Skip to content
/ credentials-config-service Public
forked from FIWARE/credentials-config-service

Provide information about scope and trust-lists for verifier components.

License

Apache-2.0 license
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

oriolcanades/credentials-config-service

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.github/workflows
.github/workflows
 
 
api
api
 
 
doc
doc
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Credentials Config Service

The Credentials Config Service manages and provides information about services and the credentials they are using. It returns the scope to be requested from the wallet per service and the credentials and issuers that are considered to be trusted for a certain service.

FIWARE Security License badge Container Repository on Quay Coverage Status Test Release

Background

In an DSBA-compliant framework, a Verifier is responsible to communicate with wallets and verify the credentials they provide. To get this done, it needs information about:

  • the credentials to be requested from a wallet
  • the credentials and claims an issuer is allowed to issue

To do so, it requires a service that provides such information, e.g. the Credentials Config Service. See the following diagram on how the service integrates into the framework.

overview-setup

Installation

Container

The Credentials-Config-Service Service is provided as a container at quay.io. To store information about the services, a database has to be provided. In a local setup, you can for example use:

docker run --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=root -e MYSQL_USER=user -e MYSQL_PASSWORD=password -e MYSQL_DATABASE=db mysql

and the start the service:

docker run --network host quay.io/fiware/credentials-config-service:0.0.1

After that, its accessible at localhost:8080.

Configuration

Configurations can be provided with the standard mechanisms of the Micronaut-Framework, e.g. environment variables or appliction.yaml file. The following table concentrates on the most important configuration parameters:

Property Env-Var Description Default
micronaut.server.port MICRONAUT_SERVER_PORT Server port to be used for the notfication proxy. 8080
micronaut.metrics.enabled MICRONAUT_METRICS_ENABLED Enable the metrics gathering true
datasources.default.url DATASOURCES_DEFAULT_URL JDBC connection string to the database. jdbc:mysql://localhost:3306/db
datasources.default.driverClassName DATASOURCES_DEFAULT_DRIVER_CLASS_NAME Driver to be used for the database connection. com.mysql.cj.jdbc.Driver
datasources.default.username DATASOURCES_DEFAULT_USERNAME Username to authenticate at the database. user
datasources.default.password DATASOURCES_DEFAULT_PASSWORD Password to authenticate at the database. password
datasources.default.dialect DATASOURCES_DEFAULT_DIALECT Dialect to be used with the DB. Currently MYSQL and H2 are supported. MYSQL

Database

Credentials-Config-Service requires an SQL database. It currently supports MySql-compatible DBs and H2 (as an In-Memory DB for dev/test purposes). Migrations are applied via flyway, see the migration-scripts for the schema.

Usage

The service provides the following API:

It is used to manage the service-related entries and provides endpoints to retrieve the required information.

Example

To have information about an service available, it first needs to be created. An example request would look like:

curl -X 'POST' \
  'http://localhost:8080/service' \
  -H 'accept: */*' \
  -H 'Content-Type: application/json' \
  -d '{
  "id": "packet-delivery-service",
  "credentials": [
    {
      "type": "VerifiableCredential",
      "trustedParticipantsLists": [
        "https://tir-pdc.gaia-x.fiware.dev"
      ],
      "trustedIssuersLists": [
        "https://til-pdc.gaia-x.fiware.dev"
      ]
    }
  ]
}'

Such configuration will define that the requested scope for authentication-requests to packet-delivery-service is VerifiableCredential and that the issuer needs to be listed as a trusted-participant at https://tir-pdc.gaia-x.fiware.dev and that the information about the trusted-issuers should be retrieved from https://til-pdc.gaia-x.fiware.dev.

The verifier can access that information via:

curl --location 'localhost:8080/service/packet-delivery-service'

and receive:

{
  "id": "packet-delivery-service",
  "credentials": [
    {
      "type": "VerifiableCredential",
      "trustedParticipantsLists": [
        "https://tir-pdc.gaia-x.fiware.dev"
      ],
      "trustedIssuersLists": [
        "https://til-pdc.gaia-x.fiware.dev"
      ]
    }
  ]
}

Besides that, it's also possible to get just the scope to be requested:

curl --location 'localhost:8080/service/packet-delivery-service/scope'

and receive:

[
  "VerifiableCredential"
]

License

Credentials-Config-Service is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.

© 2023 FIWARE Foundation e.V.

About

Provide information about scope and trust-lists for verifier components.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Java 100.0%