diff --git a/docs/arc42/main.md b/docs/arc42/main.md
index a56720345..ba5f7fe2f 100644
--- a/docs/arc42/main.md
+++ b/docs/arc42/main.md
@@ -165,167 +165,18 @@ end box
group "Create Wallet"
box "Create Wallet"
user -> MIW: "/api/wallet" with BPN and Name
- group "Wallet Creation"
+ group "Wallet Creation"
MIW -> MIW: Create Database entry
MIW -> MIW: Create Private and Public Key
MIW -> MIW: Store Private Key AES encrypted in DB
MIW -> MIW: Create DID:web Document
MIW -> MIW: Store DID-Document
end group
- group "BPN Credential"
- MIW -> MIW: Create BPN Credential
- MIW -> MIW: Sign JSON-LD BPN Credential with issuer private key (Private Key of Issuer Wallet)
- MIW -> MIW: Store BPN Credential
- end group
- group "Summary Credential"
- MIW -> MIW: Access User Wallet
- MIW -> MIW: Check if Summary Credential is already Created
- MIW -> MIW: Check BPN Credential is not already in Summary Credential
- MIW -> MIW: Create Summary Credential with BPN
- MIW -> MIW: Store Summary Credential in Issuer Wallet
- MIW -> MIW: Store Summary Credential in Holder Wallet
- end group
MIW --> user: Return Wallet
end box
end group
```
-### Issue Membership Credential
-
-```plantuml
-title Issue Membership Credential
-
-actor User as User
-
-participant PortalIDP as keycloak
-participant ManagedIdentityWallet as MIW
-
-box "Get Accesstoken"
- User -> keycloak: Get AccessToken
- keycloak --> User: AccessToken
-end box
-
-group "Issue Membership"
- User -> MIW: "/api/credentials/issuer/membership" with BPN
- group "Create Membership Credential"
- MIW -> MIW: Create Use Case Credential
- MIW -> MIW: Sign JSON-LD Use Case Credential with issuer private key (Private Key of Issuer Wallet)
- MIW -> MIW: Store Credential in Issuer Wallet
- MIW -> MIW: Store Credential in Holder Wallet
- end group
- group "Summary Credential"
- MIW -> MIW: Access User Wallet
- MIW -> MIW: Check if Summary Credential is already Created
- MIW -> MIW: Check Membership Credential is not already in Summary Credential
- MIW -> MIW: Delete Summary Credential in User Wallet
- MIW -> MIW: Create Summary Credential with specific Use Case
- MIW -> MIW: Store Summary Credential in Issuer Wallet
- MIW -> MIW: Store Summary Credential in Holder Wallet
- end group
- MIW --> User: Return signed Membership Credential
-end group
-```
-
-### Issue Usecase Credential
-
-```plantuml
-title Issue UseCaseFrameworkCredential
-
-actor User as User
-
-participant PortalIDP as keycloak
-participant ManagedIdentityWallet as MIW
-
-box "Get Accesstoken"
- User -> keycloak: Get AccessToken
- keycloak --> User: AccessToken
-end box
-
-group "Issue UseCaseCredential"
- User -> MIW: "/api/credentials/issuer/framework" with (BPN, Type, ContractVersion, ContractTemplate)
- group "Use Case Credential"
- MIW -> MIW: Create Use Case Credential
- MIW -> MIW: Sign JSON-LD Use Case Credential with issuer private key (Private Key of Issuer Wallet)
- MIW -> MIW: Store Credential in Issuer Wallet
- end group
- group "Summary Credential"
- MIW -> MIW: Access User Wallet
- MIW -> MIW: Check if Summary Credential is already Created
- MIW -> MIW: Check Use Case Credential is not already in Summary Credential
- MIW -> MIW: If not delete Summary Credential in User Wallet
- MIW -> MIW: Create Summary Credential with specific Use Case
- MIW -> MIW: Store Summary Credential in Issuer Wallet
- MIW -> MIW: Store Summary Credential in Holder Wallet
- end group
- MIW --> User: Return signed Use Case Credential
-end group
-```
-
-### Issue Dismantler Credential
-
-```plantuml
-title Issue Dismantler Credential
-
-actor User as User
-
-participant PortalIDP as keycloak
-participant ManagedIdentityWallet as MIW
-
-box "Get Accesstoken"
- User -> keycloak: Get AccessToken
- keycloak --> User: AccessToken
-end box
-
-group "Issue Dismantler Credential"
- User -> MIW: "/api/credentials/issuer/dismantler" with bpn, activityType, allowedVehicleBrands
- group "Create Dismantler Credential"
- MIW -> MIW: Create Dismantler Credential
- MIW -> MIW: Sign JSON-LD Dismantler Credential with issuer private key (Private Key of Issuer Wallet)
- MIW -> MIW: Store Credential in Issuer Wallet
- MIW -> MIW: Store Credential in Holder Wallet
- end group
- group "Summary Credential"
- MIW -> MIW: Access User Wallet
- MIW -> MIW: Check if Summary Credential is already Created
- MIW -> MIW: Check Dismantler Credential is not already in Summary Credential
- MIW -> MIW: Delete Summary Credential in User Wallet
- MIW -> MIW: Create Summary Credential with Dismantler added
- MIW -> MIW: Store Summary Credential in Issuer Wallet
- MIW -> MIW: Store Summary Credential in Holder Wallet
- end group
- MIW --> User: Return signed Dismantler Credential
-end group
-```
-
-### Fetch Summary Verifiable Presentation
-
-```plantuml
-title Fetch SummaryVP
-
-actor User as User
-
-participant PortalIDP as keycloak
-participant ManagedIdentityWallet as MIW
-
-box "Get Accesstoken"
- User -> keycloak: Get AccessToken
- keycloak --> User: AccessToken
-end box
-
-group "Get Summary VP"
- group "Get Summary Credential"
- User -> MIW: "/api/credentials?type=['SummaryCredential']"
- MIW -> MIW: Lookup Credential in Wallet with Type
- MIW --> User: Return Credential(s) with Type
- end group
- group "Create Summary Presentation"
- User -> MIW: "/api/presentations?withAudience=['Audience1','Audience2']+asJwt=true"
- MIW -> MIW: Issue VP with Audience as JWT
- MIW --> User: Return signed Presentation
- end group
-end group
-```
-
### Validate Verifiable Presentation
```plantuml
@@ -343,7 +194,7 @@ end box
group "Verify/Validate Verifiable Presentation"
User -> MIW: "/api/presentations/validation?withDateValidation=true" with VP
- group "Presentation Validation"
+ group "Presentation Validation"
MIW -> MIW: Validate Presentation JsonLD
MIW -> MIW: Verify Presentation Signature
end group
@@ -420,354 +271,6 @@ examples:
- `[uuid]` is a UUIDv4 type of UUID, e.g. `f01d7219-d1aa-48c6-beaa-9e433e80ac79`
- `[IRI]` is a URL-type of ID, but with extended characters, e.g. `"https://example.com/credentials/123"
-#### BPN Credential
-
-
-{
- "@context": [
- "https://www.w3.org/2018/credentials/v1",
- "https://w3id.org/security/suites/jws-2020/v1",
- "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/businessPartnerData"
- ],
- "id": "[uuid]",
- "type": [
- "VerifiableCredential",
- "BpnCredential"
- ],
- "issuer": "[did]",
- "issuanceDate": "[iso8601-timestamp]",
- "credentialSubject": {
- "id": "[did]"
- "type": "BpnCredential",
- "bpn": "[bpn]"
- }
-}
-
-
-#### Behavior Twin Use Case Credential
-
-
-{
- "@context": [
- "https://www.w3.org/2018/credentials/v1",
- "https://w3id.org/security/suites/jws-2020/v1",
- "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/UseCaseVC"
- ],
- "id": "[IRI]",
- "issuer": "[did]",
- "type": [
- "VerifiableCredential",
- "UseCaseFrameworkCondition"
- ],
- "issuanceDate": "[iso8601-timestamp]",
- "expirationDate": "[iso8601-timestamp]",
- "credentialSubject": {
- "id": "[did]",
- "holderIdentifier": "[bpn]",
- "usecase-agreement": {
- "value": "Behavior Twin",
- "type": "cx-behavior-twin",
- "contract-template": "https://public.catena-x.org/contracts/behavior_twin.v1.pdf",
- "contract-version": "1.0.0"
- }
- },
- "proof": {
- "type": "JsonWebSignature2020",
- "created": "[iso8601-timestamp]",
- "jws": "[jws]",
- "proofPurpose": "assertionMethod",
- "verificationMethod": "[did#key-id]"
- }
-}
-
-
-#### Membership Credential
-
-Attestation of membership, currently used for Catena-X membership
-
-
-{
- "@context": [
- "https://www.w3.org/2018/credentials/v1",
- "https://w3id.org/security/suites/jws-2020/v1",
- "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/businessPartnerData"
- ],
- "id": "[uuid]",
- "type": [
- "VerifiableCredential",
- "MembershipCredential"
- ],
- "issuanceDate": "[iso8601-timestamp]",
- "expirationDate": "[iso8601-timestamp]",
- "issuer": "[did]",
- "credentialSubject": {
- "id": "[did]"
- "type": "MembershipCredential",
- "holderIdentifier": "[bpn]",
- "memberOf": "Catena-X",
- "status": "Active",
- "startTime": "[iso8601-timestamp]",
- }
-}
-
-
-#### Dismantler Credential
-
-
-{
- "@context": [
- "https://www.w3.org/2018/credentials/v1",
- "https://w3id.org/security/suites/jws-2020/v1",
- "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/businessPartnerData"
- ],
- "id": "[uuid]",
- "issuer": "[did]",
- "type": [
- "VerifiableCredential",
- "DismantlerCredential"
- ],
- "issuanceDate": "[iso8601-timestamp]",
- "expirationDate": "[iso8601-timestamp]",
- "credentialSubject": {
- "id": "[did]",
- "holderIdentifier": "[bpn]",
- "allowedVehicleBrands": [
- "[brand 1]",
- "[brand 2]",
- "[brand 3]"
- ]
- },
- "proof": {
- "type": "JsonWebSignature2020",
- "created": "[iso8601-timestamp]",
- "jws": "[jws]",
- "proofPurpose": "assertionMethod",
- "verificationMethod": "[did#key-id]"
- }
-}
-
-
-#### PCF Use Case Credential
-
-
-{
- "@context": [
- "https://www.w3.org/2018/credentials/v1",
- "https://www.w3.org/2018/credentials/examples/v1",
- "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/UseCaseVC"
- ],
- "id": "[uuid]",
- "issuer": "[did]",
- "type": [
- "VerifiableCredential",
- "UseCaseFrameworkCondition"
- ],
- "issuanceDate": "[iso8601-timestamp]",
- "expirationDate": "[iso8601-timestamp]", //Optional field
- "credentialSubject": {
- "id": "[did]",
- "holderIdentifier": "[bpn]",
- "usecaseAgreement": {
- "value": "PCF",
- "type": "cx-pcf",
- "contract-template": "https://public.catena-x.org/contracts/pcf.v1.pdf",
- "contract-version": "1.0.0"
- }
- },
- "proof": {
- "type": "JsonWebSignature2020",
- "created": "[iso8601-timestamp]",
- "jws": "[jws]",
- "proofPurpose": "assertionMethod",
- "verificationMethod": "[did#key-id]"
- }
-}
-
-
-#### Quality Use Case Credential
-
-
-{
- "@context": [
- "https://www.w3.org/2018/credentials/v1",
- "https://w3id.org/security/suites/jws-2020/v1",
- "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/UseCaseVC"
- ],
- "id": "[uuid]",
- "issuer": "[did]",
- "type": [
- "VerifiableCredential",
- "UseCaseFrameworkCondition"
- ],
- "issuanceDate": "[iso8601-timestamp]",
- "expirationDate": "[iso8601-timestamp]",
- "credentialSubject": {
- "id": "[did]",
- "holderIdentifier": "[bpn]",
- "usecase-agreement": {
- "value": "Quality",
- "type": "cx-quality",
- "contract-template": "https://public.catena-x.org/contracts/quality.v1.pdf",
- "contract-version": "1.0.0"
- }
- },
- "proof": {
- "type": "JsonWebSignature2020",
- "created": "[iso8601-timestamp]",
- "jws": "[jws]",
- "proofPurpose": "assertionMethod",
- "verificationMethod": "[did#key-id]"
- }
-}
-
-
-#### Resiliency Use Case Credential
-
-
-{
- "@context": [
- "https://www.w3.org/2018/credentials/v1",
- "https://w3id.org/security/suites/jws-2020/v1",
- "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/UseCaseVC"
- ],
- "id": "[uuid]",
- "issuer": "[did]",
- "type": [
- "VerifiableCredential",
- "UseCaseFrameworkCondition"
- ],
- "issuanceDate": "[iso8601-timestamp]",
- "expirationDate": "[iso8601-timestamp]",
- "credentialSubject": {
- "id": "[did]",
- "holderIdentifier": "[bpn]",
- "usecase-agreement": {
- "value": "Resiliency",
- "type": "cx-resiliency",
- "contract-template": "https://public.catena-x.org/contracts/resiliency.v1.pdf",
- "contract-version": "1.0.0"
- }
- },
- "proof": {
- "type": "JsonWebSignature2020",
- "created": "[iso8601-timestamp]",
- "jws": "[jws]",
- "proofPurpose": "assertionMethod",
- "verificationMethod": "[did#key-id]"
- }
-}
-
-
-#### Sustainability Use Case Credential
-
-
-{
- "@context": [
- "https://www.w3.org/2018/credentials/v1",
- "https://w3id.org/security/suites/jws-2020/v1",
- "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/UseCaseVC"
- ],
- "id": "[uuid]",
- "issuer": "[did]",
- "type": [
- "VerifiableCredential",
- "UseCaseFrameworkCondition"
- ],
- "issuanceDate": "[iso8601-timestamp]",
- "expirationDate": "[iso8601-timestamp]",
- "credentialSubject": {
- "id": "[did]",
- "holderIdentifier": "[bpn]",
- "usecase-agreement": {
- "value": "Sustainability",
- "type": "cx-sustainability",
- "contract-template": "https://public.catena-x.org/contracts/sustainability.v1.pdf",
- "contract-version": "1.0.0"
- }
- },
- "proof": {
- "type": "JsonWebSignature2020",
- "created": "[iso8601-timestamp]",
- "jws": "[jws]",
- "proofPurpose": "assertionMethod",
- "verificationMethod": "[did#key-id]"
- }
-}
-
-
-#### Trace Use Case Credential
-
-
-{
- "@context": [
- "https://www.w3.org/2018/credentials/v1",
- "https://w3id.org/security/suites/jws-2020/v1",
- "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/UseCaseVC"
- ],
- "id": "[uuid]",
- "issuer": "[did]",
- "type": [
- "VerifiableCredential",
- "UseCaseFrameworkCondition"
- ],
- "issuanceDate": "[iso8601-timestamp]",
- "expirationDate": "[iso8601-timestamp]", //Optional field
- "credentialSubject": {
- "id": "[did]",
- "holderIdentifier": "[bpn]",
- "usecaseAgreement": {
- "value": "ID_3.0_Trace",
- "type": "cx-traceability",
- "contract-template": "https://public.catena-x.org/contracts/traceabilty.v1.pdf",
- "contract-version": "1.0.0",
- }
- },
- "proof": {
- "type": "JsonWebSignature2020",
- "created": "[iso8601-timestamp]",
- "jws": "[jws]",
- "proofPurpose": "assertionMethod",
- "verificationMethod": "[did#key-id]"
- }
-}
-
-
-#### Summary Credential (scheduled for deprecation)
-
-The flow of creating a summary credential
-
-```plantuml
-```
-
-
-{
- "@context": [
- "https://www.w3.org/2018/credentials/v1",
- "https://w3id.org/security/suites/jws-2020/v1",
- "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/UseCaseVC"
- ],
- "id": "[uuid]",
- "issuer": "[did]",
- "type": [
- "VerifiableCredential",
- "SummaryCredential"
- ],
- "issuanceDate": "[iso8601-timestamp]",
- "expirationDate": "[iso8601-timestamp]", //Optional field
- "credentialSubject": {
- "id": "[did]",
- "holderIdentifier": "[bpn]",
- },
- "proof": {
- "type": "JsonWebSignature2020",
- "created": "[iso8601-timestamp]",
- "jws": "[jws]",
- "proofPurpose": "assertionMethod",
- "verificationMethod": "[did#key-id]"
- }
-}
-
-
# Deployment
@@ -848,7 +351,7 @@ requirements where relevant and applicable:
- Security & Compliance: Container Scan
- Security & Compliance: Infrastructure as Code
-# Technical Debts
+# Technical Debts
## DID Technical Debts
@@ -859,14 +362,7 @@ requirements where relevant and applicable:
- No real tenant system
- Private Keys are AES encrypted and stored in the MIW Postgres database
- No revocation service available
-- Summary Credential used as a token.
-- Only 1 verifiable credential (VC) in a verifiable presentation (VP) possible
-- Summary VC (S-VC) created with the private key of the auhtority
- DID documents are stored in the MIW
-- Summary VC always get deleted when new CX-Credential is added to the
- MIW
-- The creation of CX-Credential is located in the MIW, should be a dedicated
- service outside of the wallet service
- Only managed wallet available. No self-mangaged wallet
- No Issuer Registry. Only one trusted issuer available
- Download of VC to own wallet not possible
@@ -874,11 +370,6 @@ requirements where relevant and applicable:
- No key rotation
- No update possibility for credentials, they need to be deleted and new ones generated
-## Verifiable Credential
-
-- CX-Credentials are not consistent
-- Only Summary Credential will be used because of the http header limition of 8KB
-
## Verifiable Presentation Protocol (VVP)
The *Verifiable Presentation Protocol (VPP)* is designed to address the problem of resolving Verifiable Presentations
@@ -909,7 +400,7 @@ Declaring file:
[VVP Flow Declaration](images/VVP-Flow.puml)
## SSI Library
-
+
- No validation for JsonWebSignature2020 with RSA key
- No Security valdition only Sercurity Assessment done, no attack vectors are tested