Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VC Issuance flow 2.0 incl revocation #416

Closed
9 of 28 tasks
jjeroch opened this issue Jan 8, 2024 · 1 comment
Closed
9 of 28 tasks

VC Issuance flow 2.0 incl revocation #416

jjeroch opened this issue Jan 8, 2024 · 1 comment
Assignees
@jjeroch
Labels
miw Feature/Bug for Managed Identity Wallet component PI12 CX-ART PI Issues portal Feature/Bug for Portal component Prep-PI12 CX-ART PI Preparation Issues for Consortia Planning sd factory Feature/Bug for Self Description Factory component
Milestone
24.05

Comments

@jjeroch
Copy link

jjeroch commented Jan 8, 2024
edited
Loading

Description

image *please note, mentioned companies or systems are only examples and used for easier understanding

DRAFT
Implement a reliable and future oriented VC issuance flow for the CX dataspace enabling to connect any wallet (currently just one; soon multiple) to the core applications

Flow Details

  • Operating Company will have a wallet tenant (manually configured)
  • VCs are created from the issuer component and signed by the wallet (supported format JWT)
  • Generic wallet API to issue and sign credentials of all types (Cofinity tenant)
    • Input: schema, credential type, credential subject, DID, signing key
    • Authenticated REST API (Authentication credentials can be downloaded from SAP Sub- Account)
  • Catena-X Portal provides the opportunity for Catena- X members to see and download their VCs
  • GAIA-X credential will also be provided from the portal
  • Credential can be downloaded and must be stored in the customer wallet manually

In Scope:
all items displayed in the image below in red.

Out-of-scope:
https://github.com/eclipse-tractusx/identity- trust/blob/main/specifications/M1/credential.issu ance.protocol.md

General Assumptions
• Development Closure 28.03.2024
• Credential format: JWT
• Revocation: credentialStatus
• DID method: web
• Operator hosts DIDDocument
• Schema version: http://json-schema.org/draft-07/schema#
• No Schemas with references
• No summary credential
• Credential schemas are defined
• Direct users of DIM have to sign a Test and Evaluation agreement

Implementation Details

1 IF to create Wallet Tenant

as-of PI planning - changes are expected and will get handled inside the actual implementation ticket #453
The wallet used as operator wallet (managed wallet for operator customers) MUST support a REST API Interface to support the tenant wallet creation by the operator.

Endpoint to be defined /create
Supposed content:
`

  • CompanyName
  • BPNL (which is the unique identifier)
    `

Result: Wallet Tenant is created. DID Document issues and responded with the DID
Interface Type: Synchron

NOTE: the DID Document is going to be published by the portal. This allows external wallet to be supported without an buy-in. (more flexible if wallet move is planned...etc.)

Depending on the wallet type: if the wallet is not managed/authenticated/secured by the operator env.; the response MUST include a client ID & secret which the portal needs to secure. The credentials are used to store later on the created VC inside the respective wallet client

2 IF Operator Tenant Signature

as-of PI planning - changes are expected and will get handled inside the actual implementation ticket #???
The wallet must provide an endpoint (details still in definition) to allow the request a signature of a unsigned credential (json credential) created by the issuer component. The issuer components provides the unsigned credential to the operator wallet, which signs it and provides the signed credential as verifiable credential back.

Endpoint to be defined: ????
Supposed content:
???

Result/Response: Signed VC

3 IF Store Credential inside Holder Wallet (interim solution)

as-of PI planning - changes are expected and will get handled inside the actual implementation ticket #???
The newly created verifiable credential need to be stored inside the holder wallet. The Issuer component is supposed to own this task for a certain time. To allow this, the wallet must provide an input endpoint via which the VC can get stored by the issuer component.
Authentication (operator internal; for external secured wallets the client id and secret will be used)

Endpoint to be defined: ????
Supposed content:
???

Result/Response: Success

B IF Wallet Revocation List Access

The wallet must provide an endpoint (details still in definition) which allows the issuer component to initiate a revocation of a credential - in the case the credential is revoked by the issuer or by the holder via the issuer.
Auto expiry handling to be defined

The used revocation list is StatusList21....

Endpoint to be defined: ????
Supposed content:
`

  • verified_credential_ID
    `

Result: Success message/response

Impact

Portal; Wallet Provider; SD Factory

Additional information

Backend

Issuer Component

Others
@jjeroch jjeroch added the Prep-PI12 CX-ART PI Preparation Issues for Consortia Planning label Jan 8, 2024
@jjeroch jjeroch added this to the 24.05 milestone Jan 8, 2024
@jjeroch jjeroch added portal Feature/Bug for Portal component miw Feature/Bug for Managed Identity Wallet component labels Jan 8, 2024
@jjeroch jjeroch self-assigned this Jan 8, 2024
@jjeroch jjeroch changed the title Issuer Component - VC Issuance VC Issuance flow 2.0 incl revocation Jan 10, 2024
@jjeroch jjeroch added the sd factory Feature/Bug for Self Description Factory component label Jan 10, 2024
@msinamci msinamci added the PI12 CX-ART PI Issues label Jan 22, 2024
@OSchlienz OSchlienz mentioned this issue Jan 18, 2024
Open
10 tasks
@OSchlienz OSchlienz mentioned this issue Apr 3, 2024
Open
@jjeroch jjeroch mentioned this issue Apr 16, 2024
Closed
1 task
@stephanbcbauer
Copy link
Member

Hello @jjeroch , @evegufy

Since the feature is a 24.05 feature and the development phase for 24.08 is coming to an end, we need a status on the feature. Can you please update the status?

  • Currently you are assigned (Responsible) → Is this correct? If not, please assign the correct contact person
  • Please check whether the status (backlog, work in progress ...) is set correctly
  • Please comment on the current status of the feature
  • Are all SubTasks (issues from other repositories that deal with the feature) linked? → The easiest way is to mention the feature here in the issue (via the ID) so we can see which teams/repositories are involved.
  • Is there a spillover planned?

If you need any clarification, please get in touch, thank you very much.

Stephan

@jjeroch jjeroch closed this as completed Jul 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jjeroch jjeroch

Labels
miw Feature/Bug for Managed Identity Wallet component PI12 CX-ART PI Issues portal Feature/Bug for Portal component Prep-PI12 CX-ART PI Preparation Issues for Consortia Planning sd factory Feature/Bug for Self Description Factory component
Projects
Portal
Archived in project
Release Planning
Status: Done
Milestone
24.05
Development

No branches or pull requests
3 participants
@stephanbcbauer @jjeroch @msinamci