feat: issuer DID is hosted on NGINX (#372)

* add nginx tf deployment

* update dids and credentials, remove exmaple resolver

* update Issuer did

* update readme [skip ci]

* fix path

README.md

@@ -1,59 +1,57 @@
 # Minimum Viable Dataspace Demo
 
 <!-- TOC -->
-
 * [Minimum Viable Dataspace Demo](#minimum-viable-dataspace-demo)
-    * [1. Introduction](#1-introduction)
-    * [2. Purpose of this Demo](#2-purpose-of-this-demo)
-    * [3. The Scenario](#3-the-scenario)
-        * [3.1 Participants](#31-participants)
-        * [3.2 Data setup](#32-data-setup)
-        * [3.3 Access control](#33-access-control)
-        * [3.4 DIDs, participant lists and VerifiableCredentials](#34-dids-participant-lists-and-verifiablecredentials)
-    * [4. Running the demo (inside IntelliJ)](#4-running-the-demo-inside-intellij)
-        * [4.1 Starting the runtimes](#41-starting-the-runtimes)
-        * [4.2 Seeding the dataspace](#42-seeding-the-dataspace)
-        * [4.3 Next steps](#43-next-steps)
-    * [5. Running the Demo (Kubernetes)](#5-running-the-demo-kubernetes)
-        * [5.1 Build the runtime images](#51-build-the-runtime-images)
-        * [5.2 Create the K8S cluster](#52-create-the-k8s-cluster)
-        * [5.3 Seed the dataspace](#53-seed-the-dataspace)
-        * [5.4 Debugging MVD in Kubernetes](#54-debugging-mvd-in-kubernetes)
-    * [6. Differences between Kubernetes and IntelliJ](#6-differences-between-kubernetes-and-intellij)
-        * [6.1 In-memory databases](#61-in-memory-databases)
-        * [6.2 Memory-based secret vaults](#62-memory-based-secret-vaults)
-        * [6.3 Embedded vs Remote STS](#63-embedded-vs-remote-sts)
-    * [7. Executing REST requests using Postman](#7-executing-rest-requests-using-postman)
-        * [7.1 Get the catalog](#71-get-the-catalog)
-        * [7.2 Initiate the contract negotiation](#72-initiate-the-contract-negotiation)
-        * [7.3 Query negotiation status](#73-query-negotiation-status)
-        * [7.4 Initiate data transfer](#74-initiate-data-transfer)
-        * [7.5 Query data transfers](#75-query-data-transfers)
-        * [7.6 Get EndpointDataReference](#76-get-endpointdatareference)
-        * [7.7 Get access token for EDR](#77-get-access-token-for-edr)
-        * [7.8 Fetch data](#78-fetch-data)
-    * [8. Custom extensions in MVD](#8-custom-extensions-in-mvd)
-        * [8.1 Catalog Node Resolver](#81-catalog-node-resolver)
-        * [8.2 Default scope mapping function](#82-default-scope-mapping-function)
-        * [8.3 Scope extractor for `DataProcessor` credentials](#83-scope-extractor-for-dataprocessor-credentials)
-        * [8.4 Policy evaluation functions](#84-policy-evaluation-functions)
-            * [8.4.1 Membership evaluation function](#841-membership-evaluation-function)
-            * [8.4.2 DataAccessLevel evaluation function](#842-dataaccesslevel-evaluation-function)
-        * [8.5 Scope-to-criterion transformer](#85-scope-to-criterion-transformer)
-        * [8.6 Super-user seeding](#86-super-user-seeding)
-    * [9. Advanced topics](#9-advanced-topics)
-        * [9.1 Regenerating issuer keys](#91-regenerating-issuer-keys)
-        * [9.2 Regenerating participant keys](#92-regenerating-participant-keys)
-            * [9.2.1 IntelliJ deployment:](#921-intellij-deployment)
-            * [9.2.2 Kubernetes deployment](#922-kubernetes-deployment)
-    * [10. Other caveats, shortcuts and workarounds](#10-other-caveats-shortcuts-and-workarounds)
-        * [10.1 In-memory stores in local deployment](#101-in-memory-stores-in-local-deployment)
-        * [10.2 DID resolution](#102-did-resolution)
-            * [10.2.1 `did:web` for participants](#1021-didweb-for-participants)
-            * [10.2.2
-              `did:example` for the dataspace credential issuer](#1022-didexample-for-the-dataspace-credential-issuer)
-        * [10.3 No issuance (yet)](#103-no-issuance-yet)
-
+  * [1. Introduction](#1-introduction)
+  * [2. Purpose of this Demo](#2-purpose-of-this-demo)
+  * [3. The Scenario](#3-the-scenario)
+    * [3.1 Participants](#31-participants)
+    * [3.2 Data setup](#32-data-setup)
+    * [3.3 Access control](#33-access-control)
+    * [3.4 DIDs, participant lists and VerifiableCredentials](#34-dids-participant-lists-and-verifiablecredentials)
+  * [4. Running the demo (inside IntelliJ)](#4-running-the-demo-inside-intellij)
+    * [4.1 Start NGINX](#41-start-nginx)
+    * [4.2 Starting the runtimes](#42-starting-the-runtimes)
+    * [4.3 Seeding the dataspace](#43-seeding-the-dataspace)
+    * [4.4 Next steps](#44-next-steps)
+  * [5. Running the Demo (Kubernetes)](#5-running-the-demo-kubernetes)
+    * [5.1 Build the runtime images](#51-build-the-runtime-images)
+    * [5.2 Create the K8S cluster](#52-create-the-k8s-cluster)
+    * [5.3 Seed the dataspace](#53-seed-the-dataspace)
+    * [5.4 Debugging MVD in Kubernetes](#54-debugging-mvd-in-kubernetes)
+  * [6. Differences between Kubernetes and IntelliJ](#6-differences-between-kubernetes-and-intellij)
+    * [6.1 In-memory databases](#61-in-memory-databases)
+    * [6.2 Memory-based secret vaults](#62-memory-based-secret-vaults)
+    * [6.3 Embedded vs Remote STS](#63-embedded-vs-remote-sts)
+  * [7. Executing REST requests using Postman](#7-executing-rest-requests-using-postman)
+    * [7.1 Get the catalog](#71-get-the-catalog)
+    * [7.2 Initiate the contract negotiation](#72-initiate-the-contract-negotiation)
+    * [7.3 Query negotiation status](#73-query-negotiation-status)
+    * [7.4 Initiate data transfer](#74-initiate-data-transfer)
+    * [7.5 Query data transfers](#75-query-data-transfers)
+    * [7.6 Get EndpointDataReference](#76-get-endpointdatareference)
+    * [7.7 Get access token for EDR](#77-get-access-token-for-edr)
+    * [7.8 Fetch data](#78-fetch-data)
+  * [8. Custom extensions in MVD](#8-custom-extensions-in-mvd)
+    * [8.1 Catalog Node Resolver](#81-catalog-node-resolver)
+    * [8.2 Default scope mapping function](#82-default-scope-mapping-function)
+    * [8.3 Scope extractor for `DataProcessor` credentials](#83-scope-extractor-for-dataprocessor-credentials)
+    * [8.4 Policy evaluation functions](#84-policy-evaluation-functions)
+      * [8.4.1 Membership evaluation function](#841-membership-evaluation-function)
+      * [8.4.2 DataAccessLevel evaluation function](#842-dataaccesslevel-evaluation-function)
+    * [8.5 Scope-to-criterion transformer](#85-scope-to-criterion-transformer)
+    * [8.6 Super-user seeding](#86-super-user-seeding)
+  * [9. Advanced topics](#9-advanced-topics)
+    * [9.1 Regenerating issuer keys](#91-regenerating-issuer-keys)
+    * [9.2 Regenerating participant keys](#92-regenerating-participant-keys)
+      * [9.2.1 IntelliJ deployment:](#921-intellij-deployment)
+      * [9.2.2 Kubernetes deployment](#922-kubernetes-deployment)
+  * [10. Other caveats, shortcuts and workarounds](#10-other-caveats-shortcuts-and-workarounds)
+    * [10.1 In-memory stores in local deployment](#101-in-memory-stores-in-local-deployment)
+    * [10.2 DID resolution](#102-did-resolution)
+      * [10.2.1 `did:web` for participants](#1021-didweb-for-participants)
+      * [10.2.2 `did:web` for the dataspace issuer](#1022-didweb-for-the-dataspace-issuer)
+    * [10.3 No issuance (yet)](#103-no-issuance-yet)
 <!-- TOC -->
 
 ## 1. Introduction
@@ -211,7 +209,58 @@ There are several run configurations for IntelliJ in the `.run/` folder. One eac
 connectors runtimes and IdentityHub runtimes plus one for the provider catalog server, and one named "dataspace". The
 latter is a compound run config an brings up all other runtimes together.
 
-### 4.1 Starting the runtimes
+### 4.1 Start NGINX
+
+The issuer's DID document is hosted on NGINX, so the easiest way of running NGINX is with a docker container:
+
+```shell
+docker run -d --name nginx -p 9876:80 --rm \
+  -v ${PWD}/deployment/assets/issuer/nginx.conf:/etc/nginx/nginx.conf:ro \
+  -v ${PWD}/deployment/assets/issuer/did.docker.json:/var/www/.well-known/did.json:ro \
+  nginx
+```
+
+To verify that it worked, please execute `curl -X GET http://localhost:9876/.well-known/did.json` and see if it returns
+a
+DID document as JSON structure:
+
+```json
+{
+  "service": [],
+  "verificationMethod": [
+    {
+      "id": "did:web:localhost%3A9876#key-1",
+      "type": "JsonWebKey2020",
+      "controller": "did:web:localhost%3A9876",
+      "publicKeyMultibase": null,
+      "publicKeyJwk": {
+        "kty": "OKP",
+        "crv": "Ed25519",
+        "x": "Hsq2QXPbbsU7j6JwXstbpxGSgliI04g_fU3z2nwkuVc"
+      }
+    }
+  ],
+  "authentication": [
+    "key-1"
+  ],
+  "id": "did:web:localhost%3A9876",
+  "@context": [
+    "https://www.w3.org/ns/did/v1",
+    {
+      "@base": "did:web:localhost%3A9876"
+    }
+  ]
+}
+```
+
+The port mapping is **important**, because it influences the DID of the issuer: with a host port of
+`9876` the issuer DID resolves to `did:web:localhost%3A9876`. Changing the port mapping changes the DID, soif you change
+the port mapping, be sure to execute a search-and-replace!
+
+Naturally, you are free to install NGINX natively on your computer or use any other webserver altogether, but this won't
+be supported by us.
+
+### 4.2 Starting the runtimes
 
 The connector runtimes contain both the controlplane and the dataplane. Note that in a real-world scenario those would
 likely be separate runtimes to be able to scale and deploy them individually. Note also, that the Kubernetes deployment
@@ -222,7 +271,7 @@ makes this really easy), or to select whatever JDK you have available in each ru
 
 All run configs take their configuration from `*.env` files which are located in `deployment/assets/env`.
 
-### 4.2 Seeding the dataspace
+### 4.3 Seeding the dataspace
 
 DID documents are dynamically generated when "seeding" the data, specifically when creating the `ParticipantContext`
 objects in IdentityHub. This is automatically being done by a script `seed.sh`.
@@ -231,7 +280,7 @@ After executing the `dataspace` run config in Intellij, be sure to **execute the
 have started**. Omitting to do so will leave the dataspace in an uninitialized state and cause all
 connector-to-connector communication to fail.
 
-### 4.3 Next steps
+### 4.4 Next steps
 
 All REST requests made from the script are available in the [Postman
 collection](./deployment/postman/MVD.postman_collection.json). With the [HTTP
@@ -791,20 +840,18 @@ The Kubernetes deployment uses both persistent storage (PostgreSQL) and secure v
 
 #### 10.2.1 `did:web` for participants
 
-Every participant hosts their DIDs in their IdentityHubs, which means, that the HTTP-URL that the DID maps to must be
+Participants hosts their DIDs in their IdentityHubs, which means, that the HTTP-URL that the DID maps to must be
 accessible for all other participants. For example, every participant pod in the cluster must be able to resolve a DID
 from every other participant. For access to pods from outside the cluster we would be using an ingress controller, but
 then the other pods in the cluster cannot access it, due to missing DNS entries. That means, that the DID cannot use the
 _ingress URL_, but must use the _service's_ URL. A service in turn is not accessible from outside the cluster, so DIDs
 are only resolvable from _inside_ the cluster. Unfortunately, there is no way around this, unless we put DIDs on a
 publicly resolvable CDN or webserver.
 
-#### 10.2.2 `did:example` for the dataspace credential issuer
+#### 10.2.2 `did:web` for the dataspace issuer
 
 The "dataspace issuer" does not exist as participant yet, so instead of deploying a fake IdentityHub, we opted for
-introducing the (completely made up) `"did:example"` method, for which there is a [custom-built DID
-resolver](extensions/did-example-resolver/src/main/java/org/eclipse/edc/iam/identitytrust/core/DidExampleResolver.java)
-in the code.
+simply hosting the dataspace issuer's DID as static file with NGINX.
 
 ### 10.3 No issuance (yet)
 

deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json

@@ -2,14 +2,14 @@
   "id": "40e24588-b510-41ca-966c-c1e0f57d1b15",
   "participantId": "did:web:consumer-identityhub%3A7083:consumer",
   "timestamp": 1700659822500,
-  "issuerId": "did:example:dataspace-issuer",
+  "issuerId": "did:web:dataspace-issuer",
   "holderId": "did:web:consumer-identityhub%3A7083:consumer",
   "state": 500,
   "issuancePolicy": null,
   "reissuancePolicy": null,
   "verifiableCredential": {
     "format": "JWT",
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpjb25zdW1lci1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsImNvbnRyYWN0VmVyc2lvbiI6Im12ZC1jcmVkZW50aWFsczpjb250cmFjdFZlcnNpb24iLCJsZXZlbCI6Im12ZC1jcmVkZW50aWFsczpsZXZlbCJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNEYXRhUHJvY2Vzc29yQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmNvbnN1bWVyIiwiY29udHJhY3RWZXJzaW9uIjoiMS4wLjAiLCJsZXZlbCI6InByb2Nlc3NpbmcifX0sImlhdCI6MTcyOTgzNjU1OX0.Bxr2R-b-2OjDjgL-NkngIdLamddtc1wm5wpGKDBuNj00F3FXUpq97DEsOO-qmkLycm4tWhTl25QPI4yni9hmAw",
+    "rawVc": "eyJraWQiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIiLCJhdWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInN1YiI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmFsaWNlIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsibXZkLWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9tdmQvY3JlZGVudGlhbHMvIiwiY29udHJhY3RWZXJzaW9uIjoibXZkLWNyZWRlbnRpYWxzOmNvbnRyYWN0VmVyc2lvbiIsImxldmVsIjoibXZkLWNyZWRlbnRpYWxzOmxldmVsIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI0RhdGFQcm9jZXNzb3JDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDp3ZWI6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4Mzpjb25zdW1lciIsImNvbnRyYWN0VmVyc2lvbiI6IjEuMC4wIiwibGV2ZWwiOiJwcm9jZXNzaW5nIn19LCJpYXQiOjE3Mjk4NDY1ODR9.ga1mBwFg2K_vtf7sDUebGnsQs8SLNxdY2-GYdZ9QEiuH7OEkfr32KYbF3h-Mtzn3OP6amFkIQ1HU742aLSvWCw",
     "credential": {
       "credentialSubject": [
         {
@@ -26,7 +26,7 @@
         "DataProcessorCredential"
       ],
       "issuer": {
-        "id": "did:example:dataspace-issuer",
+        "id": "did:web:dataspace-issuer",
         "additionalProperties": {}
       },
       "issuanceDate": 1702339200.000000000,

deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json

@@ -14,7 +14,7 @@
     "VerifiableCredential",
     "http://org.yourdataspace.com#DataProcessorCredential"
   ],
-  "issuer": "did:example:dataspace-issuer",
+  "issuer": "did:web:dataspace-issuer",
   "issuanceDate": "2023-08-18T00:00:00Z",
   "credentialSubject": {
     "id": "did:web:consumer-identityhub%3A7083:consumer",

deployment/assets/credentials/k8s/consumer/membership-credential.json

@@ -2,13 +2,13 @@
   "id": "40e24588-b510-41ca-966c-c1e0f57d1b14",
   "participantId": "did:web:consumer-identityhub%3A7083:consumer",
   "timestamp": 1700659822500,
-  "issuerId": "did:example:dataspace-issuer",
+  "issuerId": "did:web:dataspace-issuer",
   "holderId": "did:web:consumer-identityhub%3A7083:consumer",
   "state": 500,
   "issuancePolicy": null,
   "reissuancePolicy": null,
   "verifiableCredential": {
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpjb25zdW1lci1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsIm1lbWJlcnNoaXAiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXBUeXBlIiwid2Vic2l0ZSI6Im12ZC1jcmVkZW50aWFsczp3ZWJzaXRlIiwiY29udGFjdCI6Im12ZC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJtdmQtY3JlZGVudGlhbHM6c2luY2UifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4Mzpjb25zdW1lciIsIm1lbWJlcnNoaXAiOnsibWVtYmVyc2hpcFR5cGUiOiJGdWxsTWVtYmVyIiwid2Vic2l0ZSI6Ind3dy53aGF0ZXZlci5jb20iLCJjb250YWN0IjoiZml6ei5idXp6QHdoYXRldmVyLmNvbSIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoifX19LCJpYXQiOjE3Mjk4MzY1NTl9.mTigFc6TKFP_gKeKBrekJcsZML0IGEhEDl8hf2dXnylxpd8q7luEojHGV6Ph6pIYP390wCeZwT5RS8zYXM5PCQ",
+    "rawVc": "eyJraWQiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIiLCJhdWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInN1YiI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmFsaWNlIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsibXZkLWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9tdmQvY3JlZGVudGlhbHMvIiwibWVtYmVyc2hpcCI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwIiwibWVtYmVyc2hpcFR5cGUiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcFR5cGUiLCJ3ZWJzaXRlIjoibXZkLWNyZWRlbnRpYWxzOndlYnNpdGUiLCJjb250YWN0IjoibXZkLWNyZWRlbnRpYWxzOmNvbnRhY3QiLCJzaW5jZSI6Im12ZC1jcmVkZW50aWFsczpzaW5jZSJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNNZW1iZXJzaGlwQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpjb25zdW1lci1pZGVudGl0eWh1YiUzQTcwODM6Y29uc3VtZXIiLCJtZW1iZXJzaGlwIjp7Im1lbWJlcnNoaXBUeXBlIjoiRnVsbE1lbWJlciIsIndlYnNpdGUiOiJ3d3cud2hhdGV2ZXIuY29tIiwiY29udGFjdCI6ImZpenouYnV6ekB3aGF0ZXZlci5jb20iLCJzaW5jZSI6IjIwMjMtMDEtMDFUMDA6MDA6MDBaIn19fSwiaWF0IjoxNzI5ODQ2NTg0fQ.L6lr3PJ6Qkmt8k2Yfen3A8Y7_Dtk0z3KtdOJB6Q0x_33mGP76G5rEaMDPgFk5uuxj4KcZggaIAc2k7hcvA98Ag",
     "format": "JWT",
     "credential": {
       "credentialSubject": [
@@ -28,7 +28,7 @@
         "MembershipCredential"
       ],
       "issuer": {
-        "id": "did:example:dataspace-issuer",
+        "id": "did:web:dataspace-issuer",
         "additionalProperties": {}
       },
       "issuanceDate": 1702339200.000000000,

deployment/assets/credentials/k8s/consumer/membership_vc.json

@@ -17,7 +17,7 @@
     "VerifiableCredential",
     "http://org.yourdataspace.com#MembershipCredential"
   ],
-  "issuer": "did:example:dataspace-issuer",
+  "issuer": "did:web:dataspace-issuer",
   "issuanceDate": "2023-08-18T00:00:00Z",
   "credentialSubject": {
     "id": "did:web:consumer-identityhub%3A7083:consumer",