SSI: Prepare IdentityHub Development Environment

[ma3u]

Overview

The IdentityHub is developed Upstream (Eclipse Dataspace Components). The Minimum Viable Dataspace is demonstrating the interaction between EDC and IdentityHub. The IdentityHub will implement the Issuance Flow and Presentation Flow of the DCP specification.

The goal for R25.06 is to prepare IdentityHub development and demonstration environment.

R25.09 its planned to provide a reference implementation of the DCP. Enablement Service Providers can integrate this wallet in their Service or data participants can host their own wallet in the future.

The identityHub will replace the Tractus-X Managed Identity Wallet (MIW) and the WalletStub and the SSI-credential-issuer implementations in the future.

Explain the topic in 2 sentences

Preparing a demonstration and development environment for the Reference Implementation of the Decentralized Claims Protocol.

What's the benefit?

This reference implementation of DCP is a step towards interoperability with IDSA-related dataspaces (see also Dataspace radar) for authentication and authorization. The IDSA rule book v2 describes an identity component as functional requirement. The Dataspace Protocol is already recommended by the IDSA and DSSC and will be an official ISO / IEC specification. It's expected that the DCP will be an official recommendation soon.

Offering a a demonstration and development environment helps the to adopt the

• Enablement Service Providers
• Sandbox Providers
• Business Application Providers, if they need to implement specific access policies with credentials.

What are the Risks/Dependencies ?

• The current SSI-credential-issuer provides a Tractus-X specific implementations - we need further discussions with the IdentityHub team. This will be covered by the issue Implementation of DCP Issuance Flow #1160
• Tractus-X EDC connector (Dataspace Connectivity) presents the verifiable credential
• Tractus-X Portal (Bring your own Wallet BYOW)
• Tractus-X BDRS resolves the Business Partner number to the DID URL's
• The Clearing House validates the company during the onboarding process. Gaia-X Digital Clearing House provider verifies European legal entities. In future the regional clearing houses will verify local legal entities. Multi-Issuer concept are planned for later release. List of trusted issuers are needed. Currently the signed credential for self-description are stored in the Portal database and not the identity wallet and the issuer of the participant onboarding isn't visible in the portal.

Detailed explanation

Currently Catena-X doesn't have an open-source reference implementation for the DCP specification.

• Update the Minumum Tractus-X Dataspace (MXD)
• Provide a Identity Hub Developer Sandbox
• IdentityHub repo for Tractus-X Specfic extensions with dependency to the EDC IdentityHub
• "Bring your own wallet" need to be configured into the Catena-X Portal

Current implementation

• commercial Wallet with SSI DIM Middle layer as CoreService B. Defined in the Operational Model - Service Map as CoreService B operated by the CoreService Provider B .

Proposed improvements

• Minimum Tractus-X Tutorial to demonstrate the issuance flow and the presentation flow
• Developer Sandbox for Identity related implementations for Application Providers
• Catena-X Certification for Business Applications requires a understanding of connector and credentials

Feature Team

Contributor

• Contributor 1
• Contributor 2

Committer

• Committer 1
• Committer 2

User Stories

• Issue 1, linked to specific repository
• Issue 2, linked to another specific repository

Acceptance Criteria

• Criteria 1
• Criteria 2
• Criteria 3

Test Cases

Test Case 1

Steps

1. Do something
2. Click something
3. Add something

Expected Result

1. Expectation
2. Expectation
3. Expectation

Architectural Relevance

The following items are ensured (answer: yes) after this issue is implemented.

In the context of the standards 126 and 127, typically only one is applicable, depending on the specific use case. Please cross out one of the two standards that does not apply.

• This feature aligns with our current architectural guidelines

• CX-0013 Identity of Member Company v2.0.0

• CX-0049 DID Document v2.0.0

• CX-0050 Framework Agreement Credential v.2.1.0

• CX-0149 Verified Company Identity v1.0.0

• The impact on the overall system architecture has been assessed. The Feature does not require changes to the architecture or any existing standard? Please have a look here on the overarching architecture

• Potential risks or conflicts with existing architecture has been assessed

Justification: (Fill this out, if at least one of the checkboxes above cannot be ticked. Contact the Architecture Management Committee to get an approval for the justification)

Additional information

• I am aware that my request may not be developed if no developer can be found for it. I'll try to contribute a developer (bring your own developer)