo::can_revoke(self.max_checks)
+	}
+
+	fn can_remove_weight(&self) -> Weight {
+		<T as Config>::WeightInfo::can_remove(self.max_checks)
+	}
+}
+
 #[cfg(test)]
 mod tests {
 	use frame_support::{assert_noop, assert_ok};
diff --git a/pallets/did/Cargo.toml b/pallets/did/Cargo.toml
index 943aa87403..f082982c51 100644
--- a/pallets/did/Cargo.toml
+++ b/pallets/did/Cargo.toml
@@ -3,7 +3,7 @@ authors = ["KILT <info@kilt.io>"]
 description = "Enables adding and removing decentralized identifiers (DIDs)."
 edition = "2021"
 name = "did"
-repository = "https://github.com/KILTprotocol/mashnet-node"
+repository = "https://github.com/KILTprotocol/kilt-node"
 version = "1.7.2"
 
 [package.metadata.docs.rs]
diff --git a/pallets/pallet-did-lookup/Cargo.toml b/pallets/pallet-did-lookup/Cargo.toml
index 558dc71163..823c7e86df 100644
--- a/pallets/pallet-did-lookup/Cargo.toml
+++ b/pallets/pallet-did-lookup/Cargo.toml
@@ -3,7 +3,7 @@ authors = ["KILT <info@kilt.io>"]
 description = "Lookup the DID for a blockchain account."
 edition = "2021"
 name = "pallet-did-lookup"
-repository = "https://github.com/KILTprotocol/mashnet-node"
+repository = "https://github.com/KILTprotocol/kilt-node"
 version = "1.7.2"
 
 [package.metadata.docs.rs]
diff --git a/pallets/pallet-inflation/Cargo.toml b/pallets/pallet-inflation/Cargo.toml
index 65442b1870..deae4795b6 100644
--- a/pallets/pallet-inflation/Cargo.toml
+++ b/pallets/pallet-inflation/Cargo.toml
@@ -3,7 +3,7 @@ authors = ["KILT <info@kilt.io>"]
 description = "Substrate pallet issueing a pre-configured amount of tokens to the treasury."
 edition = "2021"
 name = "pallet-inflation"
-repository = "https://github.com/KILTprotocol/mashnet-node"
+repository = "https://github.com/KILTprotocol/kilt-node"
 version = "1.7.2"
 
 [package.metadata.docs.rs]
diff --git a/pallets/pallet-web3-names/Cargo.toml b/pallets/pallet-web3-names/Cargo.toml
index 98f6e27aa2..50bc34cbac 100644
--- a/pallets/pallet-web3-names/Cargo.toml
+++ b/pallets/pallet-web3-names/Cargo.toml
@@ -3,7 +3,7 @@ authors = ["KILT <info@kilt.io>"]
 description = "Unique Web3 nicknames for KILT DIDs."
 edition = "2021"
 name = "pallet-web3-names"
-repository = "https://github.com/KILTprotocol/mashnet-node"
+repository = "https://github.com/KILTprotocol/kilt-node"
 version = "1.7.2"
 
 [package.metadata.docs.rs]
diff --git a/pallets/public-credentials/Cargo.toml b/pallets/public-credentials/Cargo.toml
new file mode 100644
index 0000000000..a474152470
--- /dev/null
+++ b/pallets/public-credentials/Cargo.toml
@@ -0,0 +1,64 @@
+[package]
+authors = ["KILT <info@kilt.io>"]
+description = "Enables adding and revoking public credentials."
+edition = "2021"
+name = "public-credentials"
+repository = "https://github.com/KILTprotocol/kilt-node"
+version = "1.7.2"
+
+[dev-dependencies]
+ctype = {features = ["mock"], path = "../ctype"}
+kilt-support = {features = ["mock"], path = "../../support"}
+
+pallet-balances = {branch = "polkadot-v0.9.28", git = "https://github.com/paritytech/substrate"}
+sp-io = {branch = "polkadot-v0.9.28", git = "https://github.com/paritytech/substrate"}
+sp-keystore = {branch = "polkadot-v0.9.28", git = "https://github.com/paritytech/substrate"}
+
+[dependencies]
+codec = {package = "parity-scale-codec", version = "3.1.2", default-features = false, features = ["derive"]}
+base58 = {version = "0.2.0"}
+hex = {default-features = false, version = "0.4.3"}
+log = "0.4.17"
+scale-info = {version = "2.1.1", default-features = false, features = ["derive"]}
+
+# Internal dependencies
+ctype = {default-features = false, path = "../ctype"}
+kilt-support = {default-features = false, path = "../../support"}
+
+# External dependencies
+frame-benchmarking = {branch = "polkadot-v0.9.28", default-features = false, git = "https://github.com/paritytech/substrate", optional = true}
+frame-support = {branch = "polkadot-v0.9.28", default-features = false, git = "https://github.com/paritytech/substrate"}
+frame-system = {branch = "polkadot-v0.9.28", default-features = false, git = "https://github.com/paritytech/substrate"}
+sp-core = {branch = "polkadot-v0.9.28", default-features = false, git = "https://github.com/paritytech/substrate"}
+sp-io = {branch = "polkadot-v0.9.28", default-features = false, git = "https://github.com/paritytech/substrate", optional = true}
+sp-keystore = {branch = "polkadot-v0.9.28", default-features = false, git = "https://github.com/paritytech/substrate", optional = true}
+sp-runtime = {branch = "polkadot-v0.9.28", default-features = false, git = "https://github.com/paritytech/substrate"}
+sp-std = {branch = "polkadot-v0.9.28", default-features = false, git = "https://github.com/paritytech/substrate"}
+
+[features]
+default = ["std"]
+runtime-benchmarks = [
+  "kilt-support/runtime-benchmarks",
+
+  "frame-benchmarking",
+  "frame-support/runtime-benchmarks",
+  "frame-system/runtime-benchmarks",
+]
+std = [
+  "codec/std",
+  "log/std",
+  "scale-info/std",
+
+  "ctype/std",
+  "kilt-support/std",
+
+  "frame-support/std",
+  "frame-system/std",
+  "sp-core/std",
+  "sp-io/std",
+  "sp-runtime/std",
+  "sp-std/std",
+]
+try-runtime = [
+  "frame-support/try-runtime",
+]
diff --git a/pallets/public-credentials/src/access_control.rs b/pallets/public-credentials/src/access_control.rs
new file mode 100644
index 0000000000..1a38e7851b
--- /dev/null
+++ b/pallets/public-credentials/src/access_control.rs
@@ -0,0 +1,131 @@
+// KILT Blockchain – https://botlabs.org
+// Copyright (C) 2019-2022 BOTLabs GmbH
+
+// The KILT Blockchain is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// The KILT Blockchain is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+// If you feel like getting in touch with us, you can do so at info@botlabs.org
+
+use frame_support::dispatch::Weight;
+use sp_runtime::DispatchError;
+
+pub trait AccessControl<AttesterId, AuthorizationId, Ctype, CredentialId> {
+	/// Decides whether the account is allowed to issue a credential with the
+	/// given information provided by the sender (&self).
+	fn can_issue(&self, who: &AttesterId, ctype: &Ctype, credential_id: &CredentialId)
+		-> Result<Weight, DispatchError>;
+
+	/// Decides whether the account is allowed to revoke the credential with
+	/// the `authorization_id` and the access information provided by the sender
+	/// (&self).
+	fn can_revoke(
+		&self,
+		who: &AttesterId,
+		ctype: &Ctype,
+		credential_id: &CredentialId,
+		authorization_id: &AuthorizationId,
+	) -> Result<Weight, DispatchError>;
+
+	/// Decides whether the account is allowed to revoke the credential with
+	/// the `authorization_id` and the access information provided by the sender
+	/// (&self).
+	fn can_unrevoke(
+		&self,
+		who: &AttesterId,
+		ctype: &Ctype,
+		credential_id: &CredentialId,
+		authorization_id: &AuthorizationId,
+	) -> Result<Weight, DispatchError>;
+
+	/// Decides whether the account is allowed to remove the credential with
+	/// the `authorization_id` and the access information provided by the sender
+	/// (&self).
+	fn can_remove(
+		&self,
+		who: &AttesterId,
+		ctype: &Ctype,
+		credential_id: &CredentialId,
+		authorization_id: &AuthorizationId,
+	) -> Result<Weight, DispatchError>;
+
+	/// The authorization ID that the sender provided. This will be used for new
+	/// credentials.
+	///
+	/// NOTE: This method must not read storage or do any heavy computation
+	/// since it's not covered by the weight returned by `self.weight()`.
+	fn authorization_id(&self) -> AuthorizationId;
+
+	/// The worst-case weight of `can_issue`.
+	fn can_issue_weight(&self) -> Weight;
+
+	/// The worst-case weight of `can_revoke`.
+	fn can_revoke_weight(&self) -> Weight;
+
+	/// The worst-case weight of `can_unrevoke`.
+	fn can_unrevoke_weight(&self) -> Weight;
+
+	/// The worst-case weight of `can_remove`.
+	fn can_remove_weight(&self) -> Weight;
+}
+
+impl<AttesterId, AuthorizationId, Ctype, CredentialId> AccessControl<AttesterId, AuthorizationId, Ctype, CredentialId>
+	for ()
+where
+	AuthorizationId: Default,
+{
+	fn can_issue(&self, _who: &AttesterId, _ctype: &Ctype, _claim: &CredentialId) -> Result<Weight, DispatchError> {
+		Err(DispatchError::Other("Unimplemented"))
+	}
+	fn can_revoke(
+		&self,
+		_who: &AttesterId,
+		_ctype: &Ctype,
+		_claim: &CredentialId,
+		_authorization_id: &AuthorizationId,
+	) -> Result<Weight, DispatchError> {
+		Err(DispatchError::Other("Unimplemented"))
+	}
+	fn can_unrevoke(
+		&self,
+		_who: &AttesterId,
+		_ctype: &Ctype,
+		_claim: &CredentialId,
+		_authorization_id: &AuthorizationId,
+	) -> Result<Weight, DispatchError> {
+		Err(DispatchError::Other("Unimplemented"))
+	}
+	fn can_remove(
+		&self,
+		_who: &AttesterId,
+		_ctype: &Ctype,
+		_claim: &CredentialId,
+		_authorization_id: &AuthorizationId,
+	) -> Result<Weight, DispatchError> {
+		Err(DispatchError::Other("Unimplemented"))
+	}
+	fn authorization_id(&self) -> AuthorizationId {
+		Default::default()
+	}
+	fn can_issue_weight(&self) -> Weight {
+		0
+	}
+	fn can_revoke_weight(&self) -> Weight {
+		0
+	}
+	fn can_unrevoke_weight(&self) -> Weight {
+		0
+	}
+	fn can_remove_weight(&self) -> Weight {
+		0
+	}
+}
diff --git a/pallets/public-credentials/src/benchmarking.rs b/pallets/public-credentials/src/benchmarking.rs
new file mode 100644
index 0000000000..ce96679cab
--- /dev/null
+++ b/pallets/public-credentials/src/benchmarking.rs
@@ -0,0 +1,186 @@
+// KILT Blockchain – https://botlabs.org
+// Copyright (C) 2019-2022 BOTLabs GmbH
+
+// The KILT Blockchain is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// The KILT Blockchain is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+// If you feel like getting in touch with us, you can do so at info@botlabs.org
+
+use frame_benchmarking::{account, benchmarks, impl_benchmark_test_suite};
+use frame_support::{
+	dispatch::RawOrigin,
+	traits::{Currency, Get},
+	BoundedVec,
+};
+use sp_std::{boxed::Box, vec, vec::Vec};
+
+use kilt_support::traits::{GenerateBenchmarkOrigin, GetWorstCase};
+
+use crate::{
+	mock::{generate_base_public_credential_creation_op, generate_credential_id},
+	*,
+};
+
+const SEED: u32 = 0;
+
+fn reserve_balance<T: Config>(acc: &T::AccountId) {
+	// Has to be more than the deposit, we do 2x just to be safe
+	CurrencyOf::<T>::make_free_balance_be(acc, <T as Config>::Deposit::get() + <T as Config>::Deposit::get());
+}
+
+benchmarks! {
+	where_clause {
+		where
+		T: core::fmt::Debug,
+		T: Config,
+		T: ctype::Config<CtypeCreatorId = T::AttesterId>,
+		<T as Config>::EnsureOrigin: GenerateBenchmarkOrigin<T::Origin, T::AccountId, T::AttesterId>,
+		<T as Config>::SubjectId: GetWorstCase + Into<Vec<u8>> + sp_std::fmt::Debug,
+	}
+
+	add {
+		let c in 1 .. T::MaxEncodedClaimsLength::get();
+		let sender: T::AccountId = account("sender", 0, SEED);
+		let attester: T::AttesterId = account("attester", 0, SEED);
+		let ctype_hash: T::Hash = T::Hash::default();
+		let subject_id = <T as Config>::SubjectId::worst_case();
+		let contents = BoundedVec::try_from(vec![0; c as usize]).expect("Contents should not fail.");
+
+		let creation_op = Box::new(generate_base_public_credential_creation_op::<T>(
+			subject_id.clone().into().try_into().expect("Input conversion should not fail."),
+			ctype_hash,
+			contents,
+		));
+		let credential_id = generate_credential_id::<T>(&creation_op, &attester);
+
+		ctype::Ctypes::<T>::insert(&ctype_hash, attester.clone());
+		reserve_balance::<T>(&sender);
+		let origin = <T as Config>::EnsureOrigin::generate_origin(sender, attester);
+	}: _<T::Origin>(origin, creation_op)
+	verify {
+		assert!(Credentials::<T>::contains_key(subject_id, &credential_id));
+		assert!(CredentialSubjects::<T>::contains_key(&credential_id));
+	}
+
+	// Very similar setup as `remove`
+	revoke {
+		let sender: T::AccountId = account("sender", 0, SEED);
+		let attester: T::AttesterId = account("attester", 0, SEED);
+		let ctype_hash: T::Hash = T::Hash::default();
+		let subject_id = <T as Config>::SubjectId::worst_case();
+		let contents = BoundedVec::try_from(vec![0; <T as Config>::MaxEncodedClaimsLength::get() as usize]).expect("Contents should not fail.");
+		let origin = <T as Config>::EnsureOrigin::generate_origin(sender.clone(), attester.clone());
+
+		let creation_op = Box::new(generate_base_public_credential_creation_op::<T>(
+			subject_id.clone().into().try_into().expect("Input conversion should not fail."),
+			ctype_hash,
+			contents,
+		));
+		let credential_id = generate_credential_id::<T>(&creation_op, &attester);
+
+		reserve_balance::<T>(&sender);
+
+		ctype::Ctypes::<T>::insert(&ctype_hash, attester);
+		Pallet::<T>::add(origin.clone(), creation_op).expect("Pallet::add should not fail");
+		let credential_id_clone = credential_id.clone();
+	}: _<T::Origin>(origin, credential_id_clone, None)
+	verify {
+		assert!(Credentials::<T>::get(subject_id, &credential_id).expect("Credential should be present in storage").revoked);
+	}
+
+	// Very similar setup as `remove`
+	unrevoke {
+		let sender: T::AccountId = account("sender", 0, SEED);
+		let attester: T::AttesterId = account("attester", 0, SEED);
+		let ctype_hash: T::Hash = T::Hash::default();
+		let subject_id = <T as Config>::SubjectId::worst_case();
+		let contents = BoundedVec::try_from(vec![0; <T as Config>::MaxEncodedClaimsLength::get() as usize]).expect("Contents should not fail.");
+		let origin = <T as Config>::EnsureOrigin::generate_origin(sender.clone(), attester.clone());
+
+		let creation_op = Box::new(generate_base_public_credential_creation_op::<T>(
+			subject_id.clone().into().try_into().expect("Input conversion should not fail."),
+			ctype_hash,
+			contents,
+		));
+		let credential_id = generate_credential_id::<T>(&creation_op, &attester);
+
+		reserve_balance::<T>(&sender);
+
+		ctype::Ctypes::<T>::insert(&ctype_hash, attester);
+		Pallet::<T>::add(origin.clone(), creation_op).expect("Pallet::add should not fail");
+		Pallet::<T>::revoke(origin.clone(), credential_id.clone(), None).expect("Pallet::revoke should not fail");
+		let credential_id_clone = credential_id.clone();
+	}: _<T::Origin>(origin, credential_id_clone, None)
+	verify {
+		assert!(!Credentials::<T>::get(subject_id, &credential_id).expect("Credential should be present in storage").revoked);
+	}
+
+	remove {
+		let sender: T::AccountId = account("sender", 0, SEED);
+		let attester: T::AttesterId = account("attester", 0, SEED);
+		let ctype_hash: T::Hash = T::Hash::default();
+		let subject_id = <T as Config>::SubjectId::worst_case();
+		let contents = BoundedVec::try_from(vec![0; <T as Config>::MaxEncodedClaimsLength::get() as usize]).expect("Contents should not fail.");
+		let origin = <T as Config>::EnsureOrigin::generate_origin(sender.clone(), attester.clone());
+
+		let creation_op = Box::new(generate_base_public_credential_creation_op::<T>(
+			subject_id.clone().into().try_into().expect("Input conversion should not fail."),
+			ctype_hash,
+			contents,
+		));
+		let credential_id = generate_credential_id::<T>(&creation_op, &attester);
+
+		reserve_balance::<T>(&sender);
+
+		ctype::Ctypes::<T>::insert(&ctype_hash, attester);
+		Pallet::<T>::add(origin.clone(), creation_op).expect("Pallet::add should not fail");
+		let credential_id_clone = credential_id.clone();
+	}: _<T::Origin>(origin, credential_id_clone, None)
+	verify {
+		assert!(!Credentials::<T>::contains_key(subject_id, &credential_id));
+		assert!(!CredentialSubjects::<T>::contains_key(credential_id));
+	}
+
+	reclaim_deposit {
+		let sender: T::AccountId = account("sender", 0, SEED);
+		let attester: T::AttesterId = account("attester", 0, SEED);
+		let ctype_hash: T::Hash = T::Hash::default();
+		let subject_id = <T as Config>::SubjectId::worst_case();
+		let contents = BoundedVec::try_from(vec![0; <T as Config>::MaxEncodedClaimsLength::get() as usize]).expect("Contents should not fail.");
+		let origin = <T as Config>::EnsureOrigin::generate_origin(sender.clone(), attester.clone());
+
+		let creation_op = Box::new(generate_base_public_credential_creation_op::<T>(
+			subject_id.clone().into().try_into().expect("Input conversion should not fail."),
+			ctype_hash,
+			contents,
+		));
+		let credential_id = generate_credential_id::<T>(&creation_op, &attester);
+
+		reserve_balance::<T>(&sender);
+
+		ctype::Ctypes::<T>::insert(&ctype_hash, attester);
+		Pallet::<T>::add(origin, creation_op).expect("Pallet::add should not fail");
+		let origin = RawOrigin::Signed(sender);
+		let credential_id_clone = credential_id.clone();
+	}: _(origin, credential_id_clone)
+	verify {
+		assert!(!Credentials::<T>::contains_key(subject_id, &credential_id));
+		assert!(!CredentialSubjects::<T>::contains_key(credential_id));
+	}
+}
+
+impl_benchmark_test_suite! {
+	Pallet,
+	crate::mock::ExtBuilder::default().build_with_keystore(),
+	crate::mock::Test
+}
diff --git a/pallets/public-credentials/src/credentials.rs b/pallets/public-credentials/src/credentials.rs
new file mode 100644
index 0000000000..944f6f9ef8
--- /dev/null
+++ b/pallets/public-credentials/src/credentials.rs
@@ -0,0 +1,61 @@
+// KILT Blockchain – https://botlabs.org
+// Copyright (C) 2019-2022 BOTLabs GmbH
+
+// The KILT Blockchain is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// The KILT Blockchain is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+// If you feel like getting in touch with us, you can do so at info@botlabs.org
+
+use codec::{Decode, Encode, MaxEncodedLen};
+use scale_info::TypeInfo;
+
+use frame_support::RuntimeDebug;
+
+use kilt_support::deposit::Deposit;
+
+/// The type of a credentials as incoming from the outside world.
+/// Some of its fields are parsed and/or transformed inside the `add` operation.
+#[derive(Encode, Decode, Clone, RuntimeDebug, PartialEq, Eq, PartialOrd, Ord, TypeInfo)]
+pub struct Credential<CtypeHash, SubjectIdentifier, Claims, AccessControl> {
+	/// The Ctype of the credential.
+	pub ctype_hash: CtypeHash,
+	/// The credential subject ID as specified by the attester.
+	pub subject: SubjectIdentifier,
+	/// The credential claims.
+	pub claims: Claims,
+	/// The access control logic to authorize the creation operation.
+	pub authorization: Option<AccessControl>,
+}
+
+/// The entry in the blockchain state corresponding to a successful public
+/// credential attestation. It is meant to be an index for clients to query the
+/// block number in which a tx for a credential creation was included in a
+/// block. The block number is used to query the full content of the credential
+/// from archive nodes.
+#[derive(Encode, Decode, Clone, MaxEncodedLen, RuntimeDebug, PartialEq, Eq, PartialOrd, Ord, TypeInfo)]
+pub struct CredentialEntry<CTypeHash, Attester, BlockNumber, AccountId, Balance, AuthorizationId> {
+	/// The hash of the CType used for this attestation.
+	pub ctype_hash: CTypeHash,
+	/// The attester of the credential.
+	pub attester: Attester,
+	/// A flag indicating the revocation status of the credential.
+	pub revoked: bool,
+	/// The block number in which the credential tx was evaluated and included
+	/// in the block.
+	pub block_number: BlockNumber,
+	/// The info about the credential deposit.
+	pub deposit: Deposit<AccountId, Balance>,
+	/// The ID of the authorization information (e.g., a delegation node) used
+	/// to authorize the operation.
+	pub authorization_id: Option<AuthorizationId>,
+}
diff --git a/pallets/public-credentials/src/default_weights.rs b/pallets/public-credentials/src/default_weights.rs
new file mode 100644
index 0000000000..9ffb4b2013
--- /dev/null
+++ b/pallets/public-credentials/src/default_weights.rs
@@ -0,0 +1,147 @@
+// KILT Blockchain – https://botlabs.org
+// Copyright (C) 2019-2022 BOTLabs GmbH
+
+// The KILT Blockchain is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// The KILT Blockchain is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+// If you feel like getting in touch with us, you can do so at info@botlabs.org
+
+//! Autogenerated weights for public_credentials
+//!
+//! THIS FILE WAS AUTO-GENERATED USING THE SUBSTRATE BENCHMARK CLI VERSION 4.0.0-dev
+//! DATE: 2022-08-03, STEPS: {{cmd.steps}}\, REPEAT: {{cmd.repeat}}\, LOW RANGE: {{cmd.lowest_range_values}}\, HIGH RANGE: {{cmd.highest_range_values}}\
+//! EXECUTION: Some(Wasm), WASM-EXECUTION: Compiled, CHAIN: Some("dev"), DB CACHE: 1024
+
+// Executed Command:
+// ./target/release/kilt-parachain
+// benchmark
+// pallet
+// --chain=dev
+// --steps=50
+// --repeat=20
+// --pallet=public-credentials
+// --extrinsic=*
+// --execution=wasm
+// --wasm-execution=compiled
+// --heap-pages=4096
+// --record-proof
+// --output=./pallets/public-credentials/src/default_weights.rs
+// --template=.maintain/weight-template.hbs
+
+#![cfg_attr(rustfmt, rustfmt_skip)]
+#![allow(unused_parens)]
+#![allow(unused_imports)]
+#![allow(clippy::unnecessary_cast)]
+
+use frame_support::{traits::Get, weights::{Weight, constants::RocksDbWeight}};
+use sp_std::marker::PhantomData;
+
+/// Weight functions needed for public_credentials.
+pub trait WeightInfo {
+	fn add(c: u32, ) -> Weight;
+	fn revoke() -> Weight;
+	fn unrevoke() -> Weight;
+	fn remove() -> Weight;
+	fn reclaim_deposit() -> Weight;
+}
+
+/// Weights for public_credentials using the Substrate node and recommended hardware.
+pub struct SubstrateWeight<T>(PhantomData<T>);
+impl<T: frame_system::Config> WeightInfo for SubstrateWeight<T> {
+	// Storage: Ctype Ctypes (r:1 w:0)
+	// Storage: PublicCredentials Credentials (r:1 w:1)
+	// Storage: System Account (r:1 w:1)
+	// Storage: PublicCredentials CredentialSubjects (r:0 w:1)
+	fn add(c: u32, ) -> Weight {
+		(38_122_000 as Weight)
+			// Standard Error: 0
+			.saturating_add((1_000 as Weight).saturating_mul(c as Weight))
+			.saturating_add(T::DbWeight::get().reads(3 as Weight))
+			.saturating_add(T::DbWeight::get().writes(3 as Weight))
+	}
+	// Storage: PublicCredentials CredentialSubjects (r:1 w:0)
+	// Storage: PublicCredentials Credentials (r:1 w:1)
+	fn revoke() -> Weight {
+		(19_440_000 as Weight)
+			.saturating_add(T::DbWeight::get().reads(2 as Weight))
+			.saturating_add(T::DbWeight::get().writes(1 as Weight))
+	}
+	// Storage: PublicCredentials CredentialSubjects (r:1 w:0)
+	// Storage: PublicCredentials Credentials (r:1 w:1)
+	fn unrevoke() -> Weight {
+		(19_376_000 as Weight)
+			.saturating_add(T::DbWeight::get().reads(2 as Weight))
+			.saturating_add(T::DbWeight::get().writes(1 as Weight))
+	}
+	// Storage: PublicCredentials CredentialSubjects (r:1 w:1)
+	// Storage: PublicCredentials Credentials (r:1 w:1)
+	// Storage: System Account (r:1 w:1)
+	fn remove() -> Weight {
+		(32_521_000 as Weight)
+			.saturating_add(T::DbWeight::get().reads(3 as Weight))
+			.saturating_add(T::DbWeight::get().writes(3 as Weight))
+	}
+	// Storage: PublicCredentials CredentialSubjects (r:1 w:1)
+	// Storage: PublicCredentials Credentials (r:1 w:1)
+	// Storage: System Account (r:1 w:1)
+	fn reclaim_deposit() -> Weight {
+		(33_120_000 as Weight)
+			.saturating_add(T::DbWeight::get().reads(3 as Weight))
+			.saturating_add(T::DbWeight::get().writes(3 as Weight))
+	}
+}
+
+// For backwards compatibility and tests
+impl WeightInfo for () {
+	// Storage: Ctype Ctypes (r:1 w:0)
+	// Storage: PublicCredentials Credentials (r:1 w:1)
+	// Storage: System Account (r:1 w:1)
+	// Storage: PublicCredentials CredentialSubjects (r:0 w:1)
+	fn add(c: u32, ) -> Weight {
+		(38_122_000 as Weight)
+			// Standard Error: 0
+			.saturating_add((1_000 as Weight).saturating_mul(c as Weight))
+			.saturating_add(RocksDbWeight::get().reads(3 as Weight))
+			.saturating_add(RocksDbWeight::get().writes(3 as Weight))
+	}
+	// Storage: PublicCredentials CredentialSubjects (r:1 w:0)
+	// Storage: PublicCredentials Credentials (r:1 w:1)
+	fn revoke() -> Weight {
+		(19_440_000 as Weight)
+			.saturating_add(RocksDbWeight::get().reads(2 as Weight))
+			.saturating_add(RocksDbWeight::get().writes(1 as Weight))
+	}
+	// Storage: PublicCredentials CredentialSubjects (r:1 w:0)
+	// Storage: PublicCredentials Credentials (r:1 w:1)
+	fn unrevoke() -> Weight {
+		(19_376_000 as Weight)
+			.saturating_add(RocksDbWeight::get().reads(2 as Weight))
+			.saturating_add(RocksDbWeight::get().writes(1 as Weight))
+	}
+	// Storage: PublicCredentials CredentialSubjects (r:1 w:1)
+	// Storage: PublicCredentials Credentials (r:1 w:1)
+	// Storage: System Account (r:1 w:1)
+	fn remove() -> Weight {
+		(32_521_000 as Weight)
+			.saturating_add(RocksDbWeight::get().reads(3 as Weight))
+			.saturating_add(RocksDbWeight::get().writes(3 as Weight))
+	}
+	// Storage: PublicCredentials CredentialSubjects (r:1 w:1)
+	// Storage: PublicCredentials Credentials (r:1 w:1)
+	// Storage: System Account (r:1 w:1)
+	fn reclaim_deposit() -> Weight {
+		(33_120_000 as Weight)
+			.saturating_add(RocksDbWeight::get().reads(3 as Weight))
+			.saturating_add(RocksDbWeight::get().writes(3 as Weight))
+	}
+}
diff --git a/pallets/public-credentials/src/lib.rs b/pallets/public-credentials/src/lib.rs
new file mode 100644
index 0000000000..82c3fd96a6
--- /dev/null
+++ b/pallets/public-credentials/src/lib.rs
@@ -0,0 +1,548 @@
+// KILT Blockchain – https://botlabs.org
+// Copyright (C) 2019-2022 BOTLabs GmbH
+
+// The KILT Blockchain is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// The KILT Blockchain is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+// If you feel like getting in touch with us, you can do so at info@botlabs.org
+
+//! # Public credentials Pallet
+//!
+//! Provides means of issuing public KILT credentials to subjects.
+//!
+//! ### Terminology
+//!
+//! - **Attester:**: An entity which issues a set of claims (i.e., a credential)
+//!   to a subject. This could be an NFT Marketplace which issues authenticity
+//!   certificates to NFT collections.
+//!
+//! - **Subject:**: The subject of a credential, i.e., the entity which the
+//!   claims in the credential refer to.
+#![cfg_attr(not(feature = "std"), no_std)]
+
+mod access_control;
+pub mod credentials;
+pub mod default_weights;
+
+#[cfg(feature = "runtime-benchmarks")]
+mod benchmarking;
+
+#[cfg(any(test, feature = "runtime-benchmarks"))]
+mod mock;
+#[cfg(test)]
+mod tests;
+
+pub use crate::{
+	access_control::AccessControl as PublicCredentialsAccessControl, credentials::*, default_weights::WeightInfo,
+	pallet::*,
+};
+
+#[frame_support::pallet]
+pub mod pallet {
+	use super::*;
+
+	use frame_support::{
+		pallet_prelude::*,
+		traits::{Currency, IsType, ReservableCurrency, StorageVersion},
+		Parameter,
+	};
+	use frame_system::pallet_prelude::*;
+	use sp_runtime::traits::{Hash, SaturatedConversion};
+	use sp_std::{boxed::Box, vec::Vec};
+
+	pub use ctype::CtypeHashOf;
+	use kilt_support::traits::CallSources;
+
+	/// The current storage version.
+	const STORAGE_VERSION: StorageVersion = StorageVersion::new(1);
+
+	// No easy way to check whether the two currencies are the same and check for
+	// `can_withdraw` conditions. Maybe with #[transactional] we could stop caring
+	// and simply rollback if the two are the same and there is not enough
+	// for both operations.
+	/// The type of currency to use to reserve the required deposits.
+	pub(crate) type CurrencyOf<T> = <T as Config>::Currency;
+
+	/// The type of the credential subject input. It is bound in max length.
+	/// It is transformed inside the `add` operation into a [<T as
+	/// Config>::SubjectId].
+	pub type InputSubjectIdOf<T> = BoundedVec<u8, <T as Config>::MaxSubjectIdLength>;
+	/// The type of the credential subject input. It is bound in max length.
+	pub type InputClaimsContentOf<T> = BoundedVec<u8, <T as Config>::MaxEncodedClaimsLength>;
+	pub type AccountIdOf<T> = <T as frame_system::Config>::AccountId;
+	pub type BlockNumberOf<T> = <T as frame_system::Config>::BlockNumber;
+	pub type CredentialEntryOf<T> = CredentialEntry<
+		CtypeHashOf<T>,
+		AttesterOf<T>,
+		BlockNumberOf<T>,
+		AccountIdOf<T>,
+		BalanceOf<T>,
+		AuthorizationIdOf<T>,
+	>;
+	/// Type of an attester identifier.
+	pub type AttesterOf<T> = <T as Config>::AttesterId;
+	/// The type of account's balances.
+	pub type BalanceOf<T> = <CurrencyOf<T> as Currency<AccountIdOf<T>>>::Balance;
+	pub(crate) type AuthorizationIdOf<T> = <T as Config>::AuthorizationId;
+	pub type CredentialIdOf<T> = <<T as Config>::CredentialHash as sp_runtime::traits::Hash>::Output;
+
+	/// The type of a public credential as the pallet expects it.
+	pub type InputCredentialOf<T> =
+		Credential<CtypeHashOf<T>, InputSubjectIdOf<T>, InputClaimsContentOf<T>, <T as Config>::AccessControl>;
+
+	#[pallet::config]
+	pub trait Config: frame_system::Config + ctype::Config {
+		/// The access control logic.
+		type AccessControl: Parameter
+			+ PublicCredentialsAccessControl<
+				Self::AttesterId,
+				Self::AuthorizationId,
+				CtypeHashOf<Self>,
+				CredentialIdOf<Self>,
+			>;
+		/// The identifier of the credential attester.
+		type AttesterId: Parameter + MaxEncodedLen;
+		/// The identifier of the authorization info to perform access control
+		/// for the different operations.
+		type AuthorizationId: Parameter + MaxEncodedLen;
+		/// The origin allowed to issue/revoke/remove public credentials.
+		type EnsureOrigin: EnsureOrigin<Success = <Self as Config>::OriginSuccess, Self::Origin>;
+		/// The ubiquitous event type.
+		type Event: From<Event<Self>> + IsType<<Self as frame_system::Config>::Event>;
+		/// The hashing algorithm to derive a credential identifier from the
+		/// credential content.
+		type CredentialHash: Hash<Output = Self::CredentialId>;
+		/// The type of a credential identifier.
+		type CredentialId: Parameter + MaxEncodedLen;
+		/// The currency that is used to reserve funds for each credential.
+		type Currency: ReservableCurrency<AccountIdOf<Self>>;
+		/// The type of the origin when successfully converted from the outer
+		/// origin.
+		type OriginSuccess: CallSources<Self::AccountId, AttesterOf<Self>>;
+		/// The type of the credential subject ID after being parsed from the
+		/// raw attester-provided input.
+		// Vec<u8> instead of BoundedVec<u8, ...> because otherwise it becomes
+		// impossible for runtime-common to be independent of the `T: Config`
+		// constraint.
+		type SubjectId: Parameter + MaxEncodedLen + TryFrom<Vec<u8>>;
+		/// The weight info.
+		type WeightInfo: WeightInfo;
+
+		/// The amount of tokens to reserve when attesting a public credential.
+		#[pallet::constant]
+		type Deposit: Get<BalanceOf<Self>>;
+		/// The maximum length in bytes of the encoded claims of a credential.
+		#[pallet::constant]
+		type MaxEncodedClaimsLength: Get<u32>;
+		/// The maximum length in bytes of the raw credential subject
+		/// identifier.
+		#[pallet::constant]
+		type MaxSubjectIdLength: Get<u32>;
+	}
+
+	#[pallet::pallet]
+	#[pallet::generate_store(pub(super) trait Store)]
+	#[pallet::storage_version(STORAGE_VERSION)]
+	pub struct Pallet<T>(_);
+
+	/// The map of public credentials already attested.
+	/// It maps from a (subject id + credential id) -> the creation
+	/// details of the credential.
+	#[pallet::storage]
+	#[pallet::getter(fn get_credential_info)]
+	pub type Credentials<T> = StorageDoubleMap<
+		_,
+		Twox64Concat,
+		<T as Config>::SubjectId,
+		Blake2_128Concat,
+		CredentialIdOf<T>,
+		CredentialEntryOf<T>,
+	>;
+
+	/// A reverse index mapping from credential ID to the subject the credential
+	/// was issued to.
+	///
+	/// It it used to perform efficient lookup of credentials given their ID.
+	#[pallet::storage]
+	#[pallet::getter(fn get_credential_subject)]
+	pub type CredentialSubjects<T> = StorageMap<_, Blake2_128Concat, CredentialIdOf<T>, <T as Config>::SubjectId>;
+
+	/// The events generated by this pallet.
+	#[pallet::event]
+	#[pallet::generate_deposit(pub(super) fn deposit_event)]
+	pub enum Event<T: Config> {
+		/// A new public credential has been issued.
+		CredentialStored {
+			/// The subject of the new credential.
+			subject_id: T::SubjectId,
+			/// The id of the new credential.
+			credential_id: CredentialIdOf<T>,
+		},
+		/// A public credentials has been removed.
+		CredentialRemoved {
+			/// The subject of the removed credential.
+			subject_id: T::SubjectId,
+			/// The id of the removed credential.
+			credential_id: CredentialIdOf<T>,
+		},
+		/// A public credential has been revoked.
+		CredentialRevoked {
+			/// The id of the revoked credential.
+			credential_id: CredentialIdOf<T>,
+		},
+		/// A public credential has been unrevoked.
+		CredentialUnrevoked {
+			/// The id of the unrevoked credential.
+			credential_id: CredentialIdOf<T>,
+		},
+	}
+
+	#[pallet::error]
+	pub enum Error<T> {
+		/// A credential with the same root hash has already issued to the
+		/// specified subject.
+		CredentialAlreadyIssued,
+		/// No credential with the specified root hash has been issued to the
+		/// specified subject.
+		CredentialNotFound,
+		/// Not enough tokens to pay for the fees or the deposit.
+		UnableToPayFees,
+		/// The credential input is invalid.
+		InvalidInput,
+		/// The caller is not authorized to performed the operation.
+		Unauthorized,
+		/// Catch-all for any other errors that should not happen, yet it
+		/// happened.
+		InternalError,
+	}
+
+	#[pallet::call]
+	impl<T: Config> Pallet<T> {
+		/// Register a new public credential on chain.
+		///
+		/// This function fails if a credential with the same identifier already
+		/// exists for the specified subject.
+		///
+		/// Emits `CredentialStored`.
+		#[allow(clippy::boxed_local)]
+		#[pallet::weight({
+			let xt_weight = <T as Config>::WeightInfo::add(credential.claims.len().saturated_into::<u32>());
+			let ac_weight = credential.authorization.as_ref().map(|ac| ac.can_issue_weight()).unwrap_or(0);
+			xt_weight.saturating_add(ac_weight)
+		})]
+		pub fn add(origin: OriginFor<T>, credential: Box<InputCredentialOf<T>>) -> DispatchResultWithPostInfo {
+			let source = <T as Config>::EnsureOrigin::ensure_origin(origin)?;
+
+			let attester = source.subject();
+			let payer = source.sender();
+
+			let deposit_amount = <T as Config>::Deposit::get();
+
+			let Credential {
+				ctype_hash,
+				subject,
+				claims: _,
+				authorization,
+			} = *credential.clone();
+
+			ensure!(
+				ctype::Ctypes::<T>::contains_key(&ctype_hash),
+				ctype::Error::<T>::CTypeNotFound
+			);
+
+			// Credential ID = H(<scale_encoded_credential_input> ||
+			// <scale_encoded_attester_identifier>)
+			let credential_id =
+				T::CredentialHash::hash(&[&credential.encode()[..], &attester.encode()[..]].concat()[..]);
+
+			// Check for validity of the authorization info if specified.
+			let ac_weight = authorization
+				.as_ref()
+				.map(|ac| ac.can_issue(&attester, &ctype_hash, &credential_id))
+				.transpose()
+				.map_err(|_| Error::<T>::Unauthorized)?;
+			let authorization_id = authorization.as_ref().map(|ac| ac.authorization_id());
+
+			// Try to decode subject ID to something structured
+			let subject = T::SubjectId::try_from(subject.into_inner()).map_err(|_| Error::<T>::InvalidInput)?;
+
+			ensure!(
+				!Credentials::<T>::contains_key(&subject, &credential_id),
+				Error::<T>::CredentialAlreadyIssued
+			);
+
+			let deposit = kilt_support::reserve_deposit::<T::AccountId, CurrencyOf<T>>(payer, deposit_amount)
+				.map_err(|_| Error::<T>::UnableToPayFees)?;
+
+			// *** No Fail beyond this point ***
+
+			let block_number = frame_system::Pallet::<T>::block_number();
+
+			Credentials::<T>::insert(
+				&subject,
+				&credential_id,
+				CredentialEntryOf::<T> {
+					revoked: false,
+					attester,
+					deposit,
+					block_number,
+					ctype_hash,
+					authorization_id,
+				},
+			);
+			CredentialSubjects::<T>::insert(&credential_id, subject.clone());
+
+			Self::deposit_event(Event::CredentialStored {
+				subject_id: subject,
+				credential_id,
+			});
+
+			Ok(Some(
+				<T as Config>::WeightInfo::add(credential.claims.len().saturated_into::<u32>())
+					.saturating_add(ac_weight.unwrap_or(0)),
+			)
+			.into())
+		}
+
+		/// Revokes a public credential.
+		///
+		/// If a credential was already revoked, this function does not fail but
+		/// simply results in a noop.
+		///
+		/// The dispatch origin must be authorized to revoke the credential.
+		///
+		/// Emits `CredentialRevoked`.
+		#[pallet::weight({
+			let xt_weight = <T as Config>::WeightInfo::revoke();
+			let ac_weight = authorization.as_ref().map(|ac| ac.can_revoke_weight()).unwrap_or(0);
+			xt_weight.saturating_add(ac_weight)
+		})]
+		pub fn revoke(
+			origin: OriginFor<T>,
+			credential_id: CredentialIdOf<T>,
+			authorization: Option<T::AccessControl>,
+		) -> DispatchResultWithPostInfo {
+			let source = <T as Config>::EnsureOrigin::ensure_origin(origin)?;
+			let caller = source.subject();
+
+			let credential_subject =
+				CredentialSubjects::<T>::get(&credential_id).ok_or(Error::<T>::CredentialNotFound)?;
+
+			let ac_weight_used = Self::set_credential_revocation_status(
+				&caller,
+				&credential_subject,
+				&credential_id,
+				authorization,
+				true,
+			)?;
+
+			Self::deposit_event(Event::CredentialRevoked { credential_id });
+
+			Ok(Some(<T as Config>::WeightInfo::revoke().saturating_add(ac_weight_used)).into())
+		}
+
+		/// Unrevokes a public credential.
+		///
+		/// If a credential was not revoked, this function does not fail but
+		/// simply results in a noop.
+		///
+		/// The dispatch origin must be authorized to unrevoke the
+		/// credential.
+		///
+		/// Emits `CredentialUnrevoked`.
+		#[pallet::weight({
+			let xt_weight = <T as Config>::WeightInfo::unrevoke();
+			let ac_weight = authorization.as_ref().map(|ac| ac.can_unrevoke_weight()).unwrap_or(0);
+			xt_weight.saturating_add(ac_weight)
+		})]
+		pub fn unrevoke(
+			origin: OriginFor<T>,
+			credential_id: CredentialIdOf<T>,
+			authorization: Option<T::AccessControl>,
+		) -> DispatchResultWithPostInfo {
+			let source = <T as Config>::EnsureOrigin::ensure_origin(origin)?;
+			let caller = source.subject();
+
+			let credential_subject =
+				CredentialSubjects::<T>::get(&credential_id).ok_or(Error::<T>::CredentialNotFound)?;
+
+			let ac_weight_used = Self::set_credential_revocation_status(
+				&caller,
+				&credential_subject,
+				&credential_id,
+				authorization,
+				false,
+			)?;
+
+			Self::deposit_event(Event::CredentialUnrevoked { credential_id });
+
+			Ok(Some(<T as Config>::WeightInfo::unrevoke().saturating_add(ac_weight_used)).into())
+		}
+
+		/// Removes the information pertaining a public credential from the
+		/// chain.
+		///
+		/// The removal of the credential does not delete it entirely from the
+		/// blockchain history, but only its link *from* the blockchain state
+		/// *to* the blockchain history is removed.
+		///
+		/// Clients parsing public credentials should interpret
+		/// the lack of such a link as the fact that the credential has been
+		/// removed by its attester some time in the past.
+		///
+		/// This function fails if a credential already exists for the specified
+		/// subject.
+		///
+		/// The dispatch origin must be authorized to remove the credential.
+		///
+		/// Emits `CredentialRemoved`.
+		#[pallet::weight({
+			let xt_weight = <T as Config>::WeightInfo::remove();
+			let ac_weight = authorization.as_ref().map(|ac| ac.can_remove_weight()).unwrap_or(0);
+			xt_weight.saturating_add(ac_weight)
+		})]
+		pub fn remove(
+			origin: OriginFor<T>,
+			credential_id: CredentialIdOf<T>,
+			authorization: Option<T::AccessControl>,
+		) -> DispatchResultWithPostInfo {
+			let source = <T as Config>::EnsureOrigin::ensure_origin(origin)?;
+			let caller = source.subject();
+
+			let (credential_subject, credential_entry) = Self::retrieve_credential_entry(&credential_id)?;
+
+			let ac_weight_used = if credential_entry.attester == caller {
+				0
+			} else {
+				let credential_auth_id = credential_entry
+					.authorization_id
+					.as_ref()
+					.ok_or(Error::<T>::Unauthorized)?;
+				authorization
+					.ok_or(Error::<T>::Unauthorized)?
+					.can_remove(
+						&caller,
+						&credential_entry.ctype_hash,
+						&credential_id,
+						credential_auth_id,
+					)
+					.map_err(|_| Error::<T>::Unauthorized)?
+			};
+
+			// Removes the credential from storage and generates a `CredentialRemoved`
+			// event.
+			Self::remove_credential_entry(credential_subject, credential_id, credential_entry);
+
+			Ok(Some(<T as Config>::WeightInfo::remove().saturating_add(ac_weight_used)).into())
+		}
+
+		/// Removes the information pertaining a public credential from the
+		/// chain and returns the deposit to its payer.
+		///
+		/// The removal of the credential does not delete it entirely from the
+		/// blockchain history, but only its link *from* the blockchain state
+		/// *to* the blockchain history is removed.
+		///
+		/// Clients parsing public credentials should interpret
+		/// the lack of such a link as the fact that the credential has been
+		/// removed by its attester some time in the past.
+		///
+		/// This function fails if a credential already exists for the specified
+		/// subject.
+		///
+		/// The dispatch origin must be the owner of the deposit, hence not the
+		/// credential's attester.
+		///
+		/// Emits `CredentialRemoved`.
+		#[pallet::weight(<T as pallet::Config>::WeightInfo::reclaim_deposit())]
+		pub fn reclaim_deposit(origin: OriginFor<T>, credential_id: CredentialIdOf<T>) -> DispatchResult {
+			let submitter = ensure_signed(origin)?;
+
+			let (credential_subject, credential_entry) = Self::retrieve_credential_entry(&credential_id)?;
+
+			ensure!(submitter == credential_entry.deposit.owner, Error::<T>::Unauthorized);
+
+			// Removes the credential from storage and generates a `CredentialRemoved`
+			// event.
+			Self::remove_credential_entry(credential_subject, credential_id, credential_entry);
+
+			Ok(())
+		}
+	}
+
+	impl<T: Config> Pallet<T> {
+		// Simple wrapper to remove entries from both storages when deleting a
+		// credential and generate a `CredentialRemoved` event.
+		fn remove_credential_entry(
+			credential_subject: T::SubjectId,
+			credential_id: CredentialIdOf<T>,
+			credential: CredentialEntryOf<T>,
+		) {
+			kilt_support::free_deposit::<T::AccountId, CurrencyOf<T>>(&credential.deposit);
+			Credentials::<T>::remove(&credential_subject, &credential_id);
+			CredentialSubjects::<T>::remove(&credential_id);
+
+			Self::deposit_event(Event::CredentialRemoved {
+				subject_id: credential_subject,
+				credential_id,
+			});
+		}
+
+		fn retrieve_credential_entry(
+			credential_id: &CredentialIdOf<T>,
+		) -> Result<(T::SubjectId, CredentialEntryOf<T>), Error<T>> {
+			// Verify that the credential exists
+			let credential_subject =
+				CredentialSubjects::<T>::get(&credential_id).ok_or(Error::<T>::CredentialNotFound)?;
+
+			// Should never happen if the line above succeeds
+			Credentials::<T>::get(&credential_subject, &credential_id)
+				.map(|entry| (credential_subject, entry))
+				.ok_or(Error::<T>::InternalError)
+		}
+
+		fn set_credential_revocation_status(
+			caller: &AttesterOf<T>,
+			credential_subject: &T::SubjectId,
+			credential_id: &CredentialIdOf<T>,
+			authorization: Option<T::AccessControl>,
+			revocation: bool,
+		) -> Result<Weight, Error<T>> {
+			// Fails if the credential does not exist OR the caller is different than the
+			// original attester. If successful, saves the additional weight used for access
+			// control and returns it at the end of the function.
+			Credentials::<T>::try_mutate(&credential_subject, &credential_id, |credential_entry| {
+				if let Some(credential) = credential_entry {
+					// Additional weight is 0 if the caller is the attester, otherwise it's the
+					// value returned by the access control check, if it does not fail.
+					let additional_weight = if *caller == credential.attester {
+						0
+					} else {
+						let credential_auth_id =
+							credential.authorization_id.as_ref().ok_or(Error::<T>::Unauthorized)?;
+						authorization
+							.ok_or(Error::<T>::Unauthorized)?
+							.can_revoke(caller, &credential.ctype_hash, credential_id, credential_auth_id)
+							.map_err(|_| Error::<T>::Unauthorized)?
+					};
+					// If authorization checks are ok, update the revocation status.
+					credential.revoked = revocation;
+					Ok(additional_weight)
+				} else {
+					// No weight is computed as the error is an early return.
+					Err(Error::<T>::CredentialNotFound)
+				}
+			})
+		}
+	}
+}
diff --git a/pallets/public-credentials/src/mock.rs b/pallets/public-credentials/src/mock.rs
new file mode 100644
index 0000000000..1c5651e621
--- /dev/null
+++ b/pallets/public-credentials/src/mock.rs
@@ -0,0 +1,449 @@
+// KILT Blockchain – https://botlabs.org
+// Copyright (C) 2019-2022 BOTLabs GmbH
+
+// The KILT Blockchain is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// The KILT Blockchain is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+// If you feel like getting in touch with us, you can do so at info@botlabs.org
+
+use codec::Encode;
+use sp_runtime::traits::Hash;
+
+use crate::{
+	AttesterOf, Config, CredentialIdOf, CtypeHashOf, InputClaimsContentOf, InputCredentialOf, InputSubjectIdOf,
+};
+
+// Generate a public credential using a many Default::default() as possible.
+pub fn generate_base_public_credential_creation_op<T: Config>(
+	subject_id: InputSubjectIdOf<T>,
+	ctype_hash: CtypeHashOf<T>,
+	claims: InputClaimsContentOf<T>,
+) -> InputCredentialOf<T> {
+	InputCredentialOf::<T> {
+		ctype_hash,
+		subject: subject_id,
+		claims,
+		authorization: None,
+	}
+}
+
+pub fn generate_credential_id<T: Config>(
+	input_credential: &InputCredentialOf<T>,
+	attester: &AttesterOf<T>,
+) -> CredentialIdOf<T> {
+	T::CredentialHash::hash(&[&input_credential.encode()[..], &attester.encode()[..]].concat()[..])
+}
+
+#[cfg(test)]
+pub use crate::mock::runtime::*;
+
+// Mocks that are only used internally
+#[cfg(test)]
+pub(crate) mod runtime {
+	use super::*;
+
+	use codec::{Decode, Encode, MaxEncodedLen};
+	use frame_support::{
+		dispatch::Weight,
+		traits::{ConstU128, ConstU16, ConstU32, ConstU64, Get},
+		weights::constants::RocksDbWeight,
+	};
+	use scale_info::TypeInfo;
+	use sp_core::{sr25519, Pair};
+	use sp_runtime::{
+		testing::Header,
+		traits::{BlakeTwo256, IdentifyAccount, IdentityLookup, Verify},
+		DispatchError, MultiSignature, MultiSigner,
+	};
+
+	use kilt_support::{
+		deposit::Deposit,
+		mock::{mock_origin, SubjectId},
+	};
+
+	use ctype::{CtypeCreatorOf, CtypeHashOf};
+
+	use crate::{
+		BalanceOf, Config, CredentialEntryOf, CredentialSubjects, Credentials, CurrencyOf, Error, InputSubjectIdOf,
+		PublicCredentialsAccessControl,
+	};
+
+	pub(crate) type BlockNumber = u64;
+	pub(crate) type Balance = u128;
+	pub(crate) type Hash = sp_core::H256;
+	pub(crate) type AccountPublic = <MultiSignature as Verify>::Signer;
+	pub(crate) type AccountId = <AccountPublic as IdentifyAccount>::AccountId;
+
+	#[derive(
+		Default,
+		Clone,
+		Copy,
+		Encode,
+		Decode,
+		MaxEncodedLen,
+		sp_runtime::RuntimeDebug,
+		Eq,
+		PartialEq,
+		Ord,
+		PartialOrd,
+		TypeInfo,
+	)]
+	pub struct TestSubjectId([u8; 32]);
+
+	impl TryFrom<Vec<u8>> for TestSubjectId {
+		type Error = Error<Test>;
+
+		// Test failure for subject input. Fails if the input vector is too long or if
+		// the first byte is 255.
+		fn try_from(value: Vec<u8>) -> Result<Self, Self::Error> {
+			let inner: [u8; 32] = value.try_into().map_err(|_| Error::<Test>::InvalidInput)?;
+			if inner[0] == 255 {
+				Err(Error::<Test>::InvalidInput)
+			} else {
+				Ok(Self(inner))
+			}
+		}
+	}
+
+	impl From<TestSubjectId> for Vec<u8> {
+		fn from(value: TestSubjectId) -> Self {
+			value.0.into()
+		}
+	}
+
+	#[cfg(feature = "runtime-benchmarks")]
+	impl kilt_support::traits::GetWorstCase for TestSubjectId {
+		// Only used for benchmark testing, not really relevant.
+		fn worst_case() -> Self {
+			crate::mock::TestSubjectId::default()
+		}
+	}
+
+	impl From<TestSubjectId> for InputSubjectIdOf<Test> {
+		fn from(value: TestSubjectId) -> Self {
+			value
+				.0
+				.to_vec()
+				.try_into()
+				.expect("Test subject ID should fit into the expected input subject ID of for the test runtime.")
+		}
+	}
+
+	impl From<[u8; 32]> for TestSubjectId {
+		fn from(value: [u8; 32]) -> Self {
+			Self(value)
+		}
+	}
+
+	/// Generates a basic credential entry using the provided input parameters
+	/// and the default value for the other ones. The credential will be marked
+	/// as non-revoked and with no authorization ID associated with it.
+	pub(crate) fn generate_base_credential_entry<T: Config>(
+		payer: T::AccountId,
+		block_number: <T as frame_system::Config>::BlockNumber,
+		attester: T::AttesterId,
+		ctype_hash: Option<CtypeHashOf<T>>,
+	) -> CredentialEntryOf<T> {
+		CredentialEntryOf::<T> {
+			ctype_hash: ctype_hash.unwrap_or_default(),
+			revoked: false,
+			attester,
+			block_number,
+			deposit: Deposit::<T::AccountId, BalanceOf<T>> {
+				owner: payer,
+				amount: <T as Config>::Deposit::get(),
+			},
+			authorization_id: None,
+		}
+	}
+
+	fn insert_public_credentials<T: Config>(
+		subject_id: T::SubjectId,
+		credential_id: CredentialIdOf<T>,
+		credential_entry: CredentialEntryOf<T>,
+	) {
+		kilt_support::reserve_deposit::<T::AccountId, CurrencyOf<T>>(
+			credential_entry.deposit.owner.clone(),
+			credential_entry.deposit.amount,
+		)
+		.expect("Attester should have enough balance");
+
+		Credentials::<T>::insert(&subject_id, &credential_id, credential_entry);
+		CredentialSubjects::<T>::insert(credential_id, subject_id);
+	}
+
+	/// Authorize iff the subject of the origin and the provided attester id
+	/// match.
+	#[derive(Clone, Debug, Encode, Decode, TypeInfo, PartialEq, Eq)]
+	#[scale_info(skip_type_params(T))]
+	pub struct MockAccessControl<T: Config>(pub T::AttesterId);
+
+	impl<T> PublicCredentialsAccessControl<T::AttesterId, T::AuthorizationId, CtypeHashOf<T>, CredentialIdOf<T>>
+		for MockAccessControl<T>
+	where
+		T: Config<AuthorizationId = <T as Config>::AttesterId>,
+	{
+		fn can_issue(
+			&self,
+			who: &T::AttesterId,
+			_ctype: &CtypeHashOf<T>,
+			_credential_id: &CredentialIdOf<T>,
+		) -> Result<Weight, DispatchError> {
+			if who == &self.0 {
+				Ok(0)
+			} else {
+				Err(DispatchError::Other("Unauthorized"))
+			}
+		}
+
+		fn can_revoke(
+			&self,
+			who: &T::AttesterId,
+			_ctype: &CtypeHashOf<T>,
+			_credential_id: &CredentialIdOf<T>,
+			authorization_id: &T::AuthorizationId,
+		) -> Result<Weight, DispatchError> {
+			if authorization_id == who {
+				Ok(0)
+			} else {
+				Err(DispatchError::Other("Unauthorized"))
+			}
+		}
+
+		fn can_unrevoke(
+			&self,
+			who: &T::AttesterId,
+			_ctype: &CtypeHashOf<T>,
+			_credential_id: &CredentialIdOf<T>,
+			authorization_id: &T::AuthorizationId,
+		) -> Result<Weight, DispatchError> {
+			if authorization_id == who {
+				Ok(0)
+			} else {
+				Err(DispatchError::Other("Unauthorized"))
+			}
+		}
+
+		fn can_remove(
+			&self,
+			who: &T::AttesterId,
+			_ctype: &CtypeHashOf<T>,
+			_credential_id: &CredentialIdOf<T>,
+			authorization_id: &T::AuthorizationId,
+		) -> Result<Weight, DispatchError> {
+			println!("{:#?}", who);
+			println!("{:#?}", authorization_id);
+			if authorization_id == who {
+				Ok(0)
+			} else {
+				Err(DispatchError::Other("Unauthorized"))
+			}
+		}
+
+		fn authorization_id(&self) -> T::AuthorizationId {
+			self.0.clone()
+		}
+
+		fn can_issue_weight(&self) -> Weight {
+			0
+		}
+		fn can_revoke_weight(&self) -> Weight {
+			0
+		}
+		fn can_unrevoke_weight(&self) -> Weight {
+			0
+		}
+		fn can_remove_weight(&self) -> Weight {
+			0
+		}
+	}
+
+	pub(crate) const MILLI_UNIT: Balance = 10u128.pow(12);
+
+	frame_support::construct_runtime!(
+		pub enum Test where
+			Block = frame_system::mocking::MockBlock<Test>,
+			NodeBlock = frame_system::mocking::MockBlock<Test>,
+			UncheckedExtrinsic = frame_system::mocking::MockUncheckedExtrinsic<Test>,
+		{
+			System: frame_system::{Pallet, Call, Config, Storage, Event<T>},
+			Ctype: ctype::{Pallet, Call, Storage, Event<T>},
+			Balances: pallet_balances::{Pallet, Call, Storage, Event<T>},
+			MockOrigin: mock_origin::{Pallet, Origin<T>},
+			PublicCredentials: crate::{Pallet, Call, Storage, Event<T>},
+		}
+	);
+
+	impl mock_origin::Config for Test {
+		type Origin = Origin;
+		type AccountId = AccountId;
+		type SubjectId = SubjectId;
+	}
+
+	impl frame_system::Config for Test {
+		type Origin = Origin;
+		type Call = Call;
+		type Index = u64;
+		type BlockNumber = BlockNumber;
+		type Hash = Hash;
+		type Hashing = BlakeTwo256;
+		type AccountId = AccountId;
+		type Lookup = IdentityLookup<Self::AccountId>;
+		type Header = Header;
+		type Event = ();
+		type BlockHashCount = ConstU64<250>;
+		type DbWeight = RocksDbWeight;
+		type Version = ();
+
+		type PalletInfo = PalletInfo;
+		type AccountData = pallet_balances::AccountData<Balance>;
+		type OnNewAccount = ();
+		type OnKilledAccount = ();
+		type BaseCallFilter = frame_support::traits::Everything;
+		type SystemWeightInfo = ();
+		type BlockWeights = ();
+		type BlockLength = ();
+		type SS58Prefix = ConstU16<38>;
+		type OnSetCode = ();
+		type MaxConsumers = ConstU32<16>;
+	}
+
+	impl pallet_balances::Config for Test {
+		type Balance = Balance;
+		type DustRemoval = ();
+		type Event = ();
+		type ExistentialDeposit = ConstU128<MILLI_UNIT>;
+		type AccountStore = System;
+		type WeightInfo = ();
+		type MaxLocks = ConstU32<5>;
+		type MaxReserves = ConstU32<5>;
+		type ReserveIdentifier = [u8; 8];
+	}
+
+	impl ctype::Config for Test {
+		type CtypeCreatorId = SubjectId;
+		type EnsureOrigin = mock_origin::EnsureDoubleOrigin<AccountId, Self::CtypeCreatorId>;
+		type OriginSuccess = mock_origin::DoubleOrigin<AccountId, Self::CtypeCreatorId>;
+		type Event = ();
+		type WeightInfo = ();
+
+		type Currency = Balances;
+		type Fee = ConstU128<500>;
+		type FeeCollector = ();
+	}
+
+	impl Config for Test {
+		type AccessControl = MockAccessControl<Self>;
+		type AttesterId = SubjectId;
+		type AuthorizationId = SubjectId;
+		type CredentialId = Hash;
+		type CredentialHash = BlakeTwo256;
+		type Currency = Balances;
+		type Deposit = ConstU128<{ 10 * MILLI_UNIT }>;
+		type EnsureOrigin = mock_origin::EnsureDoubleOrigin<AccountId, Self::AttesterId>;
+		type Event = ();
+		type MaxEncodedClaimsLength = ConstU32<500>;
+		type MaxSubjectIdLength = ConstU32<100>;
+		type OriginSuccess = mock_origin::DoubleOrigin<AccountId, Self::AttesterId>;
+		type SubjectId = TestSubjectId;
+		type WeightInfo = ();
+	}
+
+	pub(crate) const ACCOUNT_00: AccountId = AccountId::new([1u8; 32]);
+	pub(crate) const ACCOUNT_01: AccountId = AccountId::new([2u8; 32]);
+
+	pub(crate) const ALICE_SEED: [u8; 32] = [0u8; 32];
+	pub(crate) const BOB_SEED: [u8; 32] = [1u8; 32];
+
+	pub(crate) const SUBJECT_ID_00: TestSubjectId = TestSubjectId([100u8; 32]);
+	pub(crate) const INVALID_SUBJECT_ID: TestSubjectId = TestSubjectId([255u8; 32]);
+
+	pub(crate) fn sr25519_did_from_seed(seed: &[u8; 32]) -> SubjectId {
+		MultiSigner::from(sr25519::Pair::from_seed(seed).public())
+			.into_account()
+			.into()
+	}
+
+	#[derive(Clone, Default)]
+	pub(crate) struct ExtBuilder {
+		/// initial ctypes & owners
+		ctypes: Vec<(CtypeHashOf<Test>, CtypeCreatorOf<Test>)>,
+		/// endowed accounts with balances
+		balances: Vec<(AccountId, Balance)>,
+		public_credentials: Vec<(
+			<Test as Config>::SubjectId,
+			CredentialIdOf<Test>,
+			CredentialEntryOf<Test>,
+		)>,
+	}
+
+	impl ExtBuilder {
+		#[must_use]
+		pub fn with_ctypes(mut self, ctypes: Vec<(CtypeHashOf<Test>, CtypeCreatorOf<Test>)>) -> Self {
+			self.ctypes = ctypes;
+			self
+		}
+
+		#[must_use]
+		pub fn with_balances(mut self, balances: Vec<(AccountId, Balance)>) -> Self {
+			self.balances = balances;
+			self
+		}
+
+		#[must_use]
+		pub fn with_public_credentials(
+			mut self,
+			credentials: Vec<(
+				<Test as Config>::SubjectId,
+				CredentialIdOf<Test>,
+				CredentialEntryOf<Test>,
+			)>,
+		) -> Self {
+			self.public_credentials = credentials;
+			self
+		}
+
+		pub(crate) fn build(self) -> sp_io::TestExternalities {
+			let mut storage = frame_system::GenesisConfig::default().build_storage::<Test>().unwrap();
+			pallet_balances::GenesisConfig::<Test> {
+				balances: self.balances.clone(),
+			}
+			.assimilate_storage(&mut storage)
+			.expect("assimilate should not fail");
+
+			let mut ext = sp_io::TestExternalities::new(storage);
+
+			ext.execute_with(|| {
+				for ctype in self.ctypes {
+					ctype::Ctypes::<Test>::insert(ctype.0, ctype.1.clone());
+				}
+
+				for (subject_id, credential_id, credential_entry) in self.public_credentials {
+					insert_public_credentials::<Test>(subject_id, credential_id, credential_entry);
+				}
+			});
+
+			ext
+		}
+
+		#[cfg(feature = "runtime-benchmarks")]
+		pub(crate) fn build_with_keystore(self) -> sp_io::TestExternalities {
+			let mut ext = self.build();
+
+			let keystore = sp_keystore::testing::KeyStore::new();
+			ext.register_extension(sp_keystore::KeystoreExt(std::sync::Arc::new(keystore)));
+
+			ext
+		}
+	}
+}
diff --git a/pallets/public-credentials/src/tests.rs b/pallets/public-credentials/src/tests.rs
new file mode 100644
index 0000000000..ae223efb95
--- /dev/null
+++ b/pallets/public-credentials/src/tests.rs
@@ -0,0 +1,745 @@
+// KILT Blockchain – https://botlabs.org
+// Copyright (C) 2019-2022 BOTLabs GmbH
+
+// The KILT Blockchain is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// The KILT Blockchain is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+// If you feel like getting in touch with us, you can do so at info@botlabs.org
+
+use frame_support::{assert_noop, assert_ok, traits::Get};
+use sp_runtime::traits::Zero;
+
+use ctype::mock::get_ctype_hash;
+use kilt_support::mock::mock_origin::DoubleOrigin;
+
+use crate::{mock::*, Config, CredentialIdOf, CredentialSubjects, Credentials, Error, InputClaimsContentOf};
+
+// add
+
+#[test]
+fn add_successful_without_authorization() {
+	let attester = sr25519_did_from_seed(&ALICE_SEED);
+	let subject_id = SUBJECT_ID_00;
+	let ctype_hash_1 = get_ctype_hash::<Test>(true);
+	let ctype_hash_2 = get_ctype_hash::<Test>(false);
+	let new_credential_1 = generate_base_public_credential_creation_op::<Test>(
+		subject_id.into(),
+		ctype_hash_1,
+		InputClaimsContentOf::<Test>::default(),
+	);
+	let credential_id_1: CredentialIdOf<Test> = generate_credential_id::<Test>(&new_credential_1, &attester);
+	let new_credential_2 = generate_base_public_credential_creation_op::<Test>(
+		subject_id.into(),
+		ctype_hash_2,
+		InputClaimsContentOf::<Test>::default(),
+	);
+	let credential_id_2: CredentialIdOf<Test> = generate_credential_id::<Test>(&new_credential_2, &attester);
+	let deposit: Balance = <Test as Config>::Deposit::get();
+
+	ExtBuilder::default()
+		.with_balances(vec![(ACCOUNT_00, (deposit) * 2)])
+		.with_ctypes(vec![(ctype_hash_1, attester.clone()), (ctype_hash_2, attester.clone())])
+		.build()
+		.execute_with(|| {
+			// Check for 0 reserved deposit
+			assert!(Balances::reserved_balance(ACCOUNT_00).is_zero());
+
+			assert_ok!(PublicCredentials::add(
+				DoubleOrigin(ACCOUNT_00, attester.clone()).into(),
+				Box::new(new_credential_1.clone())
+			));
+			let stored_public_credential_details = Credentials::<Test>::get(&subject_id, &credential_id_1)
+				.expect("Public credential details should be present on chain.");
+
+			// Test this pallet logic
+			assert_eq!(stored_public_credential_details.attester, attester);
+			assert!(!stored_public_credential_details.revoked);
+			assert_eq!(stored_public_credential_details.block_number, 0);
+			assert_eq!(stored_public_credential_details.ctype_hash, ctype_hash_1);
+			assert_eq!(stored_public_credential_details.authorization_id, None);
+			assert_eq!(CredentialSubjects::<Test>::get(&credential_id_1), Some(subject_id));
+
+			// Check deposit reservation logic
+			assert_eq!(Balances::reserved_balance(ACCOUNT_00), deposit);
+
+			// Re-issuing the same credential will fail
+			assert_noop!(
+				PublicCredentials::add(
+					DoubleOrigin(ACCOUNT_00, attester.clone()).into(),
+					Box::new(new_credential_1.clone())
+				),
+				Error::<Test>::CredentialAlreadyIssued
+			);
+
+			// Check deposit has not changed
+			assert_eq!(Balances::reserved_balance(ACCOUNT_00), deposit);
+
+			System::set_block_number(1);
+
+			// Issuing a completely new credential will work
+			assert_ok!(PublicCredentials::add(
+				DoubleOrigin(ACCOUNT_00, attester.clone()).into(),
+				Box::new(new_credential_2.clone())
+			));
+
+			let stored_public_credential_details = Credentials::<Test>::get(&subject_id, &credential_id_2)
+				.expect("Public credential #2 details should be present on chain.");
+
+			// Test this pallet logic
+			assert_eq!(stored_public_credential_details.attester, attester);
+			assert!(!stored_public_credential_details.revoked);
+			assert_eq!(stored_public_credential_details.block_number, 1);
+			assert_eq!(stored_public_credential_details.ctype_hash, ctype_hash_2);
+			assert_eq!(stored_public_credential_details.authorization_id, None);
+			assert_eq!(CredentialSubjects::<Test>::get(&credential_id_2), Some(subject_id));
+
+			// Deposit is 2x now
+			assert_eq!(Balances::reserved_balance(ACCOUNT_00), 2 * deposit);
+		});
+}
+
+#[test]
+fn add_successful_with_authorization() {
+	let attester = sr25519_did_from_seed(&ALICE_SEED);
+	let subject_id = SUBJECT_ID_00;
+	let ctype_hash = get_ctype_hash::<Test>(true);
+	let mut new_credential = generate_base_public_credential_creation_op::<Test>(
+		subject_id.into(),
+		ctype_hash,
+		InputClaimsContentOf::<Test>::default(),
+	);
+	new_credential.authorization = Some(MockAccessControl(attester.clone()));
+	let credential_id: CredentialIdOf<Test> = generate_credential_id::<Test>(&new_credential, &attester);
+	let deposit: Balance = <Test as Config>::Deposit::get();
+
+	ExtBuilder::default()
+		.with_balances(vec![(ACCOUNT_00, deposit)])
+		.with_ctypes(vec![(ctype_hash, attester.clone())])
+		.build()
+		.execute_with(|| {
+			assert_ok!(PublicCredentials::add(
+				DoubleOrigin(ACCOUNT_00, attester.clone()).into(),
+				Box::new(new_credential.clone())
+			));
+			let stored_public_credential_details = Credentials::<Test>::get(&subject_id, &credential_id)
+				.expect("Public credential details should be present on chain.");
+
+			// Test this pallet logic
+			assert_eq!(stored_public_credential_details.attester, attester);
+			assert!(!stored_public_credential_details.revoked);
+			assert_eq!(stored_public_credential_details.block_number, 0);
+			assert_eq!(stored_public_credential_details.ctype_hash, ctype_hash);
+			assert_eq!(stored_public_credential_details.authorization_id, Some(attester));
+			assert_eq!(CredentialSubjects::<Test>::get(&credential_id), Some(subject_id));
+		});
+}
+
+#[test]
+fn add_unauthorized() {
+	let attester = sr25519_did_from_seed(&ALICE_SEED);
+	let wrong_attester = sr25519_did_from_seed(&BOB_SEED);
+	let subject_id = SUBJECT_ID_00;
+	let ctype_hash = get_ctype_hash::<Test>(true);
+	let mut new_credential = generate_base_public_credential_creation_op::<Test>(
+		subject_id.into(),
+		ctype_hash,
+		InputClaimsContentOf::<Test>::default(),
+	);
+	new_credential.authorization = Some(MockAccessControl(wrong_attester));
+	let deposit: Balance = <Test as Config>::Deposit::get();
+
+	ExtBuilder::default()
+		.with_balances(vec![(ACCOUNT_00, deposit)])
+		.with_ctypes(vec![(ctype_hash, attester.clone())])
+		.build()
+		.execute_with(|| {
+			assert_noop!(
+				PublicCredentials::add(
+					DoubleOrigin(ACCOUNT_00, attester.clone()).into(),
+					Box::new(new_credential.clone())
+				),
+				Error::<Test>::Unauthorized
+			);
+		});
+}
+
+#[test]
+fn add_ctype_not_existing() {
+	let attester = sr25519_did_from_seed(&ALICE_SEED);
+	let subject_id = SUBJECT_ID_00;
+	let ctype_hash = get_ctype_hash::<Test>(true);
+	let new_credential = generate_base_public_credential_creation_op::<Test>(
+		subject_id.into(),
+		ctype_hash,
+		InputClaimsContentOf::<Test>::default(),
+	);
+	let deposit: Balance = <Test as Config>::Deposit::get();
+
+	ExtBuilder::default()
+		.with_balances(vec![(ACCOUNT_00, deposit)])
+		.build()
+		.execute_with(|| {
+			assert_noop!(
+				PublicCredentials::add(
+					DoubleOrigin(ACCOUNT_00, attester.clone()).into(),
+					Box::new(new_credential)
+				),
+				ctype::Error::<Test>::CTypeNotFound
+			);
+		});
+}
+
+#[test]
+fn add_invalid_subject() {
+	let attester = sr25519_did_from_seed(&ALICE_SEED);
+	let subject_id = INVALID_SUBJECT_ID;
+	let ctype_hash = get_ctype_hash::<Test>(true);
+	let new_credential = generate_base_public_credential_creation_op::<Test>(
+		subject_id.into(),
+		ctype_hash,
+		InputClaimsContentOf::<Test>::default(),
+	);
+	let deposit: Balance = <Test as Config>::Deposit::get();
+
+	ExtBuilder::default()
+		.with_balances(vec![(ACCOUNT_00, deposit)])
+		.with_ctypes(vec![(ctype_hash, attester.clone())])
+		.build()
+		.execute_with(|| {
+			assert_noop!(
+				PublicCredentials::add(
+					DoubleOrigin(ACCOUNT_00, attester.clone()).into(),
+					Box::new(new_credential)
+				),
+				Error::<Test>::InvalidInput
+			);
+		});
+}
+
+#[test]
+fn add_not_enough_balance() {
+	let attester = sr25519_did_from_seed(&ALICE_SEED);
+	let subject_id = SUBJECT_ID_00;
+	let ctype_hash = get_ctype_hash::<Test>(true);
+	let new_credential = generate_base_public_credential_creation_op::<Test>(
+		subject_id.into(),
+		ctype_hash,
+		InputClaimsContentOf::<Test>::default(),
+	);
+	let deposit: Balance = <Test as Config>::Deposit::get();
+
+	ExtBuilder::default()
+		// One less than the minimum required
+		.with_balances(vec![(ACCOUNT_00, deposit - 1)])
+		.with_ctypes(vec![(ctype_hash, attester.clone())])
+		.build()
+		.execute_with(|| {
+			assert_noop!(
+				PublicCredentials::add(
+					DoubleOrigin(ACCOUNT_00, attester.clone()).into(),
+					Box::new(new_credential)
+				),
+				Error::<Test>::UnableToPayFees
+			);
+		});
+}
+
+// revoke
+
+#[test]
+fn revoke_successful() {
+	let attester = sr25519_did_from_seed(&ALICE_SEED);
+	let subject_id: <Test as Config>::SubjectId = SUBJECT_ID_00;
+	let new_credential = generate_base_credential_entry::<Test>(ACCOUNT_00, 0, attester.clone(), None);
+	let credential_id: CredentialIdOf<Test> = CredentialIdOf::<Test>::default();
+	let deposit: Balance = <Test as Config>::Deposit::get();
+
+	ExtBuilder::default()
+		.with_balances(vec![(ACCOUNT_00, deposit)])
+		.with_public_credentials(vec![(subject_id, credential_id, new_credential)])
+		.build()
+		.execute_with(|| {
+			assert_ok!(PublicCredentials::revoke(
+				DoubleOrigin(ACCOUNT_00, attester.clone()).into(),
+				credential_id,
+				None,
+			));
+
+			let stored_public_credential_details = Credentials::<Test>::get(&subject_id, &credential_id)
+				.expect("Public credential details should be present on chain.");
+
+			// Test this pallet logic
+			assert!(stored_public_credential_details.revoked);
+
+			// Revoking the same credential does nothing
+			assert_ok!(PublicCredentials::revoke(
+				DoubleOrigin(ACCOUNT_00, attester.clone()).into(),
+				credential_id,
+				None,
+			));
+
+			let stored_public_credential_details_2 = Credentials::<Test>::get(&subject_id, &credential_id)
+				.expect("Public credential details should be present on chain.");
+
+			assert_eq!(stored_public_credential_details, stored_public_credential_details_2);
+		});
+}
+
+#[test]
+fn revoke_same_attester_wrong_ac() {
+	let attester = sr25519_did_from_seed(&ALICE_SEED);
+	let wrong_submitter = sr25519_did_from_seed(&BOB_SEED);
+	let subject_id: <Test as Config>::SubjectId = SUBJECT_ID_00;
+	let mut new_credential = generate_base_credential_entry::<Test>(ACCOUNT_00, 0, attester.clone(), None);
+	new_credential.authorization_id = Some(attester.clone());
+	let credential_id: CredentialIdOf<Test> = CredentialIdOf::<Test>::default();
+	let deposit: Balance = <Test as Config>::Deposit::get();
+
+	ExtBuilder::default()
+		.with_balances(vec![(ACCOUNT_00, deposit)])
+		.with_public_credentials(vec![(subject_id, credential_id, new_credential)])
+		.build()
+		.execute_with(|| {
+			assert_ok!(PublicCredentials::revoke(
+				DoubleOrigin(ACCOUNT_00, attester.clone()).into(),
+				credential_id,
+				Some(MockAccessControl(wrong_submitter))
+			));
+
+			let stored_public_credential_details = Credentials::<Test>::get(&subject_id, &credential_id)
+				.expect("Public credential details should be present on chain.");
+
+			// Test this pallet logic
+			assert!(stored_public_credential_details.revoked);
+		});
+}
+
+#[test]
+fn revoke_unauthorized() {
+	let attester = sr25519_did_from_seed(&ALICE_SEED);
+	let wrong_submitter = sr25519_did_from_seed(&BOB_SEED);
+	let subject_id: <Test as Config>::SubjectId = SUBJECT_ID_00;
+	let mut new_credential = generate_base_credential_entry::<Test>(ACCOUNT_00, 0, attester.clone(), None);
+	new_credential.authorization_id = Some(attester.clone());
+	let credential_id: CredentialIdOf<Test> = CredentialIdOf::<Test>::default();
+	let deposit: Balance = <Test as Config>::Deposit::get();
+
+	ExtBuilder::default()
+		.with_balances(vec![(ACCOUNT_00, deposit)])
+		.with_public_credentials(vec![(subject_id, credential_id, new_credential)])
+		.build()
+		.execute_with(|| {
+			assert_noop!(
+				PublicCredentials::revoke(
+					DoubleOrigin(ACCOUNT_00, wrong_submitter).into(),
+					credential_id,
+					Some(MockAccessControl(attester))
+				),
+				Error::<Test>::Unauthorized
+			);
+		});
+}
+
+#[test]
+fn revoke_ac_not_found() {
+	let attester = sr25519_did_from_seed(&ALICE_SEED);
+	let wrong_submitter = sr25519_did_from_seed(&BOB_SEED);
+	let subject_id: <Test as Config>::SubjectId = SUBJECT_ID_00;
+	let mut new_credential = generate_base_credential_entry::<Test>(ACCOUNT_00, 0, attester.clone(), None);
+	new_credential.authorization_id = Some(attester);
+	let credential_id: CredentialIdOf<Test> = CredentialIdOf::<Test>::default();
+	let deposit: Balance = <Test as Config>::Deposit::get();
+
+	ExtBuilder::default()
+		.with_balances(vec![(ACCOUNT_00, deposit)])
+		.with_public_credentials(vec![(subject_id, credential_id, new_credential)])
+		.build()
+		.execute_with(|| {
+			assert_noop!(
+				PublicCredentials::revoke(
+					DoubleOrigin(ACCOUNT_00, wrong_submitter.clone()).into(),
+					credential_id,
+					Some(MockAccessControl(wrong_submitter))
+				),
+				Error::<Test>::Unauthorized
+			);
+		});
+}
+
+#[test]
+fn revoke_credential_not_found() {
+	let attester = sr25519_did_from_seed(&ALICE_SEED);
+	let credential_id: CredentialIdOf<Test> = CredentialIdOf::<Test>::default();
+	let deposit: Balance = <Test as Config>::Deposit::get();
+
+	ExtBuilder::default()
+		.with_balances(vec![(ACCOUNT_00, deposit)])
+		.build()
+		.execute_with(|| {
+			assert_noop!(
+				PublicCredentials::revoke(DoubleOrigin(ACCOUNT_00, attester.clone()).into(), credential_id, None,),
+				Error::<Test>::CredentialNotFound
+			);
+		});
+}
+
+// unrevoke
+
+#[test]
+fn unrevoke_successful() {
+	let attester = sr25519_did_from_seed(&ALICE_SEED);
+	let subject_id: <Test as Config>::SubjectId = SUBJECT_ID_00;
+	let mut new_credential = generate_base_credential_entry::<Test>(ACCOUNT_00, 0, attester.clone(), None);
+	new_credential.revoked = true;
+	let credential_id: CredentialIdOf<Test> = CredentialIdOf::<Test>::default();
+	let deposit: Balance = <Test as Config>::Deposit::get();
+
+	ExtBuilder::default()
+		.with_balances(vec![(ACCOUNT_00, deposit)])
+		.with_public_credentials(vec![(subject_id, credential_id, new_credential)])
+		.build()
+		.execute_with(|| {
+			assert_ok!(PublicCredentials::unrevoke(
+				DoubleOrigin(ACCOUNT_00, attester.clone()).into(),
+				credential_id,
+				None,
+			));
+
+			let stored_public_credential_details = Credentials::<Test>::get(&subject_id, &credential_id)
+				.expect("Public credential details should be present on chain.");
+
+			// Test this pallet logic
+			assert!(!stored_public_credential_details.revoked);
+
+			// Unrevoking the same credential does nothing
+			assert_ok!(PublicCredentials::unrevoke(
+				DoubleOrigin(ACCOUNT_00, attester.clone()).into(),
+				credential_id,
+				None,
+			));
+
+			let stored_public_credential_details_2 = Credentials::<Test>::get(&subject_id, &credential_id)
+				.expect("Public credential details should be present on chain.");
+
+			assert_eq!(stored_public_credential_details, stored_public_credential_details_2);
+		});
+}
+
+#[test]
+fn unrevoke_same_attester_wrong_ac() {
+	let attester = sr25519_did_from_seed(&ALICE_SEED);
+	let wrong_submitter = sr25519_did_from_seed(&BOB_SEED);
+	let subject_id: <Test as Config>::SubjectId = SUBJECT_ID_00;
+	let mut new_credential = generate_base_credential_entry::<Test>(ACCOUNT_00, 0, attester.clone(), None);
+	new_credential.revoked = true;
+	new_credential.authorization_id = Some(attester.clone());
+	let credential_id: CredentialIdOf<Test> = CredentialIdOf::<Test>::default();
+	let deposit: Balance = <Test as Config>::Deposit::get();
+
+	ExtBuilder::default()
+		.with_balances(vec![(ACCOUNT_00, deposit)])
+		.with_public_credentials(vec![(subject_id, credential_id, new_credential)])
+		.build()
+		.execute_with(|| {
+			assert_ok!(PublicCredentials::unrevoke(
+				DoubleOrigin(ACCOUNT_00, attester.clone()).into(),
+				credential_id,
+				Some(MockAccessControl(wrong_submitter))
+			));
+
+			let stored_public_credential_details = Credentials::<Test>::get(&subject_id, &credential_id)
+				.expect("Public credential details should be present on chain.");
+
+			// Test this pallet logic
+			assert!(!stored_public_credential_details.revoked);
+		});
+}
+
+#[test]
+fn unrevoke_unauthorized() {
+	let attester = sr25519_did_from_seed(&ALICE_SEED);
+	let wrong_submitter = sr25519_did_from_seed(&BOB_SEED);
+	let subject_id: <Test as Config>::SubjectId = SUBJECT_ID_00;
+	let mut new_credential = generate_base_credential_entry::<Test>(ACCOUNT_00, 0, attester.clone(), None);
+	new_credential.revoked = true;
+	new_credential.authorization_id = Some(attester.clone());
+	let credential_id: CredentialIdOf<Test> = CredentialIdOf::<Test>::default();
+	let deposit: Balance = <Test as Config>::Deposit::get();
+
+	ExtBuilder::default()
+		.with_balances(vec![(ACCOUNT_00, deposit)])
+		.with_public_credentials(vec![(subject_id, credential_id, new_credential)])
+		.build()
+		.execute_with(|| {
+			assert_noop!(
+				PublicCredentials::unrevoke(
+					DoubleOrigin(ACCOUNT_00, wrong_submitter).into(),
+					credential_id,
+					Some(MockAccessControl(attester))
+				),
+				Error::<Test>::Unauthorized
+			);
+		});
+}
+
+#[test]
+fn unrevoke_ac_not_found() {
+	let attester = sr25519_did_from_seed(&ALICE_SEED);
+	let wrong_submitter = sr25519_did_from_seed(&BOB_SEED);
+	let subject_id: <Test as Config>::SubjectId = SUBJECT_ID_00;
+	let mut new_credential = generate_base_credential_entry::<Test>(ACCOUNT_00, 0, attester.clone(), None);
+	new_credential.revoked = true;
+	new_credential.authorization_id = Some(attester);
+	let credential_id: CredentialIdOf<Test> = CredentialIdOf::<Test>::default();
+	let deposit: Balance = <Test as Config>::Deposit::get();
+
+	ExtBuilder::default()
+		.with_balances(vec![(ACCOUNT_00, deposit)])
+		.with_public_credentials(vec![(subject_id, credential_id, new_credential)])
+		.build()
+		.execute_with(|| {
+			assert_noop!(
+				PublicCredentials::unrevoke(
+					DoubleOrigin(ACCOUNT_00, wrong_submitter.clone()).into(),
+					credential_id,
+					Some(MockAccessControl(wrong_submitter))
+				),
+				Error::<Test>::Unauthorized
+			);
+		});
+}
+
+#[test]
+fn unrevoke_credential_not_found() {
+	let attester = sr25519_did_from_seed(&ALICE_SEED);
+	let credential_id: CredentialIdOf<Test> = CredentialIdOf::<Test>::default();
+	let deposit: Balance = <Test as Config>::Deposit::get();
+
+	ExtBuilder::default()
+		.with_balances(vec![(ACCOUNT_00, deposit)])
+		.build()
+		.execute_with(|| {
+			assert_noop!(
+				PublicCredentials::unrevoke(DoubleOrigin(ACCOUNT_00, attester.clone()).into(), credential_id, None,),
+				Error::<Test>::CredentialNotFound
+			);
+		});
+}
+
+// remove
+
+#[test]
+fn remove_successful() {
+	let attester = sr25519_did_from_seed(&ALICE_SEED);
+	let subject_id: <Test as Config>::SubjectId = SUBJECT_ID_00;
+	let new_credential = generate_base_credential_entry::<Test>(ACCOUNT_00, 0, attester.clone(), None);
+	let credential_id: CredentialIdOf<Test> = CredentialIdOf::<Test>::default();
+	let deposit: Balance = <Test as Config>::Deposit::get();
+
+	ExtBuilder::default()
+		.with_balances(vec![(ACCOUNT_00, deposit)])
+		.with_public_credentials(vec![(subject_id, credential_id, new_credential)])
+		.build()
+		.execute_with(|| {
+			assert_ok!(PublicCredentials::remove(
+				DoubleOrigin(ACCOUNT_00, attester.clone()).into(),
+				credential_id,
+				None,
+			));
+
+			// Test this pallet logic
+			assert!(Credentials::<Test>::get(&subject_id, &credential_id).is_none());
+			assert!(CredentialSubjects::<Test>::get(&credential_id).is_none());
+
+			// Check deposit release logic
+			assert!(Balances::reserved_balance(ACCOUNT_00).is_zero());
+
+			// Removing the same credential again will fail
+			assert_noop!(
+				PublicCredentials::remove(DoubleOrigin(ACCOUNT_00, attester.clone()).into(), credential_id, None,),
+				Error::<Test>::CredentialNotFound
+			);
+		});
+}
+
+#[test]
+fn remove_same_attester_wrong_ac() {
+	let attester = sr25519_did_from_seed(&ALICE_SEED);
+	let wrong_submitter = sr25519_did_from_seed(&BOB_SEED);
+	let subject_id: <Test as Config>::SubjectId = SUBJECT_ID_00;
+	let mut new_credential = generate_base_credential_entry::<Test>(ACCOUNT_00, 0, attester.clone(), None);
+	new_credential.authorization_id = Some(attester.clone());
+	let credential_id: CredentialIdOf<Test> = CredentialIdOf::<Test>::default();
+	let deposit: Balance = <Test as Config>::Deposit::get();
+
+	ExtBuilder::default()
+		.with_balances(vec![(ACCOUNT_00, deposit)])
+		.with_public_credentials(vec![(subject_id, credential_id, new_credential)])
+		.build()
+		.execute_with(|| {
+			assert_ok!(PublicCredentials::remove(
+				DoubleOrigin(ACCOUNT_00, attester.clone()).into(),
+				credential_id,
+				Some(MockAccessControl(wrong_submitter))
+			));
+
+			// Test this pallet logic
+			assert!(Credentials::<Test>::get(&subject_id, &credential_id).is_none());
+			assert!(CredentialSubjects::<Test>::get(&credential_id).is_none());
+		});
+}
+
+#[test]
+fn remove_unauthorized() {
+	let attester = sr25519_did_from_seed(&ALICE_SEED);
+	let wrong_submitter = sr25519_did_from_seed(&BOB_SEED);
+	let subject_id: <Test as Config>::SubjectId = SUBJECT_ID_00;
+	let mut new_credential = generate_base_credential_entry::<Test>(ACCOUNT_00, 0, attester.clone(), None);
+	new_credential.authorization_id = Some(attester.clone());
+	let credential_id: CredentialIdOf<Test> = CredentialIdOf::<Test>::default();
+	let deposit: Balance = <Test as Config>::Deposit::get();
+
+	ExtBuilder::default()
+		.with_balances(vec![(ACCOUNT_00, deposit)])
+		.with_public_credentials(vec![(subject_id, credential_id, new_credential)])
+		.build()
+		.execute_with(|| {
+			assert_noop!(
+				PublicCredentials::remove(
+					DoubleOrigin(ACCOUNT_00, wrong_submitter).into(),
+					credential_id,
+					Some(MockAccessControl(attester))
+				),
+				Error::<Test>::Unauthorized
+			);
+		});
+}
+
+#[test]
+fn remove_ac_not_found() {
+	let attester = sr25519_did_from_seed(&ALICE_SEED);
+	let wrong_submitter = sr25519_did_from_seed(&BOB_SEED);
+	let subject_id: <Test as Config>::SubjectId = SUBJECT_ID_00;
+	let mut new_credential = generate_base_credential_entry::<Test>(ACCOUNT_00, 0, attester.clone(), None);
+	new_credential.authorization_id = Some(attester);
+	let credential_id: CredentialIdOf<Test> = CredentialIdOf::<Test>::default();
+	let deposit: Balance = <Test as Config>::Deposit::get();
+
+	ExtBuilder::default()
+		.with_balances(vec![(ACCOUNT_00, deposit)])
+		.with_public_credentials(vec![(subject_id, credential_id, new_credential)])
+		.build()
+		.execute_with(|| {
+			assert_noop!(
+				PublicCredentials::remove(
+					DoubleOrigin(ACCOUNT_00, wrong_submitter.clone()).into(),
+					credential_id,
+					Some(MockAccessControl(wrong_submitter))
+				),
+				Error::<Test>::Unauthorized
+			);
+		});
+}
+
+#[test]
+fn remove_credential_not_found() {
+	let attester = sr25519_did_from_seed(&ALICE_SEED);
+	let credential_id: CredentialIdOf<Test> = CredentialIdOf::<Test>::default();
+	let deposit: Balance = <Test as Config>::Deposit::get();
+
+	ExtBuilder::default()
+		.with_balances(vec![(ACCOUNT_00, deposit)])
+		.build()
+		.execute_with(|| {
+			assert_noop!(
+				PublicCredentials::remove(DoubleOrigin(ACCOUNT_00, attester.clone()).into(), credential_id, None,),
+				Error::<Test>::CredentialNotFound
+			);
+		});
+}
+
+// reclaim_deposit
+
+#[test]
+fn reclaim_deposit_successful() {
+	let attester = sr25519_did_from_seed(&ALICE_SEED);
+	let subject_id: <Test as Config>::SubjectId = SUBJECT_ID_00;
+	let new_credential = generate_base_credential_entry::<Test>(ACCOUNT_00, 0, attester, None);
+	let credential_id: CredentialIdOf<Test> = CredentialIdOf::<Test>::default();
+	let deposit: Balance = <Test as Config>::Deposit::get();
+
+	ExtBuilder::default()
+		.with_balances(vec![(ACCOUNT_00, deposit)])
+		.with_public_credentials(vec![(subject_id, credential_id, new_credential)])
+		.build()
+		.execute_with(|| {
+			assert_ok!(PublicCredentials::reclaim_deposit(
+				Origin::signed(ACCOUNT_00),
+				credential_id
+			));
+
+			// Test this pallet logic
+			assert!(Credentials::<Test>::get(&subject_id, &credential_id).is_none());
+			assert!(CredentialSubjects::<Test>::get(&credential_id).is_none());
+
+			// Check deposit release logic
+			assert!(Balances::reserved_balance(ACCOUNT_00).is_zero());
+
+			// Reclaiming the deposit for the same credential again will fail
+			assert_noop!(
+				PublicCredentials::reclaim_deposit(Origin::signed(ACCOUNT_00), credential_id),
+				Error::<Test>::CredentialNotFound
+			);
+
+			assert_noop!(
+				PublicCredentials::reclaim_deposit(Origin::signed(ACCOUNT_00), credential_id),
+				Error::<Test>::CredentialNotFound
+			);
+		});
+}
+
+#[test]
+fn reclaim_deposit_credential_not_found() {
+	let credential_id: CredentialIdOf<Test> = CredentialIdOf::<Test>::default();
+	let deposit: Balance = <Test as Config>::Deposit::get();
+
+	ExtBuilder::default()
+		.with_balances(vec![(ACCOUNT_00, deposit)])
+		.build()
+		.execute_with(|| {
+			assert_noop!(
+				PublicCredentials::reclaim_deposit(Origin::signed(ACCOUNT_00), credential_id),
+				Error::<Test>::CredentialNotFound
+			);
+		});
+}
+
+#[test]
+fn reclaim_deposit_unauthorized() {
+	let attester = sr25519_did_from_seed(&ALICE_SEED);
+	let subject_id: <Test as Config>::SubjectId = SUBJECT_ID_00;
+	let new_credential = generate_base_credential_entry::<Test>(ACCOUNT_00, 0, attester, None);
+	let credential_id: CredentialIdOf<Test> = CredentialIdOf::<Test>::default();
+	let deposit: Balance = <Test as Config>::Deposit::get();
+
+	ExtBuilder::default()
+		.with_balances(vec![(ACCOUNT_00, deposit)])
+		.with_public_credentials(vec![(subject_id, credential_id, new_credential)])
+		.build()
+		.execute_with(|| {
+			assert_noop!(
+				PublicCredentials::reclaim_deposit(Origin::signed(ACCOUNT_01), credential_id),
+				Error::<Test>::Unauthorized
+			);
+		});
+}
diff --git a/rpc/did/Cargo.toml b/rpc/did/Cargo.toml
index 5cfa817f53..a2004fdd02 100644
--- a/rpc/did/Cargo.toml
+++ b/rpc/did/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 edition = "2021"
 name = "did-rpc"
-version = "1.6.2"
+version = "1.7.2"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
@@ -9,7 +9,7 @@ version = "1.6.2"
 codec = { package = "parity-scale-codec", version = "3.1.5" }
 jsonrpsee = { version = "0.15.1", features = ["server", "macros"] }
 
-did-rpc-runtime-api = {version = "1.6.2", path = "./runtime-api"}
+did-rpc-runtime-api = {version = "1.7.2", path = "./runtime-api"}
 
 sp-api = {git = "https://github.com/paritytech/substrate", default-features = false, branch = "polkadot-v0.9.28"}
 sp-blockchain = {git = "https://github.com/paritytech/substrate", default-features = false, branch = "polkadot-v0.9.28"}
diff --git a/rpc/did/runtime-api/Cargo.toml b/rpc/did/runtime-api/Cargo.toml
index 532f10f6ec..2baf0bfc18 100644
--- a/rpc/did/runtime-api/Cargo.toml
+++ b/rpc/did/runtime-api/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 edition = "2021"
 name = "did-rpc-runtime-api"
-version = "1.6.2"
+version = "1.7.2"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
diff --git a/rpc/public-credentials/Cargo.toml b/rpc/public-credentials/Cargo.toml
new file mode 100644
index 0000000000..604a499fb8
--- /dev/null
+++ b/rpc/public-credentials/Cargo.toml
@@ -0,0 +1,30 @@
+[package]
+name = "public-credentials-rpc"
+version = "1.7.2"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+# Client dependencies
+jsonrpsee = { version = "0.15.1", features = ["server", "macros"] }
+
+# External runtime dependencies
+codec = { package = "parity-scale-codec", version = "3.1.5" }
+
+# Substrate runtime dependencies
+sp-api = {git = "https://github.com/paritytech/substrate", default-features = false, branch = "polkadot-v0.9.28"}
+sp-blockchain = {git = "https://github.com/paritytech/substrate", default-features = false, branch = "polkadot-v0.9.28"}
+sp-runtime = {git = "https://github.com/paritytech/substrate", default-features = false, branch = "polkadot-v0.9.28"}
+
+# Internal runtime dependencies
+public-credentials-runtime-api = {version = "1.7.2", path = "./runtime-api"}
+
+[features]
+default = ["std"]
+std = [
+  "codec/std",
+  "sp-api/std",
+  "sp-runtime/std",
+  "public-credentials-runtime-api/std",
+]
diff --git a/rpc/public-credentials/runtime-api/Cargo.toml b/rpc/public-credentials/runtime-api/Cargo.toml
new file mode 100644
index 0000000000..326d57bf89
--- /dev/null
+++ b/rpc/public-credentials/runtime-api/Cargo.toml
@@ -0,0 +1,23 @@
+[package]
+authors = ["KILT <info@kilt.io>"]
+description = "Runtime APIs for dealing with public credentials."
+edition = "2021"
+name = "public-credentials-runtime-api"
+repository = "https://github.com/KILTprotocol/kilt-node"
+version = "1.7.2"
+
+[dependencies]
+# External dependencies
+codec = {package = "parity-scale-codec", version = "3.1.5", default-features = false}
+
+# Substrate dependencies
+sp-api = {git = "https://github.com/paritytech/substrate", branch = "polkadot-v0.9.28", default-features = false}
+sp-std = {git = "https://github.com/paritytech/substrate", branch = "polkadot-v0.9.28", default-features = false}
+
+[features]
+default = ["std"]
+std = [
+	"codec/std",
+	"sp-api/std",
+	"sp-std/std",
+]
diff --git a/rpc/public-credentials/runtime-api/src/lib.rs b/rpc/public-credentials/runtime-api/src/lib.rs
new file mode 100644
index 0000000000..6b0b0ba5a8
--- /dev/null
+++ b/rpc/public-credentials/runtime-api/src/lib.rs
@@ -0,0 +1,35 @@
+// KILT Blockchain – https://botlabs.org
+// Copyright (C) 2019-2022 BOTLabs GmbH
+
+// The KILT Blockchain is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// The KILT Blockchain is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+// If you feel like getting in touch with us, you can do so at info@botlabs.org
+
+#![cfg_attr(not(feature = "std"), no_std)]
+
+use codec::Codec;
+
+use sp_std::vec::Vec;
+
+sp_api::decl_runtime_apis! {
+	/// The API to query public credentials for a subject.
+	pub trait PublicCredentialsApi<SubjectId, CredentialId, CredentialEntry> where
+		SubjectId: Codec,
+		CredentialId: Codec,
+		CredentialEntry: Codec
+	{
+		fn get_credential(credential_id: CredentialId) -> Option<CredentialEntry>;
+		fn get_credentials(subject: SubjectId) -> Vec<(CredentialId, CredentialEntry)>;
+	}
+}
diff --git a/rpc/public-credentials/src/lib.rs b/rpc/public-credentials/src/lib.rs
new file mode 100644
index 0000000000..a5fede10c0
--- /dev/null
+++ b/rpc/public-credentials/src/lib.rs
@@ -0,0 +1,231 @@
+// KILT Blockchain – https://botlabs.org
+// Copyright (C) 2019-2022 BOTLabs GmbH
+
+// The KILT Blockchain is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// The KILT Blockchain is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+// If you feel like getting in touch with us, you can do so at info@botlabs.org
+
+pub use public_credentials_runtime_api::PublicCredentialsApi as PublicCredentialsRuntimeApi;
+
+use std::sync::Arc;
+
+use codec::Codec;
+use jsonrpsee::{
+	core::{async_trait, RpcResult},
+	proc_macros::rpc,
+	types::error::{CallError, ErrorObject},
+};
+
+use sp_api::ProvideRuntimeApi;
+use sp_blockchain::HeaderBackend;
+use sp_runtime::{generic::BlockId, traits::Block as BlockT};
+
+/// Filter that can be used after the credentials for a given subject have been
+/// retrieved from the blockchain state.
+pub trait PublicCredentialsFilter<Credential> {
+	fn should_include(&self, credential: &Credential) -> bool;
+}
+
+#[rpc(client, server)]
+pub trait PublicCredentialsApi<BlockHash, OuterSubjectId, OuterCredentialId, OuterCredentialEntry, CredentialFilter> {
+	/// Return a credential that matches the provided credential ID, if found.
+	#[method(name = "credentials_getCredential")]
+	fn get_credential(
+		&self,
+		credential_id: OuterCredentialId,
+		at: Option<BlockHash>,
+	) -> RpcResult<Option<OuterCredentialEntry>>;
+
+	/// Return all the credentials issued to the provided subject, optionally
+	/// filtering with the provided logic. The result is a vector of (credential
+	/// identifier, credential entry).
+	#[method(name = "credentials_getCredentials")]
+	fn get_credentials(
+		&self,
+		subject: OuterSubjectId,
+		filter: Option<CredentialFilter>,
+		at: Option<BlockHash>,
+	) -> RpcResult<Vec<(OuterCredentialId, OuterCredentialEntry)>>;
+}
+
+pub struct PublicCredentialsQuery<
+	Client,
+	Block,
+	OuterSubjectId,
+	SubjectId,
+	OuterCredentialId,
+	CredentialId,
+	OuterCredentialEntry,
+	CredentialEntry,
+	CredentialFilter,
+> {
+	client: Arc<Client>,
+	#[allow(clippy::type_complexity)]
+	_marker: std::marker::PhantomData<(
+		Block,
+		OuterSubjectId,
+		SubjectId,
+		OuterCredentialId,
+		CredentialId,
+		OuterCredentialEntry,
+		CredentialEntry,
+		CredentialFilter,
+	)>,
+}
+
+impl<
+		Client,
+		Block,
+		OuterSubjectId,
+		SubjectId,
+		OuterCredentialId,
+		CredentialId,
+		OuterCredentialEntry,
+		CredentialEntry,
+		CredentialFilter,
+	>
+	PublicCredentialsQuery<
+		Client,
+		Block,
+		OuterSubjectId,
+		SubjectId,
+		OuterCredentialId,
+		CredentialId,
+		OuterCredentialEntry,
+		CredentialEntry,
+		CredentialFilter,
+	>
+{
+	pub fn new(client: Arc<Client>) -> Self {
+		Self {
+			client,
+			_marker: Default::default(),
+		}
+	}
+}
+
+#[repr(i32)]
+pub enum Error {
+	Runtime = 1,
+	Conversion,
+	Internal = i32::MAX,
+}
+
+#[async_trait]
+impl<
+		Client,
+		Block,
+		OuterSubjectId,
+		SubjectId,
+		OuterCredentialId,
+		CredentialId,
+		OuterCredentialEntry,
+		CredentialEntry,
+		CredentialFilter,
+	>
+	PublicCredentialsApiServer<
+		<Block as BlockT>::Hash,
+		OuterSubjectId,
+		OuterCredentialId,
+		OuterCredentialEntry,
+		CredentialFilter,
+	>
+	for PublicCredentialsQuery<
+		Client,
+		Block,
+		OuterSubjectId,
+		SubjectId,
+		OuterCredentialId,
+		CredentialId,
+		OuterCredentialEntry,
+		CredentialEntry,
+		CredentialFilter,
+	> where
+	Block: BlockT,
+	Client: Send + Sync + 'static + ProvideRuntimeApi<Block> + HeaderBackend<Block>,
+	Client::Api: PublicCredentialsRuntimeApi<Block, SubjectId, CredentialId, CredentialEntry>,
+	OuterSubjectId: Send + Sync + 'static,
+	SubjectId: Codec + Send + Sync + 'static + TryFrom<OuterSubjectId>,
+	OuterCredentialId: Send + Sync + 'static,
+	CredentialId: Codec + Send + Sync + 'static + TryFrom<OuterCredentialId> + Into<OuterCredentialId>,
+	CredentialEntry: Codec + Send + Sync + 'static,
+	OuterCredentialEntry: Send + Sync + 'static + From<CredentialEntry>,
+	CredentialFilter: Send + Sync + 'static + PublicCredentialsFilter<CredentialEntry>,
+{
+	fn get_credential(
+		&self,
+		credential_id: OuterCredentialId,
+		at: Option<<Block as BlockT>::Hash>,
+	) -> RpcResult<Option<OuterCredentialEntry>> {
+		let api = self.client.runtime_api();
+		let at = BlockId::hash(at.unwrap_or_else(|| self.client.info().best_hash));
+
+		let into_credential_id: CredentialId = credential_id.try_into().map_err(|_| {
+			CallError::Custom(ErrorObject::owned(
+				Error::Conversion as i32,
+				"Unable to convert input to a valid credential ID.",
+				Option::<String>::None,
+			))
+		})?;
+
+		let credential = api.get_credential(&at, into_credential_id).map_err(|_| {
+			CallError::Custom(ErrorObject::owned(
+				Error::Runtime as i32,
+				"Unable to get credential.",
+				Option::<String>::None,
+			))
+		})?;
+		Ok(credential.map(OuterCredentialEntry::from))
+	}
+
+	fn get_credentials(
+		&self,
+		subject: OuterSubjectId,
+		filter: Option<CredentialFilter>,
+		at: Option<<Block as BlockT>::Hash>,
+	) -> RpcResult<Vec<(OuterCredentialId, OuterCredentialEntry)>> {
+		let api = self.client.runtime_api();
+		let at = BlockId::hash(at.unwrap_or_else(|| self.client.info().best_hash));
+
+		let into_subject: SubjectId = subject.try_into().map_err(|_| {
+			CallError::Custom(ErrorObject::owned(
+				Error::Conversion as i32,
+				"Unable to convert input to a valid subject ID",
+				Option::<String>::None,
+			))
+		})?;
+
+		let credentials = api.get_credentials(&at, into_subject).map_err(|_| {
+			CallError::Custom(ErrorObject::owned(
+				Error::Runtime as i32,
+				"Unable to get credentials",
+				Option::<String>::None,
+			))
+		})?;
+
+		let filtered_credentials = if let Some(filter) = filter {
+			credentials
+				.into_iter()
+				.filter(|(_, credential_entry)| filter.should_include(credential_entry))
+				.collect()
+		} else {
+			credentials
+		};
+
+		Ok(filtered_credentials
+			.into_iter()
+			.map(|(id, entry)| (id.into(), entry.into()))
+			.collect())
+	}
+}
diff --git a/runtimes/clone/Cargo.toml b/runtimes/clone/Cargo.toml
index 5de53d4390..75dae1bd5a 100644
--- a/runtimes/clone/Cargo.toml
+++ b/runtimes/clone/Cargo.toml
@@ -21,9 +21,11 @@ serde = {version = "1.0.137", optional = true, features = ["derive"]}
 did-rpc-runtime-api = {path = "../../rpc/did/runtime-api", default-features = false}
 frame-system-rpc-runtime-api = {git = "https://github.com/paritytech/substrate", default-features = false, branch = "polkadot-v0.9.28"}
 pallet-transaction-payment-rpc-runtime-api = {git = "https://github.com/paritytech/substrate", default-features = false, branch = "polkadot-v0.9.28"}
+public-credentials-runtime-api = {path = "../../rpc/public-credentials/runtime-api", default-features = false}
 
 # KILT pallets & primitives
 pallet-did-lookup = {path = "../../pallets/pallet-did-lookup", default-features = false}
+public-credentials = {path = "../../pallets/public-credentials", default-features = false}
 runtime-common = {path = "../../runtimes/common", default-features = false}
 
 # Substrate dependencies
@@ -100,6 +102,7 @@ runtime-benchmarks = [
   "pallet-did-lookup/runtime-benchmarks",
   "pallet-timestamp/runtime-benchmarks",
   "pallet-utility/runtime-benchmarks",
+  "public-credentials/runtime-benchmarks",
   "runtime-common/runtime-benchmarks",
   "sp-runtime/runtime-benchmarks",
   "xcm-builder/runtime-benchmarks",
@@ -136,6 +139,8 @@ std = [
   "pallet-xcm/std",
   "parachain-info/std",
   "polkadot-parachain/std",
+  "public-credentials/std",
+  "public-credentials-runtime-api/std",
   "runtime-common/std",
   "scale-info/std",
   "serde",
@@ -170,5 +175,6 @@ try-runtime = [
   "pallet-timestamp/try-runtime",
   "pallet-transaction-payment/try-runtime",
   "pallet-utility/try-runtime",
+  "public-credentials/try-runtime",
   "runtime-common/try-runtime",
-]
\ No newline at end of file
+]
diff --git a/runtimes/clone/src/lib.rs b/runtimes/clone/src/lib.rs
index f837c15188..c6376b7d92 100644
--- a/runtimes/clone/src/lib.rs
+++ b/runtimes/clone/src/lib.rs
@@ -47,10 +47,12 @@ use xcm::opaque::latest::BodyId;
 use xcm_executor::XcmExecutor;
 
 use runtime_common::{
+	assets::AssetDid,
+	authorization::AuthorizationId,
 	constants::{self, HOURS, MILLI_KILT},
 	fees::{ToAuthor, WeightToFee},
-	AccountId, AuthorityId, Balance, BlockHashCount, BlockLength, BlockNumber, BlockWeights, FeeSplit, Hash, Header,
-	Index, Signature, SlowAdjustingFeeUpdate,
+	AccountId, AuthorityId, Balance, BlockHashCount, BlockLength, BlockNumber, BlockWeights, DidIdentifier, FeeSplit,
+	Hash, Header, Index, Signature, SlowAdjustingFeeUpdate,
 };
 
 use crate::xcm_config::{XcmConfig, XcmOriginToTransactDispatchOrigin};
@@ -581,6 +583,16 @@ impl_runtime_apis! {
 		}
 	}
 
+	impl public_credentials_runtime_api::PublicCredentialsApi<Block, AssetDid, Hash, public_credentials::CredentialEntry<Hash, DidIdentifier, BlockNumber, AccountId, Balance, AuthorizationId<Hash>>> for Runtime {
+		fn get_credential(_credential_id: Hash) -> Option<public_credentials::CredentialEntry<Hash, DidIdentifier, BlockNumber, AccountId, Balance, AuthorizationId<Hash>>> {
+			None
+		}
+
+		fn get_credentials(_subject: AssetDid) -> Vec<(Hash, public_credentials::CredentialEntry<Hash, DidIdentifier, BlockNumber, AccountId, Balance, AuthorizationId<Hash>>)> {
+			vec![]
+		}
+	}
+
 	#[cfg(feature = "runtime-benchmarks")]
 	impl frame_benchmarking::Benchmark<Block> for Runtime {
 		fn benchmark_metadata(extra: bool) -> (
diff --git a/runtimes/common/Cargo.toml b/runtimes/common/Cargo.toml
index 8359b00c37..a4aa23da17 100644
--- a/runtimes/common/Cargo.toml
+++ b/runtimes/common/Cargo.toml
@@ -9,12 +9,15 @@ version = "1.7.2"
 [dependencies]
 codec = {package = "parity-scale-codec", version = "3.1.5", default-features = false, features = ["derive"]}
 log = "0.4.17"
+kilt-asset-dids = { default-features = false, path = "../../crates/assets" }
 scale-info = {version = "2.1.1", default-features = false, features = ["derive"]}
 serde = {version = "1.0.142", optional = true, features = ["derive"]}
 smallvec = "1.8.0"
 
 attestation = {default-features = false, path = "../../pallets/attestation"}
+kilt-support = { default-features = false, optional = true, path = "../../support" }
 parachain-staking = {default-features = false, path = "../../pallets/parachain-staking"}
+public-credentials = {default-features = false, path = "../../pallets/public-credentials"}
 
 frame-support = {git = "https://github.com/paritytech/substrate", default-features = false, branch = "polkadot-v0.9.28"}
 frame-system = {git = "https://github.com/paritytech/substrate", default-features = false, branch = "polkadot-v0.9.28"}
@@ -39,6 +42,7 @@ fast-gov = []
 runtime-benchmarks = [
   "attestation/runtime-benchmarks",
   "frame-support/runtime-benchmarks",
+  "kilt-support/runtime-benchmarks",
   "parachain-staking/runtime-benchmarks",
   "polkadot-parachain/runtime-benchmarks",
   "sp-runtime/runtime-benchmarks",
@@ -49,12 +53,15 @@ std = [
   "codec/std",
   "frame-support/std",
   "frame-system/std",
+  "kilt-asset-dids/std",
+  "kilt-support/std",
   "pallet-authorship/std",
   "pallet-balances/std",
   "pallet-membership/std",
   "pallet-transaction-payment/std",
   "parachain-staking/std",
   "polkadot-parachain/std",
+  "public-credentials/std",
   "scale-info/std",
   "serde",
   "sp-consensus-aura/std",
diff --git a/runtimes/common/src/assets.rs b/runtimes/common/src/assets.rs
new file mode 100644
index 0000000000..4c2be05a69
--- /dev/null
+++ b/runtimes/common/src/assets.rs
@@ -0,0 +1,103 @@
+// KILT Blockchain – https://botlabs.org
+// Copyright (C) 2019-2022 BOTLabs GmbH
+
+// The KILT Blockchain is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// The KILT Blockchain is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+// If you feel like getting in touch with us, you can do so at info@botlabs.org
+
+use codec::{Decode, Encode, MaxEncodedLen};
+use scale_info::TypeInfo;
+use sp_runtime::RuntimeDebug;
+use sp_std::vec::Vec;
+
+use kilt_asset_dids::AssetDid as AssetIdentifier;
+
+#[cfg(feature = "runtime-benchmarks")]
+pub use benchmarks::*;
+
+/// Thin wrapper around the `AssetDid` type, that implements the required
+/// TryFrom<Vec<u8>> trait.
+#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, RuntimeDebug, Encode, Decode, MaxEncodedLen, TypeInfo)]
+pub struct AssetDid(AssetIdentifier);
+
+impl core::ops::Deref for AssetDid {
+	type Target = AssetIdentifier;
+
+	fn deref(&self) -> &Self::Target {
+		&self.0
+	}
+}
+
+impl TryFrom<Vec<u8>> for AssetDid {
+	type Error = &'static str;
+
+	fn try_from(value: Vec<u8>) -> Result<Self, Self::Error> {
+		let asset = AssetIdentifier::from_utf8_encoded(&value[..])
+			.map_err(|_| "Cannot convert provided input to a valid Asset DID.")?;
+		Ok(Self(asset))
+	}
+}
+
+#[cfg(feature = "std")]
+impl TryFrom<String> for AssetDid {
+	type Error = &'static str;
+
+	fn try_from(value: String) -> Result<Self, Self::Error> {
+		Self::try_from(value.into_bytes())
+	}
+}
+
+#[cfg(feature = "runtime-benchmarks")]
+mod benchmarks {
+	use super::*;
+
+	use codec::alloc::string::ToString;
+	use sp_std::vec::Vec;
+
+	use kilt_asset_dids::{asset, chain};
+
+	impl From<AssetDid> for Vec<u8> {
+		fn from(value: AssetDid) -> Self {
+			// UTF-8 encode the asset DID (generates the string with the "did:asset:"
+			// prefix)
+			value.to_string().as_bytes().to_vec()
+		}
+	}
+
+	impl kilt_support::traits::GetWorstCase for AssetDid {
+		fn worst_case() -> Self {
+			// Returns the worst case for an AssetDID, which is represented by the longest
+			// identifier according to the spec.
+			Self::try_from(
+				[
+					b"did:asset:",
+					// Chain part
+					&[b'0'; chain::MAXIMUM_NAMESPACE_LENGTH][..],
+					b":",
+					&[b'1'; chain::MAXIMUM_REFERENCE_LENGTH][..],
+					// "." separator
+					b".",
+					// Asset part
+					&[b'2'; asset::MAXIMUM_NAMESPACE_LENGTH][..],
+					b":",
+					&[b'3'; asset::MAXIMUM_REFERENCE_LENGTH][..],
+					b":",
+					&[b'4'; asset::MAXIMUM_IDENTIFIER_LENGTH][..],
+				]
+				.concat(),
+			)
+			.expect("Worst case creation should not fail.")
+		}
+	}
+}
diff --git a/runtimes/common/src/authorization.rs b/runtimes/common/src/authorization.rs
index 50b45e1961..1e7da8bc1a 100644
--- a/runtimes/common/src/authorization.rs
+++ b/runtimes/common/src/authorization.rs
@@ -21,8 +21,10 @@ use scale_info::TypeInfo;
 use sp_runtime::DispatchError;
 
 use attestation::AttestationAccessControl;
+use public_credentials::PublicCredentialsAccessControl;
 
 #[derive(Clone, Debug, Encode, Decode, PartialEq, Eq, TypeInfo, MaxEncodedLen)]
+#[cfg_attr(feature = "std", derive(serde::Serialize, serde::Deserialize))]
 pub enum AuthorizationId<DelegationId> {
 	Delegation(DelegationId),
 }
@@ -43,9 +45,8 @@ where
 		ctype: &Ctype,
 		claim: &ClaimHash,
 	) -> Result<frame_support::dispatch::Weight, DispatchError> {
-		match self {
-			PalletAuthorize::Delegation(ac) => ac.can_attest(who, ctype, claim),
-		}
+		let PalletAuthorize::Delegation(ac) = self;
+		ac.can_attest(who, ctype, claim)
 	}
 
 	fn can_revoke(
@@ -55,11 +56,8 @@ where
 		claim: &ClaimHash,
 		auth_id: &AuthorizationId<DelegationId>,
 	) -> Result<frame_support::dispatch::Weight, DispatchError> {
-		match (self, auth_id) {
-			(PalletAuthorize::Delegation(ac), AuthorizationId::Delegation(auth_id)) => {
-				ac.can_revoke(who, ctype, claim, auth_id)
-			} // _ => Err(DispatchError::Other("unauthorized")),
-		}
+		let (PalletAuthorize::Delegation(ac), AuthorizationId::Delegation(auth_id)) = (self, auth_id);
+		ac.can_revoke(who, ctype, claim, auth_id)
 	}
 
 	fn can_remove(
@@ -69,32 +67,98 @@ where
 		claim: &ClaimHash,
 		auth_id: &AuthorizationId<DelegationId>,
 	) -> Result<frame_support::dispatch::Weight, DispatchError> {
-		match (self, auth_id) {
-			(PalletAuthorize::Delegation(ac), AuthorizationId::Delegation(auth_id)) => {
-				ac.can_remove(who, ctype, claim, auth_id)
-			} // _ => Err(DispatchError::Other("unauthorized")),
-		}
+		let (PalletAuthorize::Delegation(ac), AuthorizationId::Delegation(auth_id)) = (self, auth_id);
+		ac.can_remove(who, ctype, claim, auth_id)
 	}
 
 	fn authorization_id(&self) -> AuthorizationId<DelegationId> {
-		match self {
-			PalletAuthorize::Delegation(ac) => AuthorizationId::Delegation(ac.authorization_id()),
-		}
+		let PalletAuthorize::Delegation(ac) = self;
+		AuthorizationId::Delegation(ac.authorization_id())
 	}
 
 	fn can_attest_weight(&self) -> Weight {
-		match self {
-			PalletAuthorize::Delegation(ac) => ac.can_attest_weight(),
-		}
+		let PalletAuthorize::Delegation(ac) = self;
+		ac.can_attest_weight()
 	}
 	fn can_revoke_weight(&self) -> Weight {
-		match self {
-			PalletAuthorize::Delegation(ac) => ac.can_revoke_weight(),
-		}
+		let PalletAuthorize::Delegation(ac) = self;
+		ac.can_revoke_weight()
 	}
 	fn can_remove_weight(&self) -> Weight {
-		match self {
-			PalletAuthorize::Delegation(ac) => ac.can_remove_weight(),
-		}
+		let PalletAuthorize::Delegation(ac) = self;
+		ac.can_remove_weight()
+	}
+}
+
+impl<AttesterId, DelegationAc, DelegationId, Ctype, CredentialId>
+	PublicCredentialsAccessControl<AttesterId, AuthorizationId<DelegationId>, Ctype, CredentialId>
+	for PalletAuthorize<DelegationAc>
+where
+	DelegationAc: PublicCredentialsAccessControl<AttesterId, DelegationId, Ctype, CredentialId>,
+{
+	fn can_issue(
+		&self,
+		who: &AttesterId,
+		ctype: &Ctype,
+		credential_id: &CredentialId,
+	) -> Result<frame_support::dispatch::Weight, DispatchError> {
+		let PalletAuthorize::Delegation(ac) = self;
+		ac.can_issue(who, ctype, credential_id)
+	}
+
+	fn can_revoke(
+		&self,
+		who: &AttesterId,
+		ctype: &Ctype,
+		credential_id: &CredentialId,
+		auth_id: &AuthorizationId<DelegationId>,
+	) -> Result<frame_support::dispatch::Weight, DispatchError> {
+		let (PalletAuthorize::Delegation(ac), AuthorizationId::Delegation(auth_id)) = (self, auth_id);
+		ac.can_revoke(who, ctype, credential_id, auth_id)
+	}
+
+	fn can_unrevoke(
+		&self,
+		who: &AttesterId,
+		ctype: &Ctype,
+		credential_id: &CredentialId,
+		auth_id: &AuthorizationId<DelegationId>,
+	) -> Result<frame_support::dispatch::Weight, DispatchError> {
+		let (PalletAuthorize::Delegation(ac), AuthorizationId::Delegation(auth_id)) = (self, auth_id);
+		ac.can_unrevoke(who, ctype, credential_id, auth_id)
+	}
+
+	fn can_remove(
+		&self,
+		who: &AttesterId,
+		ctype: &Ctype,
+		credential_id: &CredentialId,
+		auth_id: &AuthorizationId<DelegationId>,
+	) -> Result<frame_support::dispatch::Weight, DispatchError> {
+		let (PalletAuthorize::Delegation(ac), AuthorizationId::Delegation(auth_id)) = (self, auth_id);
+		ac.can_remove(who, ctype, credential_id, auth_id)
+	}
+
+	fn authorization_id(&self) -> AuthorizationId<DelegationId> {
+		let PalletAuthorize::Delegation(ac) = self;
+		AuthorizationId::Delegation(ac.authorization_id())
+	}
+
+	fn can_issue_weight(&self) -> Weight {
+		let PalletAuthorize::Delegation(ac) = self;
+		ac.can_issue_weight()
+	}
+	fn can_revoke_weight(&self) -> Weight {
+		let PalletAuthorize::Delegation(ac) = self;
+		ac.can_revoke_weight()
+	}
+
+	fn can_unrevoke_weight(&self) -> Weight {
+		let PalletAuthorize::Delegation(ac) = self;
+		ac.can_unrevoke_weight()
+	}
+	fn can_remove_weight(&self) -> Weight {
+		let PalletAuthorize::Delegation(ac) = self;
+		ac.can_remove_weight()
 	}
 }
diff --git a/runtimes/common/src/constants.rs b/runtimes/common/src/constants.rs
index d7793c979a..f660b14346 100644
--- a/runtimes/common/src/constants.rs
+++ b/runtimes/common/src/constants.rs
@@ -432,6 +432,21 @@ pub mod fee {
 	}
 }
 
+pub mod public_credentials {
+	use super::*;
+
+	/// The size is checked in the runtime by a test.
+	pub const MAX_PUBLIC_CREDENTIAL_STORAGE_LENGTH: u32 = 355;
+	// Each credential would have a different deposit, so no multiplier here
+	pub const PUBLIC_CREDENTIAL_DEPOSIT: Balance = deposit(1, MAX_PUBLIC_CREDENTIAL_STORAGE_LENGTH);
+
+	parameter_types! {
+		pub const Deposit: Balance = PUBLIC_CREDENTIAL_DEPOSIT;
+		pub const MaxEncodedClaimsLength: u32 = 100_000;	// 100 Kb
+		pub const MaxSubjectIdLength: u32 = kilt_asset_dids::MAXIMUM_ASSET_DID_LENGTH as u32;
+	}
+}
+
 #[cfg(test)]
 mod tests {
 	use super::*;
diff --git a/runtimes/common/src/lib.rs b/runtimes/common/src/lib.rs
index 4c31bb6b63..3e9c999644 100644
--- a/runtimes/common/src/lib.rs
+++ b/runtimes/common/src/lib.rs
@@ -42,6 +42,7 @@ use sp_runtime::{
 };
 use sp_std::marker::PhantomData;
 
+pub mod assets;
 pub mod authorization;
 pub mod constants;
 pub mod fees;
diff --git a/runtimes/peregrine/Cargo.toml b/runtimes/peregrine/Cargo.toml
index 82b9bb7475..a29e6c8398 100644
--- a/runtimes/peregrine/Cargo.toml
+++ b/runtimes/peregrine/Cargo.toml
@@ -21,6 +21,7 @@ serde = {version = "1.0.142", optional = true, features = ["derive"]}
 did-rpc-runtime-api = {path = "../../rpc/did/runtime-api", default-features = false}
 frame-system-rpc-runtime-api = {git = "https://github.com/paritytech/substrate", default-features = false, branch = "polkadot-v0.9.28"}
 pallet-transaction-payment-rpc-runtime-api = {git = "https://github.com/paritytech/substrate", default-features = false, branch = "polkadot-v0.9.28"}
+public-credentials-runtime-api = {path = "../../rpc/public-credentials/runtime-api", default-features = false}
 
 # KILT pallets & primitives
 attestation = {path = "../../pallets/attestation", default-features = false}
@@ -34,6 +35,7 @@ pallet-inflation = {path = "../../pallets/pallet-inflation", default-features =
 pallet-relay-migration = {path = "../../pallets/relay-migration", default-features = false}
 pallet-web3-names = {path = "../../pallets/pallet-web3-names", default-features = false}
 parachain-staking = {path = "../../pallets/parachain-staking", default-features = false}
+public-credentials = {default-features = false, path = "../../pallets/public-credentials"}
 runtime-common = {path = "../../runtimes/common", default-features = false}
 
 # Substrate dependencies
@@ -140,6 +142,7 @@ runtime-benchmarks = [
   "pallet-vesting/runtime-benchmarks",
   "pallet-web3-names/runtime-benchmarks",
   "parachain-staking/runtime-benchmarks",
+  "public-credentials/runtime-benchmarks",
   "runtime-common/runtime-benchmarks",
   "sp-runtime/runtime-benchmarks",
   "xcm-builder/runtime-benchmarks",
@@ -167,6 +170,7 @@ std = [
   "frame-try-runtime/std",
   "kilt-support/std",
   "log/std",
+  "kilt-support/std",
   "pallet-aura/std",
   "pallet-authorship/std",
   "pallet-balances/std",
@@ -196,6 +200,8 @@ std = [
   "parachain-info/std",
   "parachain-staking/std",
   "polkadot-parachain/std",
+  "public-credentials/std",
+  "public-credentials-runtime-api/std",
   "runtime-common/std",
   "scale-info/std",
   "serde",
@@ -250,5 +256,6 @@ try-runtime = [
   "pallet-vesting/try-runtime",
   "pallet-web3-names/try-runtime",
   "parachain-staking/try-runtime",
+  "public-credentials/try-runtime",
   "runtime-common/try-runtime",
 ]
diff --git a/runtimes/peregrine/src/lib.rs b/runtimes/peregrine/src/lib.rs
index f8ad9b8bc9..e55385d31e 100644
--- a/runtimes/peregrine/src/lib.rs
+++ b/runtimes/peregrine/src/lib.rs
@@ -47,9 +47,11 @@ use xcm_executor::XcmExecutor;
 use delegation::DelegationAc;
 use pallet_did_lookup::{linkable_account::LinkableAccountId, migrations::EthereumMigration};
 pub use parachain_staking::InflationInfo;
+pub use public_credentials;
 
 use kilt_support::relay::RelayChainCallBuilder;
 use runtime_common::{
+	assets::AssetDid,
 	authorization::{AuthorizationId, PalletAuthorize},
 	constants::{self, EXISTENTIAL_DEPOSIT, KILT},
 	fees::{ToAuthor, WeightToFee},
@@ -681,6 +683,23 @@ impl pallet_utility::Config for Runtime {
 
 impl pallet_randomness_collective_flip::Config for Runtime {}
 
+impl public_credentials::Config for Runtime {
+	type AccessControl = PalletAuthorize<DelegationAc<Runtime>>;
+	type AttesterId = DidIdentifier;
+	type AuthorizationId = AuthorizationId<<Runtime as delegation::Config>::DelegationNodeId>;
+	type CredentialId = Hash;
+	type CredentialHash = BlakeTwo256;
+	type Currency = Balances;
+	type Deposit = runtime_common::constants::public_credentials::Deposit;
+	type EnsureOrigin = did::EnsureDidOrigin<DidIdentifier, AccountId>;
+	type MaxEncodedClaimsLength = runtime_common::constants::public_credentials::MaxEncodedClaimsLength;
+	type MaxSubjectIdLength = runtime_common::constants::public_credentials::MaxSubjectIdLength;
+	type OriginSuccess = did::DidRawOrigin<AccountId, DidIdentifier>;
+	type Event = Event;
+	type SubjectId = runtime_common::assets::AssetDid;
+	type WeightInfo = weights::public_credentials::WeightInfo<Runtime>;
+}
+
 /// The type used to represent the kinds of proxying allowed.
 #[derive(
 	Copy, Clone, Eq, PartialEq, Ord, PartialOrd, Encode, Decode, RuntimeDebug, MaxEncodedLen, scale_info::TypeInfo,
@@ -731,6 +750,7 @@ impl InstanceFilter<Call> for ProxyType {
 					// Excludes `ParachainSystem`
 					| Call::Preimage(..)
 					| Call::Proxy(..)
+					| Call::PublicCredentials(..)
 					| Call::Scheduler(..)
 					| Call::Session(..)
 					// Excludes `Sudo`
@@ -794,6 +814,13 @@ impl InstanceFilter<Call> for ProxyType {
 					// Excludes `ParachainSystem`
 					| Call::Preimage(..)
 					| Call::Proxy(..)
+					| Call::PublicCredentials(
+						// Excludes `reclaim_deposit`
+						public_credentials::Call::add { .. }
+						| public_credentials::Call::revoke { .. }
+						| public_credentials::Call::unrevoke { .. }
+						| public_credentials::Call::remove { .. }
+					)
 					| Call::Scheduler(..)
 					| Call::Session(..)
 					// Excludes `Sudo`
@@ -940,6 +967,7 @@ construct_runtime! {
 		Inflation: pallet_inflation = 66,
 		DidLookup: pallet_did_lookup = 67,
 		Web3Names: pallet_web3_names = 68,
+		PublicCredentials: public_credentials = 69,
 
 		// Parachains pallets. Start indices at 80 to leave room.
 
@@ -988,6 +1016,7 @@ impl did::DeriveDidCallAuthorizationVerificationKeyRelationship for Call {
 			Call::Did { .. } => Ok(did::DidVerificationKeyRelationship::Authentication),
 			Call::Web3Names { .. } => Ok(did::DidVerificationKeyRelationship::Authentication),
 			Call::DidLookup { .. } => Ok(did::DidVerificationKeyRelationship::Authentication),
+			Call::PublicCredentials { .. } => Ok(did::DidVerificationKeyRelationship::AssertionMethod),
 			Call::Utility(pallet_utility::Call::batch { calls }) => single_key_relationship(&calls[..]),
 			Call::Utility(pallet_utility::Call::batch_all { calls }) => single_key_relationship(&calls[..]),
 			#[cfg(not(feature = "runtime-benchmarks"))]
@@ -1236,6 +1265,17 @@ impl_runtime_apis! {
 		}
 	}
 
+	impl public_credentials_runtime_api::PublicCredentialsApi<Block, AssetDid, Hash, public_credentials::CredentialEntry<Hash, DidIdentifier, BlockNumber, AccountId, Balance, AuthorizationId<<Runtime as delegation::Config>::DelegationNodeId>>> for Runtime {
+		fn get_credential(credential_id: Hash) -> Option<public_credentials::CredentialEntry<Hash, DidIdentifier, BlockNumber, AccountId, Balance, AuthorizationId<<Runtime as delegation::Config>::DelegationNodeId>>> {
+			let subject = public_credentials::CredentialSubjects::<Runtime>::get(&credential_id)?;
+			public_credentials::Credentials::<Runtime>::get(&subject, &credential_id)
+		}
+
+		fn get_credentials(subject: <Runtime as public_credentials::Config>::SubjectId) -> Vec<(Hash, public_credentials::CredentialEntry<Hash, DidIdentifier, BlockNumber, AccountId, Balance, AuthorizationId<<Runtime as delegation::Config>::DelegationNodeId>>)> {
+			public_credentials::Credentials::<Runtime>::iter_prefix(&subject).collect()
+		}
+	}
+
 	#[cfg(feature = "runtime-benchmarks")]
 	impl frame_benchmarking::Benchmark<Block> for Runtime {
 		fn benchmark_metadata(extra: bool) -> (
@@ -1277,6 +1317,7 @@ impl_runtime_apis! {
 			list_benchmark!(list, extra, pallet_inflation, Inflation);
 			list_benchmark!(list, extra, parachain_staking, ParachainStaking);
 			list_benchmark!(list, extra, pallet_web3_names, Web3Names);
+			list_benchmark!(list, extra, public_credentials, PublicCredentials);
 
 			let storage_info = AllPalletsWithSystem::storage_info();
 
@@ -1343,6 +1384,7 @@ impl_runtime_apis! {
 			add_benchmark!(params, batches, pallet_inflation, Inflation);
 			add_benchmark!(params, batches, parachain_staking, ParachainStaking);
 			add_benchmark!(params, batches, pallet_web3_names, Web3Names);
+			add_benchmark!(params, batches, public_credentials, PublicCredentials);
 
 			// No benchmarks for these pallets
 			// add_benchmark!(params, batches, cumulus_pallet_parachain_system, ParachainSystem);
diff --git a/runtimes/peregrine/src/tests.rs b/runtimes/peregrine/src/tests.rs
index 2a66e2b25b..ac491f5072 100644
--- a/runtimes/peregrine/src/tests.rs
+++ b/runtimes/peregrine/src/tests.rs
@@ -23,14 +23,15 @@ use did::DeriveDidCallAuthorizationVerificationKeyRelationship;
 use pallet_did_lookup::associate_account_request::AssociateAccountRequest;
 use pallet_treasury::BalanceOf;
 use pallet_web3_names::{Web3NameOf, Web3OwnershipOf};
-use runtime_common::constants::{
-	attestation::MAX_ATTESTATION_BYTE_LENGTH, did::MAX_DID_BYTE_LENGTH, did_lookup::MAX_CONNECTION_BYTE_LENGTH,
-	web3_names::MAX_NAME_BYTE_LENGTH, MAX_INDICES_BYTE_LENGTH,
+use runtime_common::{
+	constants::{
+		attestation::MAX_ATTESTATION_BYTE_LENGTH, did::MAX_DID_BYTE_LENGTH, did_lookup::MAX_CONNECTION_BYTE_LENGTH,
+		public_credentials::MAX_PUBLIC_CREDENTIAL_STORAGE_LENGTH, web3_names::MAX_NAME_BYTE_LENGTH,
+		MAX_INDICES_BYTE_LENGTH,
+	},
+	AccountId, BlockNumber,
 };
 
-#[cfg(test)]
-use runtime_common::{AccountId, BlockNumber};
-
 use super::{Call, Runtime};
 
 #[test]
@@ -101,6 +102,20 @@ fn indices_storage_sizes() {
 	assert_eq!(size, MAX_INDICES_BYTE_LENGTH as usize)
 }
 
+#[test]
+fn public_credentials_storage_sizes() {
+	// Stored in Credentials
+	let credential_entry_max_size = public_credentials::CredentialEntryOf::<Runtime>::max_encoded_len();
+	// Stored in CredentialsUnicityIndex
+	let subject_id_max_size = <Runtime as public_credentials::Config>::SubjectId::max_encoded_len();
+
+	// Each credential would have a different deposit, so no multiplier here
+	assert_eq!(
+		credential_entry_max_size + subject_id_max_size,
+		MAX_PUBLIC_CREDENTIAL_STORAGE_LENGTH as usize
+	)
+}
+
 #[test]
 fn test_derive_did_verification_relation_ctype() {
 	let c1 = Call::Ctype(ctype::Call::add {
diff --git a/runtimes/peregrine/src/weights/mod.rs b/runtimes/peregrine/src/weights/mod.rs
index 29b65e432d..a4e81bea09 100644
--- a/runtimes/peregrine/src/weights/mod.rs
+++ b/runtimes/peregrine/src/weights/mod.rs
@@ -39,3 +39,4 @@ pub mod pallet_utility;
 pub mod pallet_vesting;
 pub mod pallet_web3_names;
 pub mod parachain_staking;
+pub mod public_credentials;
diff --git a/runtimes/peregrine/src/weights/public_credentials.rs b/runtimes/peregrine/src/weights/public_credentials.rs
new file mode 100644
index 0000000000..567406b20a
--- /dev/null
+++ b/runtimes/peregrine/src/weights/public_credentials.rs
@@ -0,0 +1,93 @@
+// KILT Blockchain – https://botlabs.org
+// Copyright (C) 2019-2022 BOTLabs GmbH
+
+// The KILT Blockchain is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// The KILT Blockchain is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+// If you feel like getting in touch with us, you can do so at info@botlabs.org
+
+//! Autogenerated weights for public_credentials
+//!
+//! THIS FILE WAS AUTO-GENERATED USING THE SUBSTRATE BENCHMARK CLI VERSION 4.0.0-dev
+//! DATE: 2022-08-03, STEPS: `50`, REPEAT: 20, LOW RANGE: `[]`, HIGH RANGE: `[]`
+//! EXECUTION: Some(Wasm), WASM-EXECUTION: Compiled, CHAIN: Some("dev"), DB CACHE: 1024
+
+// Executed Command:
+// ./target/release/kilt-parachain
+// benchmark
+// pallet
+// --chain=dev
+// --steps=50
+// --repeat=20
+// --pallet=public-credentials
+// --extrinsic=*
+// --execution=wasm
+// --wasm-execution=compiled
+// --heap-pages=4096
+// --record-proof
+// --output=./runtimes/peregrine/src/weights/public_credentials.rs
+// --template=.maintain/runtime-weight-template.hbs
+
+#![cfg_attr(rustfmt, rustfmt_skip)]
+#![allow(unused_parens)]
+#![allow(unused_imports)]
+#![allow(clippy::unnecessary_cast)]
+
+use frame_support::{traits::Get, weights::Weight};
+use sp_std::marker::PhantomData;
+
+/// Weight functions for `public_credentials`.
+pub struct WeightInfo<T>(PhantomData<T>);
+impl<T: frame_system::Config> public_credentials::WeightInfo for WeightInfo<T> {
+	// Storage: Ctype Ctypes (r:1 w:0)
+	// Storage: PublicCredentials Credentials (r:1 w:1)
+	// Storage: System Account (r:1 w:1)
+	// Storage: PublicCredentials CredentialSubjects (r:0 w:1)
+	fn add(c: u32, ) -> Weight {
+		(64_513_000 as Weight)
+			// Standard Error: 0
+			.saturating_add((2_000 as Weight).saturating_mul(c as Weight))
+			.saturating_add(T::DbWeight::get().reads(3 as Weight))
+			.saturating_add(T::DbWeight::get().writes(3 as Weight))
+	}
+	// Storage: PublicCredentials CredentialSubjects (r:1 w:0)
+	// Storage: PublicCredentials Credentials (r:1 w:1)
+	fn revoke() -> Weight {
+		(39_447_000 as Weight)
+			.saturating_add(T::DbWeight::get().reads(2 as Weight))
+			.saturating_add(T::DbWeight::get().writes(1 as Weight))
+	}
+	// Storage: PublicCredentials CredentialSubjects (r:1 w:0)
+	// Storage: PublicCredentials Credentials (r:1 w:1)
+	fn unrevoke() -> Weight {
+		(39_183_000 as Weight)
+			.saturating_add(T::DbWeight::get().reads(2 as Weight))
+			.saturating_add(T::DbWeight::get().writes(1 as Weight))
+	}
+	// Storage: PublicCredentials CredentialSubjects (r:1 w:1)
+	// Storage: PublicCredentials Credentials (r:1 w:1)
+	// Storage: System Account (r:1 w:1)
+	fn remove() -> Weight {
+		(62_565_000 as Weight)
+			.saturating_add(T::DbWeight::get().reads(3 as Weight))
+			.saturating_add(T::DbWeight::get().writes(3 as Weight))
+	}
+	// Storage: PublicCredentials CredentialSubjects (r:1 w:1)
+	// Storage: PublicCredentials Credentials (r:1 w:1)
+	// Storage: System Account (r:1 w:1)
+	fn reclaim_deposit() -> Weight {
+		(62_648_000 as Weight)
+			.saturating_add(T::DbWeight::get().reads(3 as Weight))
+			.saturating_add(T::DbWeight::get().writes(3 as Weight))
+	}
+}
diff --git a/runtimes/spiritnet/Cargo.toml b/runtimes/spiritnet/Cargo.toml
index d375634dc0..31bfc15403 100644
--- a/runtimes/spiritnet/Cargo.toml
+++ b/runtimes/spiritnet/Cargo.toml
@@ -21,6 +21,7 @@ serde = {version = "1.0.142", optional = true, features = ["derive"]}
 did-rpc-runtime-api = {path = "../../rpc/did/runtime-api", default-features = false}
 frame-system-rpc-runtime-api = {git = "https://github.com/paritytech/substrate", default-features = false, branch = "polkadot-v0.9.28"}
 pallet-transaction-payment-rpc-runtime-api = {git = "https://github.com/paritytech/substrate", default-features = false, branch = "polkadot-v0.9.28"}
+public-credentials-runtime-api = {path = "../../rpc/public-credentials/runtime-api", default-features = false}
 
 # KILT pallets & primitives
 attestation = {path = "../../pallets/attestation", default-features = false}
@@ -34,6 +35,7 @@ pallet-inflation = {path = "../../pallets/pallet-inflation", default-features =
 pallet-relay-migration = {path = "../../pallets/relay-migration", default-features = false}
 pallet-web3-names = {path = "../../pallets/pallet-web3-names", default-features = false}
 parachain-staking = {path = "../../pallets/parachain-staking", default-features = false}
+public-credentials = {default-features = false, path = "../../pallets/public-credentials"}
 runtime-common = {path = "../../runtimes/common", default-features = false}
 
 # Substrate dependencies
@@ -139,6 +141,7 @@ runtime-benchmarks = [
   "pallet-vesting/runtime-benchmarks",
   "pallet-web3-names/runtime-benchmarks",
   "parachain-staking/runtime-benchmarks",
+  "public-credentials/runtime-benchmarks",
   "runtime-common/runtime-benchmarks",
   "sp-runtime/runtime-benchmarks",
   "xcm-builder/runtime-benchmarks",
@@ -194,6 +197,8 @@ std = [
   "parachain-info/std",
   "parachain-staking/std",
   "polkadot-parachain/std",
+  "public-credentials/std",
+  "public-credentials-runtime-api/std",
   "runtime-common/std",
   "scale-info/std",
   "serde",
@@ -247,5 +252,6 @@ try-runtime = [
   "pallet-vesting/try-runtime",
   "pallet-web3-names/try-runtime",
   "parachain-staking/try-runtime",
+  "public-credentials/try-runtime",
   "runtime-common/try-runtime",
 ]
diff --git a/runtimes/spiritnet/src/lib.rs b/runtimes/spiritnet/src/lib.rs
index 649145a758..3fc79248c0 100644
--- a/runtimes/spiritnet/src/lib.rs
+++ b/runtimes/spiritnet/src/lib.rs
@@ -47,9 +47,11 @@ use xcm_executor::XcmExecutor;
 use delegation::DelegationAc;
 use pallet_did_lookup::{linkable_account::LinkableAccountId, migrations::EthereumMigration};
 pub use parachain_staking::InflationInfo;
+pub use public_credentials;
 
 use kilt_support::relay::RelayChainCallBuilder;
 use runtime_common::{
+	assets::AssetDid,
 	authorization::{AuthorizationId, PalletAuthorize},
 	constants::{self, EXISTENTIAL_DEPOSIT, KILT},
 	fees::{ToAuthor, WeightToFee},
@@ -675,6 +677,23 @@ impl pallet_utility::Config for Runtime {
 
 impl pallet_randomness_collective_flip::Config for Runtime {}
 
+impl public_credentials::Config for Runtime {
+	type AccessControl = PalletAuthorize<DelegationAc<Runtime>>;
+	type AttesterId = DidIdentifier;
+	type AuthorizationId = AuthorizationId<<Runtime as delegation::Config>::DelegationNodeId>;
+	type CredentialId = Hash;
+	type CredentialHash = BlakeTwo256;
+	type Currency = Balances;
+	type Deposit = runtime_common::constants::public_credentials::Deposit;
+	type EnsureOrigin = did::EnsureDidOrigin<DidIdentifier, AccountId>;
+	type MaxEncodedClaimsLength = runtime_common::constants::public_credentials::MaxEncodedClaimsLength;
+	type MaxSubjectIdLength = runtime_common::constants::public_credentials::MaxSubjectIdLength;
+	type OriginSuccess = did::DidRawOrigin<AccountId, DidIdentifier>;
+	type Event = Event;
+	type SubjectId = runtime_common::assets::AssetDid;
+	type WeightInfo = weights::public_credentials::WeightInfo<Runtime>;
+}
+
 /// The type used to represent the kinds of proxying allowed.
 #[derive(
 	Copy, Clone, Eq, PartialEq, Ord, PartialOrd, Encode, Decode, RuntimeDebug, MaxEncodedLen, scale_info::TypeInfo,
@@ -725,6 +744,7 @@ impl InstanceFilter<Call> for ProxyType {
 					// Excludes `ParachainSystem`
 					| Call::Preimage(..)
 					| Call::Proxy(..)
+					| Call::PublicCredentials(..)
 					| Call::Scheduler(..)
 					| Call::Session(..)
 					| Call::System(..)
@@ -787,6 +807,13 @@ impl InstanceFilter<Call> for ProxyType {
 					// Excludes `ParachainSystem`
 					| Call::Preimage(..)
 					| Call::Proxy(..)
+					| Call::PublicCredentials(
+						// Excludes `reclaim_deposit`
+						public_credentials::Call::add { .. }
+						| public_credentials::Call::revoke { .. }
+						| public_credentials::Call::unrevoke { .. }
+						| public_credentials::Call::remove { .. }
+					)
 					| Call::Scheduler(..)
 					| Call::Session(..)
 					// Excludes `Sudo`
@@ -932,6 +959,7 @@ construct_runtime! {
 		Inflation: pallet_inflation = 66,
 		DidLookup: pallet_did_lookup = 67,
 		Web3Names: pallet_web3_names = 68,
+		PublicCredentials: public_credentials = 69,
 
 		// Parachains pallets. Start indices at 80 to leave room.
 
@@ -979,6 +1007,7 @@ impl did::DeriveDidCallAuthorizationVerificationKeyRelationship for Call {
 			Call::Did(did::Call::create { .. }) => Err(did::RelationshipDeriveError::NotCallableByDid),
 			Call::Did { .. } => Ok(did::DidVerificationKeyRelationship::Authentication),
 			Call::Web3Names { .. } => Ok(did::DidVerificationKeyRelationship::Authentication),
+			Call::PublicCredentials { .. } => Ok(did::DidVerificationKeyRelationship::AssertionMethod),
 			Call::DidLookup { .. } => Ok(did::DidVerificationKeyRelationship::Authentication),
 			Call::Utility(pallet_utility::Call::batch { calls }) => single_key_relationship(&calls[..]),
 			Call::Utility(pallet_utility::Call::batch_all { calls }) => single_key_relationship(&calls[..]),
@@ -1228,6 +1257,17 @@ impl_runtime_apis! {
 		}
 	}
 
+	impl public_credentials_runtime_api::PublicCredentialsApi<Block, AssetDid, Hash, public_credentials::CredentialEntry<Hash, DidIdentifier, BlockNumber, AccountId, Balance, AuthorizationId<<Runtime as delegation::Config>::DelegationNodeId>>> for Runtime {
+		fn get_credential(credential_id: Hash) -> Option<public_credentials::CredentialEntry<Hash, DidIdentifier, BlockNumber, AccountId, Balance, AuthorizationId<<Runtime as delegation::Config>::DelegationNodeId>>> {
+			let subject = public_credentials::CredentialSubjects::<Runtime>::get(&credential_id)?;
+			public_credentials::Credentials::<Runtime>::get(&subject, &credential_id)
+		}
+
+		fn get_credentials(subject: <Runtime as public_credentials::Config>::SubjectId) -> Vec<(Hash, public_credentials::CredentialEntry<Hash, DidIdentifier, BlockNumber, AccountId, Balance, AuthorizationId<<Runtime as delegation::Config>::DelegationNodeId>>)> {
+			public_credentials::Credentials::<Runtime>::iter_prefix(&subject).collect()
+		}
+	}
+
 	#[cfg(feature = "runtime-benchmarks")]
 	impl frame_benchmarking::Benchmark<Block> for Runtime {
 		fn benchmark_metadata(extra: bool) -> (
@@ -1269,6 +1309,7 @@ impl_runtime_apis! {
 			list_benchmark!(list, extra, pallet_inflation, Inflation);
 			list_benchmark!(list, extra, parachain_staking, ParachainStaking);
 			list_benchmark!(list, extra, pallet_web3_names, Web3Names);
+			list_benchmark!(list, extra, public_credentials, PublicCredentials);
 
 			let storage_info = AllPalletsWithSystem::storage_info();
 
@@ -1335,6 +1376,7 @@ impl_runtime_apis! {
 			add_benchmark!(params, batches, pallet_inflation, Inflation);
 			add_benchmark!(params, batches, parachain_staking, ParachainStaking);
 			add_benchmark!(params, batches, pallet_web3_names, Web3Names);
+			add_benchmark!(params, batches, public_credentials, PublicCredentials);
 
 			// No benchmarks for these pallets
 			// add_benchmark!(params, batches, cumulus_pallet_parachain_system, ParachainSystem);
diff --git a/runtimes/spiritnet/src/tests.rs b/runtimes/spiritnet/src/tests.rs
index c32ce049a8..c720ae2d9b 100644
--- a/runtimes/spiritnet/src/tests.rs
+++ b/runtimes/spiritnet/src/tests.rs
@@ -23,14 +23,15 @@ use did::DeriveDidCallAuthorizationVerificationKeyRelationship;
 use pallet_did_lookup::associate_account_request::AssociateAccountRequest;
 use pallet_treasury::BalanceOf;
 use pallet_web3_names::{Web3NameOf, Web3OwnershipOf};
-use runtime_common::constants::{
-	attestation::MAX_ATTESTATION_BYTE_LENGTH, did::MAX_DID_BYTE_LENGTH, did_lookup::MAX_CONNECTION_BYTE_LENGTH,
-	web3_names::MAX_NAME_BYTE_LENGTH, MAX_INDICES_BYTE_LENGTH,
+use runtime_common::{
+	constants::{
+		attestation::MAX_ATTESTATION_BYTE_LENGTH, did::MAX_DID_BYTE_LENGTH, did_lookup::MAX_CONNECTION_BYTE_LENGTH,
+		public_credentials::MAX_PUBLIC_CREDENTIAL_STORAGE_LENGTH, web3_names::MAX_NAME_BYTE_LENGTH,
+		MAX_INDICES_BYTE_LENGTH,
+	},
+	AccountId, BlockNumber,
 };
 
-#[cfg(test)]
-use runtime_common::{AccountId, BlockNumber};
-
 use super::{Call, Runtime};
 
 #[test]
@@ -101,6 +102,20 @@ fn indices_storage_sizes() {
 	assert_eq!(size, MAX_INDICES_BYTE_LENGTH as usize)
 }
 
+#[test]
+fn public_credentials_storage_sizes() {
+	// Stored in Credentials
+	let credential_entry_max_size = public_credentials::CredentialEntryOf::<Runtime>::max_encoded_len();
+	// Stored in CredentialsUnicityIndex
+	let subject_id_max_size = <Runtime as public_credentials::Config>::SubjectId::max_encoded_len();
+
+	// Each credential would have a different deposit, so no multiplier here
+	assert_eq!(
+		credential_entry_max_size + subject_id_max_size,
+		MAX_PUBLIC_CREDENTIAL_STORAGE_LENGTH as usize
+	)
+}
+
 #[test]
 fn test_derive_did_verification_relation_ctype() {
 	let c1 = Call::Ctype(ctype::Call::add {
diff --git a/runtimes/spiritnet/src/weights/mod.rs b/runtimes/spiritnet/src/weights/mod.rs
index 29b65e432d..a4e81bea09 100644
--- a/runtimes/spiritnet/src/weights/mod.rs
+++ b/runtimes/spiritnet/src/weights/mod.rs
@@ -39,3 +39,4 @@ pub mod pallet_utility;
 pub mod pallet_vesting;
 pub mod pallet_web3_names;
 pub mod parachain_staking;
+pub mod public_credentials;
diff --git a/runtimes/spiritnet/src/weights/public_credentials.rs b/runtimes/spiritnet/src/weights/public_credentials.rs
new file mode 100644
index 0000000000..aca5f7a033
--- /dev/null
+++ b/runtimes/spiritnet/src/weights/public_credentials.rs
@@ -0,0 +1,93 @@
+// KILT Blockchain – https://botlabs.org
+// Copyright (C) 2019-2022 BOTLabs GmbH
+
+// The KILT Blockchain is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// The KILT Blockchain is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+// If you feel like getting in touch with us, you can do so at info@botlabs.org
+
+//! Autogenerated weights for public_credentials
+//!
+//! THIS FILE WAS AUTO-GENERATED USING THE SUBSTRATE BENCHMARK CLI VERSION 4.0.0-dev
+//! DATE: 2022-08-03, STEPS: `50`, REPEAT: 20, LOW RANGE: `[]`, HIGH RANGE: `[]`
+//! EXECUTION: Some(Wasm), WASM-EXECUTION: Compiled, CHAIN: Some("spiritnet-dev"), DB CACHE: 1024
+
+// Executed Command:
+// ./target/release/kilt-parachain
+// benchmark
+// pallet
+// --chain=spiritnet-dev
+// --steps=50
+// --repeat=20
+// --pallet=public-credentials
+// --extrinsic=*
+// --execution=wasm
+// --wasm-execution=compiled
+// --heap-pages=4096
+// --record-proof
+// --output=./runtimes/spiritnet/src/weights/public_credentials.rs
+// --template=.maintain/runtime-weight-template.hbs
+
+#![cfg_attr(rustfmt, rustfmt_skip)]
+#![allow(unused_parens)]
+#![allow(unused_imports)]
+#![allow(clippy::unnecessary_cast)]
+
+use frame_support::{traits::Get, weights::Weight};
+use sp_std::marker::PhantomData;
+
+/// Weight functions for `public_credentials`.
+pub struct WeightInfo<T>(PhantomData<T>);
+impl<T: frame_system::Config> public_credentials::WeightInfo for WeightInfo<T> {
+	// Storage: Ctype Ctypes (r:1 w:0)
+	// Storage: PublicCredentials Credentials (r:1 w:1)
+	// Storage: System Account (r:1 w:1)
+	// Storage: PublicCredentials CredentialSubjects (r:0 w:1)
+	fn add(c: u32, ) -> Weight {
+		(33_401_000 as Weight)
+			// Standard Error: 0
+			.saturating_add((1_000 as Weight).saturating_mul(c as Weight))
+			.saturating_add(T::DbWeight::get().reads(3 as Weight))
+			.saturating_add(T::DbWeight::get().writes(3 as Weight))
+	}
+	// Storage: PublicCredentials CredentialSubjects (r:1 w:0)
+	// Storage: PublicCredentials Credentials (r:1 w:1)
+	fn revoke() -> Weight {
+		(19_510_000 as Weight)
+			.saturating_add(T::DbWeight::get().reads(2 as Weight))
+			.saturating_add(T::DbWeight::get().writes(1 as Weight))
+	}
+	// Storage: PublicCredentials CredentialSubjects (r:1 w:0)
+	// Storage: PublicCredentials Credentials (r:1 w:1)
+	fn unrevoke() -> Weight {
+		(19_072_000 as Weight)
+			.saturating_add(T::DbWeight::get().reads(2 as Weight))
+			.saturating_add(T::DbWeight::get().writes(1 as Weight))
+	}
+	// Storage: PublicCredentials CredentialSubjects (r:1 w:1)
+	// Storage: PublicCredentials Credentials (r:1 w:1)
+	// Storage: System Account (r:1 w:1)
+	fn remove() -> Weight {
+		(32_204_000 as Weight)
+			.saturating_add(T::DbWeight::get().reads(3 as Weight))
+			.saturating_add(T::DbWeight::get().writes(3 as Weight))
+	}
+	// Storage: PublicCredentials CredentialSubjects (r:1 w:1)
+	// Storage: PublicCredentials Credentials (r:1 w:1)
+	// Storage: System Account (r:1 w:1)
+	fn reclaim_deposit() -> Weight {
+		(32_430_000 as Weight)
+			.saturating_add(T::DbWeight::get().reads(3 as Weight))
+			.saturating_add(T::DbWeight::get().writes(3 as Weight))
+	}
+}
diff --git a/runtimes/standalone/Cargo.toml b/runtimes/standalone/Cargo.toml
index 967c3d58d7..295b0e2f82 100644
--- a/runtimes/standalone/Cargo.toml
+++ b/runtimes/standalone/Cargo.toml
@@ -25,6 +25,8 @@ kilt-support = {path = "../../support", default-features = false, optional = tru
 pallet-did-lookup = {default-features = false, path = "../../pallets/pallet-did-lookup"}
 pallet-dyn-filter = {default-features = false, path = "../../pallets/pallet-dyn-filter"}
 pallet-web3-names = {default-features = false, path = "../../pallets/pallet-web3-names"}
+public-credentials = {default-features = false, path = "../../pallets/public-credentials"}
+public-credentials-runtime-api = {default-features = false, path = "../../rpc/public-credentials/runtime-api"}
 runtime-common = {path = "../../runtimes/common", default-features = false}
 
 # RPC
@@ -97,6 +99,7 @@ runtime-benchmarks = [
   "pallet-timestamp/runtime-benchmarks",
   "pallet-web3-names/runtime-benchmarks",
   "pallet-proxy/runtime-benchmarks",
+  "public-credentials/runtime-benchmarks",
   "sp-runtime/runtime-benchmarks",
 ]
 std = [
@@ -128,6 +131,8 @@ std = [
   "pallet-transaction-payment/std",
   "pallet-transaction-payment-rpc-runtime-api/std",
   "pallet-web3-names/std",
+  "public-credentials/std",
+  "public-credentials-runtime-api/std",
   "runtime-common/std",
   "scale-info/std",
   "serde",
@@ -168,4 +173,5 @@ try-runtime = [
   "pallet-web3-names/try-runtime",
   "pallet-utility/try-runtime",
   "pallet-transaction-payment/try-runtime",
+  "public-credentials/try-runtime",
 ]
diff --git a/runtimes/standalone/src/lib.rs b/runtimes/standalone/src/lib.rs
index e3db171f69..5f480ead89 100644
--- a/runtimes/standalone/src/lib.rs
+++ b/runtimes/standalone/src/lib.rs
@@ -52,6 +52,7 @@ use sp_version::RuntimeVersion;
 use delegation::DelegationAc;
 use pallet_did_lookup::{linkable_account::LinkableAccountId, migrations::EthereumMigration};
 use runtime_common::{
+	assets::AssetDid,
 	authorization::{AuthorizationId, PalletAuthorize},
 	constants::{self, EXISTENTIAL_DEPOSIT, KILT},
 	fees::ToAuthor,
@@ -67,6 +68,7 @@ pub use delegation;
 pub use did;
 pub use pallet_balances::Call as BalancesCall;
 pub use pallet_web3_names;
+pub use public_credentials;
 
 #[cfg(feature = "std")]
 use sp_version::NativeVersion;
@@ -473,6 +475,23 @@ impl pallet_utility::Config for Runtime {
 
 impl pallet_randomness_collective_flip::Config for Runtime {}
 
+impl public_credentials::Config for Runtime {
+	type AccessControl = PalletAuthorize<DelegationAc<Runtime>>;
+	type AttesterId = DidIdentifier;
+	type AuthorizationId = AuthorizationId<<Runtime as delegation::Config>::DelegationNodeId>;
+	type CredentialId = Hash;
+	type CredentialHash = BlakeTwo256;
+	type Currency = Balances;
+	type Deposit = runtime_common::constants::public_credentials::Deposit;
+	type EnsureOrigin = did::EnsureDidOrigin<DidIdentifier, AccountId>;
+	type MaxEncodedClaimsLength = runtime_common::constants::public_credentials::MaxEncodedClaimsLength;
+	type MaxSubjectIdLength = runtime_common::constants::public_credentials::MaxSubjectIdLength;
+	type OriginSuccess = did::DidRawOrigin<AccountId, DidIdentifier>;
+	type Event = Event;
+	type SubjectId = runtime_common::assets::AssetDid;
+	type WeightInfo = ();
+}
+
 /// The type used to represent the kinds of proxying allowed.
 #[derive(
 	Copy, Clone, Eq, PartialEq, Ord, PartialOrd, Encode, Decode, RuntimeDebug, MaxEncodedLen, scale_info::TypeInfo,
@@ -515,6 +534,7 @@ impl InstanceFilter<Call> for ProxyType {
 							| pallet_indices::Call::freeze { .. }
 					)
 					| Call::Proxy(..)
+					| Call::PublicCredentials(..)
 					| Call::Session(..)
 					// Excludes `Sudo`
 					| Call::System(..)
@@ -564,6 +584,13 @@ impl InstanceFilter<Call> for ProxyType {
 					)
 					| Call::Indices(..)
 					| Call::Proxy(..)
+					| Call::PublicCredentials(
+						// Excludes `reclaim_deposit`
+						public_credentials::Call::add { .. }
+						| public_credentials::Call::revoke { .. }
+						| public_credentials::Call::unrevoke { .. }
+						| public_credentials::Call::remove { .. }
+					)
 					| Call::Session(..)
 					// Excludes `Sudo`
 					| Call::System(..)
@@ -670,6 +697,7 @@ construct_runtime!(
 
 		Proxy: pallet_proxy::{Pallet, Call, Storage, Event<T>} = 37,
 		Web3Names: pallet_web3_names = 38,
+		PublicCredentials: public_credentials = 39,
 	}
 );
 
@@ -701,6 +729,7 @@ impl did::DeriveDidCallAuthorizationVerificationKeyRelationship for Call {
 			Call::Did { .. } => Ok(did::DidVerificationKeyRelationship::Authentication),
 			Call::Web3Names { .. } => Ok(did::DidVerificationKeyRelationship::Authentication),
 			Call::DidLookup { .. } => Ok(did::DidVerificationKeyRelationship::Authentication),
+			Call::PublicCredentials { .. } => Ok(did::DidVerificationKeyRelationship::AssertionMethod),
 			Call::Utility(pallet_utility::Call::batch { calls }) => single_key_relationship(&calls[..]),
 			Call::Utility(pallet_utility::Call::batch_all { calls }) => single_key_relationship(&calls[..]),
 			#[cfg(not(feature = "runtime-benchmarks"))]
@@ -976,6 +1005,17 @@ impl_runtime_apis! {
 		}
 	}
 
+	impl public_credentials_runtime_api::PublicCredentialsApi<Block, AssetDid, Hash, public_credentials::CredentialEntry<Hash, DidIdentifier, BlockNumber, AccountId, Balance, AuthorizationId<<Runtime as delegation::Config>::DelegationNodeId>>> for Runtime {
+		fn get_credential(credential_id: Hash) -> Option<public_credentials::CredentialEntry<Hash, DidIdentifier, BlockNumber, AccountId, Balance, AuthorizationId<<Runtime as delegation::Config>::DelegationNodeId>>> {
+			let subject = public_credentials::CredentialSubjects::<Runtime>::get(&credential_id)?;
+			public_credentials::Credentials::<Runtime>::get(&subject, &credential_id)
+		}
+
+		fn get_credentials(subject: <Runtime as public_credentials::Config>::SubjectId) -> Vec<(Hash, public_credentials::CredentialEntry<Hash, DidIdentifier, BlockNumber, AccountId, Balance, AuthorizationId<<Runtime as delegation::Config>::DelegationNodeId>>)> {
+			public_credentials::Credentials::<Runtime>::iter_prefix(&subject).collect()
+		}
+	}
+
 	#[cfg(feature = "runtime-benchmarks")]
 	impl frame_benchmarking::Benchmark<Block> for Runtime {
 		fn benchmark_metadata(extra: bool) -> (
diff --git a/scripts/run_benches_for_pallets.sh b/scripts/run_benches_for_pallets.sh
index 412eb8f273..afa9fe0d73 100755
--- a/scripts/run_benches_for_pallets.sh
+++ b/scripts/run_benches_for_pallets.sh
@@ -17,6 +17,7 @@ pallets=(
 	pallet-inflation
 	pallet-web3-names
     parachain-staking
+	public-credentials
 )
 
 echo "[+] Running all default weight benchmarks for $runtime --chain=$chain"
diff --git a/scripts/run_benches_for_runtime.sh b/scripts/run_benches_for_runtime.sh
index 6de5fbc57f..c6f21f89dc 100755
--- a/scripts/run_benches_for_runtime.sh
+++ b/scripts/run_benches_for_runtime.sh
@@ -32,6 +32,7 @@ pallets=(
     pallet-vesting
 	pallet-web3-names
     parachain-staking
+	public-credentials
 )
 
 echo "[+] Running all runtime benchmarks for $runtime --chain=$chain"
diff --git a/support/Cargo.toml b/support/Cargo.toml
index 6a01189513..a8e0c6048a 100644
--- a/support/Cargo.toml
+++ b/support/Cargo.toml
@@ -3,14 +3,16 @@ authors = ["KILT <info@kilt.io>"]
 description = "Shared traits and structs used across the KILT pallets"
 edition = "2021"
 name = "kilt-support"
-repository = "https://github.com/KILTprotocol/mashnet-node"
+repository = "https://github.com/KILTprotocol/kilt-node"
 version = "1.7.2"
 
 [dependencies]
+# External dependencies
 codec = {package = "parity-scale-codec", version = "3.1.5", default-features = false, features = ["derive"]}
 scale-info = {version = "2.1.1", default-features = false, features = ["derive"]}
 serde = {version = "1.0.136", optional = true, features = ["derive"]}
 
+# Substrate dependencies
 cumulus-primitives-core = {branch = "polkadot-v0.9.28", default-features = false, git = "https://github.com/paritytech/cumulus"}
 frame-support = {branch = "polkadot-v0.9.28", default-features = false, git = "https://github.com/paritytech/substrate"}
 frame-system = {branch = "polkadot-v0.9.28", default-features = false, git = "https://github.com/paritytech/substrate"}
@@ -30,18 +32,18 @@ targets = ["x86_64-unknown-linux-gnu"]
 default = ["std"]
 mock = []
 runtime-benchmarks = [
-  "sp-runtime/runtime-benchmarks",
   "frame-support/runtime-benchmarks",
   "frame-system/runtime-benchmarks",
+  "sp-runtime/runtime-benchmarks",
 ]
 std = [
-  "serde",
   "codec/std",
   "cumulus-primitives-core/std",
   "frame-support/std",
   "frame-system/std",
   "polkadot-core-primitives/std",
   "scale-info/std",
+  "serde",
   "sp-core/std",
   "sp-runtime/std",
   "sp-std/std",
diff --git a/support/src/deposit.rs b/support/src/deposit.rs
index d9b3a2205e..5d2b51529e 100644
--- a/support/src/deposit.rs
+++ b/support/src/deposit.rs
@@ -17,13 +17,13 @@
 // If you feel like getting in touch with us, you can do so at info@botlabs.org
 
 use codec::{Decode, Encode, MaxEncodedLen};
+use frame_support::traits::ReservableCurrency;
 use scale_info::TypeInfo;
-#[cfg(feature = "std")]
-use serde::{Deserialize, Serialize};
+use sp_runtime::{traits::Zero, DispatchError};
 
 /// An amount of balance reserved by the specified address.
-#[derive(Clone, Debug, Encode, Decode, Eq, PartialEq, TypeInfo, MaxEncodedLen)]
-#[cfg_attr(feature = "std", derive(Serialize, Deserialize))]
+#[derive(Clone, Debug, Encode, Decode, Eq, PartialEq, Ord, PartialOrd, TypeInfo, MaxEncodedLen)]
+#[cfg_attr(feature = "std", derive(serde::Serialize, serde::Deserialize))]
 pub struct Deposit<Account, Balance> {
 	pub owner: Account,
 	#[cfg_attr(
@@ -34,6 +34,22 @@ pub struct Deposit<Account, Balance> {
 	pub amount: Balance,
 }
 
+pub fn reserve_deposit<Account, Currency: ReservableCurrency<Account>>(
+	account: Account,
+	deposit_amount: Currency::Balance,
+) -> Result<Deposit<Account, Currency::Balance>, DispatchError> {
+	Currency::reserve(&account, deposit_amount)?;
+	Ok(Deposit {
+		owner: account,
+		amount: deposit_amount,
+	})
+}
+
+pub fn free_deposit<Account, Currency: ReservableCurrency<Account>>(deposit: &Deposit<Account, Currency::Balance>) {
+	let err_amount = Currency::unreserve(&deposit.owner, deposit.amount);
+	debug_assert!(err_amount.is_zero());
+}
+
 // This code was copied from https://github.com/paritytech/substrate/blob/ded44948e2d5a398abcb4e342b0513cb690961bb/frame/transaction-payment/src/types.rs#L113
 // It is needed because u128 cannot be serialized by serde_json out of the box.
 #[cfg(feature = "std")]
diff --git a/support/src/lib.rs b/support/src/lib.rs
index 1cb723b63c..6aeeb21b4f 100644
--- a/support/src/lib.rs
+++ b/support/src/lib.rs
@@ -17,21 +17,11 @@
 // If you feel like getting in touch with us, you can do so at info@botlabs.org
 #![cfg_attr(not(feature = "std"), no_std)]
 
-use deposit::Deposit;
-use frame_support::traits::{Currency, ReservableCurrency};
-use sp_runtime::traits::Zero;
-
 pub mod deposit;
+pub use deposit::{free_deposit, reserve_deposit};
+
 #[cfg(any(feature = "runtime-benchmarks", feature = "mock"))]
 pub mod mock;
 pub mod relay;
 pub mod signature;
 pub mod traits;
-
-pub fn free_deposit<A, C>(deposit: &Deposit<A, C::Balance>)
-where
-	C: Currency<A> + ReservableCurrency<A>,
-{
-	let err_amount = C::unreserve(&deposit.owner, deposit.amount);
-	debug_assert!(err_amount.is_zero());
-}
diff --git a/support/src/traits.rs b/support/src/traits.rs
index 99ae91ce31..0913be3f4c 100644
--- a/support/src/traits.rs
+++ b/support/src/traits.rs
@@ -76,6 +76,13 @@ pub trait GenerateBenchmarkOrigin<OuterOrigin, AccountId, SubjectId> {
 	fn generate_origin(sender: AccountId, subject: SubjectId) -> OuterOrigin;
 }
 
+/// Trait that allows types to implement a worst case value for a type,
+/// only when running benchmarks.
+#[cfg(feature = "runtime-benchmarks")]
+pub trait GetWorstCase {
+	fn worst_case() -> Self;
+}
+
 /// Trait to reflect calls to the relaychain which we support on the pallet
 /// level.
 pub trait RelayCallBuilder {