Participant Node and Party

According to this answer Signing Transactions - #2 by Gary_Verhaegen, it is possible that “every single party has their own participant and each participant only has one party”, in this case the participant node would be the JWT token issuer with a public/private key pair.

If the participant node wants to sign a transaction acting as their party, would they therefore issue a JWT assign it to that party and submit transactions with that JWT token? Or is there a way to interface with the ledger directly with the public/private key pair?

I think you’re mixing up two orthogonal concerns here:

  1. JWT auth
  2. Transaction signing

JWT auth is purely an access control on the ledger API on the participant. You provide some way for the ledger API to validate a JWT (e.g. a public key or JWKS url) and it validates that incoming JWTs are valid and have the claims required for a specific request. The JWT is not persisted anywhere and the participant only validates JWTs, it does not have access to the signing key which is stored in

Transaction signing happens when transactions are sent between participants (in Canton). The participant has a signing key for that (which is completely independent from the keys used for JWTs) and signs all transactions it submits to the network with that. So transactions are signed at the participant level and not at the party level which is why taking your own node means you get a signing key just for your party (because it’s the only one on that node).

To repeat: transaction signing has nothing to do with JWTs. It happens even if you turn off JWT auth on your ledger and it uses different keys.