diff --git a/README.md b/README.md index 5f22c8590..9b60004a8 100644 --- a/README.md +++ b/README.md @@ -14,12 +14,12 @@ - [1. Build the runtime images](#1-build-the-runtime-images) - [Executing REST requests using Postman](#executing-rest-requests-using-postman) - [Other caveats, shortcuts and workarounds](#other-caveats-shortcuts-and-workarounds) - - [1. In-memory stores in local deployment](#1-in-memory-stores-in-local-deployment) - - [2. Policy Extractor](#2-policy-extractor) - - [3. Scope-to-criterion transformer](#3-scope-to-criterion-transformer) - - [4. DID resolution](#4-did-resolution) - - [4.1 `did:web` for participants](#41-didweb-for-participants) - - [4.2 `did:example` for the dataspace credential issuer](#42-didexample-for-the-dataspace-credential-issuer) \* [5. No issuance (yet)](#5-no-issuance-yet) + - [1. In-memory stores in local deployment](#1-in-memory-stores-in-local-deployment) + - [2. Policy Extractor](#2-policy-extractor) + - [3. Scope-to-criterion transformer](#3-scope-to-criterion-transformer) + - [4. DID resolution](#4-did-resolution) + - [4.1 `did:web` for participants](#41-didweb-for-participants) + - [4.2 `did:example` for the dataspace credential issuer](#42-didexample-for-the-dataspace-credential-issuer) \* [5. No issuance (yet)](#5-no-issuance-yet) ## Introduction @@ -70,35 +70,48 @@ Consumer Corp has a connector plus its own IdentityHub. ### Data setup "provider-qna" and "provider-manufacturing" both have two data assets each, named `"asset-1"` and `"asset-2"` but -neither -"provider-qna" nor "provider-manufacturing" expose their -catalog endpoint directly to the internet. Instead, the catalog server (provider company) provides -a catalog that contains special assets (think: pointers) to both "provider-qna"'s and "provider-manufacturing"'s -connectors. We call this a "root catalog", and the pointers are called "catalog assets". This means, that by resolving -the root catalog, and by following the links in it, "Consumer Corp" can resolve the actual asset from "provider-qna" and -"provider-manufacturing". +neither "provider-qna" nor "provider-manufacturing" expose their catalog endpoint directly to the internet. Instead, the +catalog server (provider company) provides a catalog that contains special assets (think: pointers) to both " +provider-qna"'s and "provider-manufacturing"'s connectors. We call this a "root catalog", and the pointers are called " +catalog assets". This means, that by resolving the root catalog, and by following the links in it, "Consumer Corp" can +resolve the actual asset from "provider-qna" and "provider-manufacturing". ### Access control Both assets of "provider-qna" and "provider-manufacturing" have some access restrictions on them: -- `asset-1`: requires a membership credential to view and a PCF Use Case credential to negotiate a contract -- `asset-2`: requires a membership credential to view and a Sustainability Use Case credential to negotiate a contract +- `asset-1`: requires a membership credential to view and a Data Processor credential with `"level": "processing"` to + negotiate a contract and transfer data +- `asset-2`: requires a membership credential to view and a Data Processor credential with a `"level": "sensitive"` to + negotiate a contract These requirements are formulated as EDC policies. In addition, it is a dataspace rule that -the `MembershipCredential` must be presented in _every_ request. +the `MembershipCredential` must be presented in _every_ request. This credential attests that the holder is a member of +the dataspace. -Furthermore, all connectors are in possession of the `MembershipCredential` as well as a `PcfCredential`. _Neither has -the `SustainabilityCredential`_! That means that no contract for `asset-2` can be negotiated! -For the purposes of this demo the VerifiableCredentials are pre-created and are seeded to the participants' credential -storage (no issuance). +In this fictitious dataspace, the DataProcessorCredential attests to the "ability of the holder to process data at a +certain level". The following levels exist: + +- `"processing"`: means, the holder can process non-sensitive data +- `"sensitive"`: means, the holder has undergone "some very highly secure vetting process" and can process sensitive + data + +The information about the level of data a holder can process is stored in the `credentialSubject` of the +DataProcessorCredential. + +All participants of the dataspace are in possession of the `MembershipCredential` as well as +a `DataProcessorCredential` with level `"processing"`. +_None possess the `DataProcessorCredential` with level="sensitive"_. That means that no contract for `asset-2` can be +negotiated. For the purposes of this demo the VerifiableCredentials are pre-created and are seeded to the participants' +credential storage ([no issuance](#5-no-issuance-yet)). If the consumer wants to view the consolidated catalog (containing assets from the provider's Q&A and manufacturing departments), then negotiate a contract for an asset, and then transfer the asset, she needs to present several credentials: - catalog request: present `MembershipCredential` -- contract negotiation: `MembershipCredential` and `PcfCredential` or `SustainabilityCredential`, respectively +- contract negotiation: `MembershipCredential` and `DataProcessorCredential(level=processing)` + or `DataProcessorCredential(level=sensitive)`, respectively - transfer process: `MembershipCredential` ## Running the demo (inside IntelliJ) @@ -439,8 +452,7 @@ schema of the credentials' subjects is not yet implemented. This is similar to the [policy extractor](#5-policy-extractor), as it deals with the reverse mapping from a scope string onto a `Criterion`. On the IdentityHub, when the VP request is received, we need to be able to query the database based -on the scope string that was received. This is currently a very Catena-X-specific solution, as it needs to distinguish -between "normal" credentials, and "use case" credentials. +on the scope string that was received. ### 4. DID resolution diff --git a/deployment/assets/credentials/k8s/consumer/consumer-membership-credential.json b/deployment/assets/credentials/k8s/consumer/consumer-membership-credential.json deleted file mode 100644 index af9ed75e0..000000000 --- a/deployment/assets/credentials/k8s/consumer/consumer-membership-credential.json +++ /dev/null @@ -1,41 +0,0 @@ -{ - "id": "40e24588-b510-41ca-966c-c1e0f57d1b14", - "participantId": "did:web:consumer-identityhub%3A7083:consumer", - "timestamp": 1700659822500, - "issuerId": "did:example:dataspace-issuer", - "holderId": "BPN0000001", - "state": 500, - "issuancePolicy": null, - "reissuancePolicy": null, - "verifiableCredential": { - "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJjeC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvY2F0ZW5heC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoiY3gtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoiY3gtY3JlZGVudGlhbHM6bWVtYmVyc2hpcFR5cGUiLCJ3ZWJzaXRlIjoiY3gtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJjeC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJjeC1jcmVkZW50aWFsczpzaW5jZSJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNNZW1iZXJzaGlwQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmNvbnN1bWVyIiwibWVtYmVyc2hpcCI6eyJtZW1iZXJzaGlwVHlwZSI6IkZ1bGxNZW1iZXIiLCJ3ZWJzaXRlIjoid3d3LndoYXRldmVyLmNvbSIsImNvbnRhY3QiOiJtaXgubWF4QHdoYXRldmVyLmNvbSIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoifX19LCJpYXQiOjE3MjAwOTc3NzV9.xzZEDuPiWbkZNb0piHgjBBbW6o9JOYHEjQyCEaY2TaBpmHyOXU2QYGDOGIWRbOigNOgVsa7IZwjencpywuR2BQ", - "format": "JWT", - "credential": { - "credentialSubject": [ - { - "claims": { - "membershipType": "FullMember", - "website": "www.some-other-website.com", - "contact": "bar.baz@company.com", - "since": "2023-01-01T00:00:00Z" - }, - "id": "did:web:consumer-identityhub%3A7083:consumer" - } - ], - "id": "http://org.yourdataspace.com/credentials/2347", - "type": [ - "VerifiableCredential", - "MembershipCredential" - ], - "issuer": { - "id": "did:example:dataspace-issuer", - "additionalProperties": {} - }, - "issuanceDate": 1702339200.000000000, - "expirationDate": null, - "credentialStatus": null, - "description": null, - "name": null - } - } -} diff --git a/deployment/assets/credentials/k8s/consumer/consumer-pcf-credential.json b/deployment/assets/credentials/k8s/consumer/consumer-pcf-credential.json deleted file mode 100644 index 0a1a0f0ce..000000000 --- a/deployment/assets/credentials/k8s/consumer/consumer-pcf-credential.json +++ /dev/null @@ -1,41 +0,0 @@ -{ - "id": "40e24588-b510-41ca-966c-c1e0f57d1b15", - "participantId": "did:web:consumer-identityhub%3A7083:consumer", - "timestamp": 1700659822500, - "issuerId": "did:example:dataspace-issuer", - "holderId": "BPN0000001", - "state": 500, - "issuancePolicy": null, - "reissuancePolicy": null, - "verifiableCredential": { - "format": "JWT", - "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJjeC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvY2F0ZW5heC9jcmVkZW50aWFscy8iLCJjb250cmFjdFRlbXBsYXRlIjoiY3gtY3JlZGVudGlhbHM6Y29udHJhY3RUZW1wbGF0ZSIsImNvbnRyYWN0VmVyc2lvbiI6ImN4LWNyZWRlbnRpYWxzOmNvbnRyYWN0VmVyc2lvbiIsImhvbGRlcklkZW50aWZpZXIiOiJjeC1jcmVkZW50aWFsczpob2xkZXJJZGVudGlmaWVyIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI1BjZkNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4Mzpjb25zdW1lciIsImNvbnRyYWN0VGVtcGxhdGUiOiJodHRwczovL3B1YmxpYy5jYXRlbmEteC5vcmcvY29udHJhY3RzL3BjZi52MS5wZGYiLCJjb250cmFjdFZlcnNpb24iOiIxLjAuMCIsImhvbGRlcklkZW50aWZpZXIiOiJCUE4wMDAwMDBYWVoifX0sImlhdCI6MTcyMDA5Nzc1Nn0.KUwa7yvMV3Ty0RxE7WseGJXlgJpVMw_r3u6XwTOng4c7c4lSqehnwy0WhQoXd3WtkKL502R0HV8XuxvKDytnCw", - "credential": { - "credentialSubject": [ - { - "claims": { - "id": "did:web:consumer-identityhub%3A7083:consumer", - "holderIdentifier": "BPN0000001", - "useCaseType": "PcfCredential", - "contractTemplate": "https://public.catena-x.org/contracts/pcf.v1.pdf", - "contractVersion": "1.0.0" - } - } - ], - "id": "http://org.yourdataspace.com/credentials/1235", - "type": [ - "VerifiableCredential", - "PcfCredential" - ], - "issuer": { - "id": "did:example:dataspace-issuer", - "additionalProperties": {} - }, - "issuanceDate": 1702339200.000000000, - "expirationDate": null, - "credentialStatus": null, - "description": null, - "name": null - } - } -} diff --git a/deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json b/deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json new file mode 100644 index 000000000..623953591 --- /dev/null +++ b/deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json @@ -0,0 +1,39 @@ +{ + "id": "40e24588-b510-41ca-966c-c1e0f57d1b15", + "participantId": "did:web:consumer-identityhub%3A7083:consumer", + "timestamp": 1700659822500, + "issuerId": "did:example:dataspace-issuer", + "holderId": "did:web:consumer-identityhub%3A7083:consumer", + "state": 500, + "issuancePolicy": null, + "reissuancePolicy": null, + "verifiableCredential": { + "format": "JWT", + "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsImNvbnRyYWN0VmVyc2lvbiI6Im12ZC1jcmVkZW50aWFsczpjb250cmFjdFZlcnNpb24iLCJsZXZlbCI6Im12ZC1jcmVkZW50aWFsczpsZXZlbCJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNEYXRhUHJvY2Vzc29yQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmNvbnN1bWVyIiwiY29udHJhY3RWZXJzaW9uIjoiMS4wLjAiLCJsZXZlbCI6InByb2Nlc3NpbmcifX0sImlhdCI6MTcyMTM4NTQ3N30.4GxNoNT9to7tlKfddUk5_fjAyetNH7FBkKNJui3Q_672IorxR43ztuRTOqgyoF_hNzN-fMkTYrwrLZaLhRYSDg", + "credential": { + "credentialSubject": [ + { + "claims": { + "id": "did:web:consumer-identityhub%3A7083:consumer", + "contractVersion": "1.0.0", + "level": "processing" + } + } + ], + "id": "http://org.yourdataspace.com/credentials/1235", + "type": [ + "VerifiableCredential", + "DataProcessorCredential" + ], + "issuer": { + "id": "did:example:dataspace-issuer", + "additionalProperties": {} + }, + "issuanceDate": 1702339200.000000000, + "expirationDate": null, + "credentialStatus": null, + "description": null, + "name": null + } + } +} diff --git a/deployment/assets/credentials/k8s/consumer/pcf_vc.json b/deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json similarity index 53% rename from deployment/assets/credentials/k8s/consumer/pcf_vc.json rename to deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json index be2bc9cb9..3684a42ea 100644 --- a/deployment/assets/credentials/k8s/consumer/pcf_vc.json +++ b/deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json @@ -4,23 +4,21 @@ "https://w3id.org/security/suites/jws-2020/v1", "https://www.w3.org/ns/did/v1", { - "cx-credentials": "https://w3id.org/catenax/credentials/", - "contractTemplate": "cx-credentials:contractTemplate", - "contractVersion": "cx-credentials:contractVersion", - "holderIdentifier": "cx-credentials:holderIdentifier" + "mvd-credentials": "https://w3id.org/mvd/credentials/", + "contractVersion": "mvd-credentials:contractVersion", + "level": "mvd-credentials:level" } ], "id": "http://org.yourdataspace.com/credentials/2347", "type": [ "VerifiableCredential", - "http://org.yourdataspace.com#PcfCredential" + "http://org.yourdataspace.com#DataProcessorCredential" ], "issuer": "did:example:dataspace-issuer", "issuanceDate": "2023-08-18T00:00:00Z", "credentialSubject": { "id": "did:web:consumer-identityhub%3A7083:consumer", - "contractTemplate": "https://public.catena-x.org/contracts/pcf.v1.pdf", "contractVersion": "1.0.0", - "holderIdentifier": "BPN000000XYZ" + "level": "processing" } } \ No newline at end of file diff --git a/deployment/assets/credentials/k8s/consumer/membership-credential.json b/deployment/assets/credentials/k8s/consumer/membership-credential.json new file mode 100644 index 000000000..436d353e6 --- /dev/null +++ b/deployment/assets/credentials/k8s/consumer/membership-credential.json @@ -0,0 +1,41 @@ +{ + "id": "40e24588-b510-41ca-966c-c1e0f57d1b14", + "participantId": "did:web:consumer-identityhub%3A7083:consumer", + "timestamp": 1700659822500, + "issuerId": "did:example:dataspace-issuer", + "holderId": "did:web:consumer-identityhub%3A7083:consumer", + "state": 500, + "issuancePolicy": null, + "reissuancePolicy": null, + "verifiableCredential": { + "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsIm1lbWJlcnNoaXAiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXBUeXBlIiwid2Vic2l0ZSI6Im12ZC1jcmVkZW50aWFsczp3ZWJzaXRlIiwiY29udGFjdCI6Im12ZC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJtdmQtY3JlZGVudGlhbHM6c2luY2UifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4Mzpjb25zdW1lciIsIm1lbWJlcnNoaXAiOnsibWVtYmVyc2hpcFR5cGUiOiJGdWxsTWVtYmVyIiwid2Vic2l0ZSI6Ind3dy53aGF0ZXZlci5jb20iLCJjb250YWN0IjoiZml6ei5idXp6QHdoYXRldmVyLmNvbSIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoifX19LCJpYXQiOjE3MjEzODU0Nzd9.xJMVUqBGBu8idgFLWeRkPsCLRxihPC6ZEQT35lDB2U8O0NeU5VG2Ivd1fLlrsfZYC8kyE6IY1KnmCqvxQ-3ZDw", + "format": "JWT", + "credential": { + "credentialSubject": [ + { + "claims": { + "membershipType": "FullMember", + "website": "www.some-other-website.com", + "contact": "bar.baz@company.com", + "since": "2023-01-01T00:00:00Z" + }, + "id": "did:web:consumer-identityhub%3A7083:consumer" + } + ], + "id": "http://org.yourdataspace.com/credentials/2347", + "type": [ + "VerifiableCredential", + "MembershipCredential" + ], + "issuer": { + "id": "did:example:dataspace-issuer", + "additionalProperties": {} + }, + "issuanceDate": 1702339200.000000000, + "expirationDate": null, + "credentialStatus": null, + "description": null, + "name": null + } + } +} diff --git a/deployment/assets/credentials/k8s/consumer/membership_vc.json b/deployment/assets/credentials/k8s/consumer/membership_vc.json index 26e213e03..6aba3b617 100644 --- a/deployment/assets/credentials/k8s/consumer/membership_vc.json +++ b/deployment/assets/credentials/k8s/consumer/membership_vc.json @@ -4,12 +4,12 @@ "https://w3id.org/security/suites/jws-2020/v1", "https://www.w3.org/ns/did/v1", { - "cx-credentials": "https://w3id.org/catenax/credentials/", - "membership": "cx-credentials:membership", - "membershipType": "cx-credentials:membershipType", - "website": "cx-credentials:website", - "contact": "cx-credentials:contact", - "since": "cx-credentials:since" + "mvd-credentials": "https://w3id.org/mvd/credentials/", + "membership": "mvd-credentials:membership", + "membershipType": "mvd-credentials:membershipType", + "website": "mvd-credentials:website", + "contact": "mvd-credentials:contact", + "since": "mvd-credentials:since" } ], "id": "http://org.yourdataspace.com/credentials/2347", @@ -24,7 +24,7 @@ "membership": { "membershipType": "FullMember", "website": "www.whatever.com", - "contact": "mix.max@whatever.com", + "contact": "fizz.buzz@whatever.com", "since": "2023-01-01T00:00:00Z" } } diff --git a/deployment/assets/credentials/k8s/provider/provider-pcf-credential.json b/deployment/assets/credentials/k8s/provider/dataprocessor-credential.json similarity index 51% rename from deployment/assets/credentials/k8s/provider/provider-pcf-credential.json rename to deployment/assets/credentials/k8s/provider/dataprocessor-credential.json index 46c5132c4..fdae40608 100644 --- a/deployment/assets/credentials/k8s/provider/provider-pcf-credential.json +++ b/deployment/assets/credentials/k8s/provider/dataprocessor-credential.json @@ -3,29 +3,27 @@ "participantId": "did:web:provider-identityhub%3A7083:provider", "timestamp": 1700659822500, "issuerId": "did:example:dataspace-issuer", - "holderId": "BPN0000001", + "holderId": "did:web:provider-identityhub%3A7083:provider", "state": 500, "issuancePolicy": null, "reissuancePolicy": null, "verifiableCredential": { "format": "JSON_LD", - "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJjeC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvY2F0ZW5heC9jcmVkZW50aWFscy8iLCJjb250cmFjdFRlbXBsYXRlIjoiY3gtY3JlZGVudGlhbHM6Y29udHJhY3RUZW1wbGF0ZSIsImNvbnRyYWN0VmVyc2lvbiI6ImN4LWNyZWRlbnRpYWxzOmNvbnRyYWN0VmVyc2lvbiIsImhvbGRlcklkZW50aWZpZXIiOiJjeC1jcmVkZW50aWFsczpob2xkZXJJZGVudGlmaWVyIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI1BjZkNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpwcm92aWRlciIsImNvbnRyYWN0VGVtcGxhdGUiOiJodHRwczovL3B1YmxpYy5jYXRlbmEteC5vcmcvY29udHJhY3RzL3BjZi52MS5wZGYiLCJjb250cmFjdFZlcnNpb24iOiIxLjAuMCIsImhvbGRlcklkZW50aWZpZXIiOiJCUE4wMDAwMDBYWVoifX0sImlhdCI6MTcyMDA5NzcyNH0.jA5_cpC4h7T-Cspq5tyM5CiVnqCFRG1GBmnsnjcl8QjV3jpwdjd6Qu0-sYkEQzBZjyi0o79no8H8mnRWkN8HAw", + "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJjb250cmFjdFZlcnNpb24iOiJtdmQtY3JlZGVudGlhbHM6Y29udHJhY3RWZXJzaW9uIiwibGV2ZWwiOiJtdmQtY3JlZGVudGlhbHM6bGV2ZWwifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jRGF0YVByb2Nlc3NvckNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpwcm92aWRlciIsImxldmVsIjoicHJvY2Vzc2luZyJ9fSwiaWF0IjoxNzIxMzg1NDc3fQ.YrLF1TqSbkulxWA4PZr5YcLwdiKaZES7-AEdB1gIK2tO6S757Sz6Z7AMQopmW0mydWOE72utRwpFJhph9tdzCQ", "credential": { "credentialSubject": [ { "claims": { "id": "did:web:provider-identityhub%3A7083:provider", - "holderIdentifier": "BPN0000002", - "useCaseType": "PcfCredential", - "contractTemplate": "https://public.catena-x.org/contracts/pcf.v1.pdf", - "contractVersion": "1.0.0" + "contractVersion": "1.0.0", + "level": "processing" } } ], "id": "http://org.yourdataspace.com/credentials/1265", "type": [ "VerifiableCredential", - "UseCaseFrameworkCondition" + "DataProcessorCredential" ], "issuer": { "id": "did:example:dataspace-issuer", diff --git a/deployment/assets/credentials/k8s/provider/pcf_vc.json b/deployment/assets/credentials/k8s/provider/dataprocessor_vc.json similarity index 50% rename from deployment/assets/credentials/k8s/provider/pcf_vc.json rename to deployment/assets/credentials/k8s/provider/dataprocessor_vc.json index 96ad1e12d..a696ca16b 100644 --- a/deployment/assets/credentials/k8s/provider/pcf_vc.json +++ b/deployment/assets/credentials/k8s/provider/dataprocessor_vc.json @@ -4,23 +4,21 @@ "https://w3id.org/security/suites/jws-2020/v1", "https://www.w3.org/ns/did/v1", { - "cx-credentials": "https://w3id.org/catenax/credentials/", - "contractTemplate": "cx-credentials:contractTemplate", - "contractVersion": "cx-credentials:contractVersion", - "holderIdentifier": "cx-credentials:holderIdentifier" + "mvd-credentials": "https://w3id.org/mvd/credentials/", + "contractVersion": "mvd-credentials:contractVersion", + "level": "mvd-credentials:level" } ], "id": "http://org.yourdataspace.com/credentials/2347", "type": [ "VerifiableCredential", - "http://org.yourdataspace.com#PcfCredential" + "http://org.yourdataspace.com#DataProcessorCredential" ], "issuer": "did:example:dataspace-issuer", "issuanceDate": "2023-08-18T00:00:00Z", "credentialSubject": { "id": "did:web:provider-identityhub%3A7083:provider", - "contractTemplate": "https://public.catena-x.org/contracts/pcf.v1.pdf", - "contractVersion": "1.0.0", - "holderIdentifier": "BPN000000XYZ" + "level": "processing", + "contractVersion": "1.0.0" } } \ No newline at end of file diff --git a/deployment/assets/credentials/k8s/provider/provider-membership-credential.json b/deployment/assets/credentials/k8s/provider/membership-credential.json similarity index 59% rename from deployment/assets/credentials/k8s/provider/provider-membership-credential.json rename to deployment/assets/credentials/k8s/provider/membership-credential.json index 993e151ab..3fa53f101 100644 --- a/deployment/assets/credentials/k8s/provider/provider-membership-credential.json +++ b/deployment/assets/credentials/k8s/provider/membership-credential.json @@ -3,12 +3,12 @@ "participantId": "did:web:provider-identityhub%3A7083:provider", "timestamp": 1700659822500, "issuerId": "did:example:dataspace-issuer", - "holderId": "BPN0000002", + "holderId": "did:web:provider-identityhub%3A7083:provider", "state": 500, "issuancePolicy": null, "reissuancePolicy": null, "verifiableCredential": { - "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJjeC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvY2F0ZW5heC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoiY3gtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoiY3gtY3JlZGVudGlhbHM6bWVtYmVyc2hpcFR5cGUiLCJ3ZWJzaXRlIjoiY3gtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJjeC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJjeC1jcmVkZW50aWFsczpzaW5jZSJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNNZW1iZXJzaGlwQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6cHJvdmlkZXItaWRlbnRpdHlodWIlM0E3MDgzOnByb3ZpZGVyIiwibWVtYmVyc2hpcCI6eyJtZW1iZXJzaGlwVHlwZSI6IkZ1bGxNZW1iZXIiLCJ3ZWJzaXRlIjoid3d3LndoYXRldmVyLmNvbSIsImNvbnRhY3QiOiJtaXgubWF4QHdoYXRldmVyLmNvbSIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoifX19LCJpYXQiOjE3MjAwOTc2ODJ9.2v-cOMvfNDieH0mLuv3kikTarjqOxuU_AG6zKe1_W_cmhweOLU6Reg1Gft37Tk5Fgun11Lppw298JzSl65a_Cw", + "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXAiLCJtZW1iZXJzaGlwVHlwZSI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwVHlwZSIsIndlYnNpdGUiOiJtdmQtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJtdmQtY3JlZGVudGlhbHM6Y29udGFjdCIsInNpbmNlIjoibXZkLWNyZWRlbnRpYWxzOnNpbmNlIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI01lbWJlcnNoaXBDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6cHJvdmlkZXIiLCJtZW1iZXJzaGlwIjp7Im1lbWJlcnNoaXBUeXBlIjoiRnVsbE1lbWJlciIsIndlYnNpdGUiOiJ3d3cud2hhdGV2ZXIuY29tIiwiY29udGFjdCI6Im1peC5tYXhAd2hhdGV2ZXIuY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTcyMTM4NTQ3Nn0.f41m3GDzxy4KcnuBsOTPOP3sp7rm4xERn-HzfetJd5w1yYXH0V6RnRd63otYgZt-96V9xNSM3TbTbuHhFhtkBQ", "format": "JSON_LD", "credential": { "credentialSubject": [ diff --git a/deployment/assets/credentials/k8s/provider/membership_vc.json b/deployment/assets/credentials/k8s/provider/membership_vc.json index 7ebb3bfec..934fe3970 100644 --- a/deployment/assets/credentials/k8s/provider/membership_vc.json +++ b/deployment/assets/credentials/k8s/provider/membership_vc.json @@ -4,12 +4,12 @@ "https://w3id.org/security/suites/jws-2020/v1", "https://www.w3.org/ns/did/v1", { - "cx-credentials": "https://w3id.org/catenax/credentials/", - "membership": "cx-credentials:membership", - "membershipType": "cx-credentials:membershipType", - "website": "cx-credentials:website", - "contact": "cx-credentials:contact", - "since": "cx-credentials:since" + "mvd-credentials": "https://w3id.org/mvd/credentials/", + "membership": "mvd-credentials:membership", + "membershipType": "mvd-credentials:membershipType", + "website": "mvd-credentials:website", + "contact": "mvd-credentials:contact", + "since": "mvd-credentials:since" } ], "id": "http://org.yourdataspace.com/credentials/2347", diff --git a/deployment/assets/credentials/local/consumer/alice-membership-credential.json b/deployment/assets/credentials/local/consumer/alice-membership-credential.json deleted file mode 100644 index 98ac61217..000000000 --- a/deployment/assets/credentials/local/consumer/alice-membership-credential.json +++ /dev/null @@ -1,41 +0,0 @@ -{ - "id": "40e24588-b510-41ca-966c-c1e0f57d1b14", - "participantId": "did:web:localhost%3A7083", - "timestamp": 1700659822500, - "issuerId": "did:example:dataspace-issuer", - "holderId": "BPN0000001", - "state": 500, - "issuancePolicy": null, - "reissuancePolicy": null, - "verifiableCredential": { - "rawVc": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIja2V5LTEifQ.eyJhdWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwODMiLCJpYXQiOjE3MTMzODY1MTksImlzcyI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJzdWIiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwODMiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJjb250YWN0IjoiY3gtY3JlZGVudGlhbHM6Y29udGFjdCIsImN4LWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9jYXRlbmF4L2NyZWRlbnRpYWxzLyIsIm1lbWJlcnNoaXAiOiJjeC1jcmVkZW50aWFsczptZW1iZXJzaGlwIiwibWVtYmVyc2hpcFR5cGUiOiJjeC1jcmVkZW50aWFsczptZW1iZXJzaGlwVHlwZSIsInNpbmNlIjoiY3gtY3JlZGVudGlhbHM6c2luY2UiLCJ3ZWJzaXRlIjoiY3gtY3JlZGVudGlhbHM6d2Vic2l0ZSJ9XSwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwODMiLCJtZW1iZXJzaGlwIjp7ImNvbnRhY3QiOiJtaXgubWF4QHdoYXRldmVyLmNvbSIsIm1lbWJlcnNoaXBUeXBlIjoiRnVsbE1lbWJlciIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoiLCJ3ZWJzaXRlIjoid3d3LndoYXRldmVyLmNvbSJ9fSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNNZW1iZXJzaGlwQ3JlZGVudGlhbCJdfX0.XpG9YWpzta8YhQxmyW9Df0Fhb8sX1mAY65d7Yxj91DtrtG1DPwYauhnRMwnoLSszJDWXFXyfWmnltWYxPs6GAA", - "format": "JWT", - "credential": { - "credentialSubject": [ - { - "claims": { - "membershipType": "FullMember", - "website": "www.some-other-website.com", - "contact": "bar.baz@company.com", - "since": "2023-01-01T00:00:00Z" - }, - "id": "did:web:localhost%3A7083" - } - ], - "id": "http://org.yourdataspace.com/credentials/2347", - "type": [ - "VerifiableCredential", - "MembershipCredential" - ], - "issuer": { - "id": "did:example:dataspace-issuer", - "additionalProperties": {} - }, - "issuanceDate": 1702339200.000000000, - "expirationDate": null, - "credentialStatus": null, - "description": null, - "name": null - } - } -} diff --git a/deployment/assets/credentials/local/consumer/alice-pcf-credential.json b/deployment/assets/credentials/local/consumer/alice-pcf-credential.json deleted file mode 100644 index a3ceb1147..000000000 --- a/deployment/assets/credentials/local/consumer/alice-pcf-credential.json +++ /dev/null @@ -1,41 +0,0 @@ -{ - "id": "40e24588-b510-41ca-966c-c1e0f57d1b15", - "participantId": "did:web:localhost%3A7083", - "timestamp": 1700659822500, - "issuerId": "did:example:dataspace-issuer", - "holderId": "BPN0000001", - "state": 500, - "issuancePolicy": null, - "reissuancePolicy": null, - "verifiableCredential": { - "format": "JWT", - "rawVc": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIja2V5LTEifQ.eyJhdWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwODMiLCJpYXQiOjE3MTMzODY1MTksImlzcyI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJzdWIiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwODMiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJjb250cmFjdFRlbXBsYXRlIjoiY3gtY3JlZGVudGlhbHM6Y29udHJhY3RUZW1wbGF0ZSIsImNvbnRyYWN0VmVyc2lvbiI6ImN4LWNyZWRlbnRpYWxzOmNvbnRyYWN0VmVyc2lvbiIsImN4LWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9jYXRlbmF4L2NyZWRlbnRpYWxzLyIsImhvbGRlcklkZW50aWZpZXIiOiJjeC1jcmVkZW50aWFsczpob2xkZXJJZGVudGlmaWVyIn1dLCJjcmVkZW50aWFsU3ViamVjdCI6eyJjb250cmFjdFRlbXBsYXRlIjoiaHR0cHM6Ly9wdWJsaWMuY2F0ZW5hLXgub3JnL2NvbnRyYWN0cy9wY2YudjEucGRmIiwiY29udHJhY3RWZXJzaW9uIjoiMS4wLjAiLCJob2xkZXJJZGVudGlmaWVyIjoiQlBOMDAwMDAwWFlaIiwiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwODMifSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNQY2ZDcmVkZW50aWFsIl19fQ.AVBzmjJAPNZtHXDAHBuBA6W6mTuqKUNYSz4rgXXzrMAhE9hvyY1R2MKVYeTUFP1tZUlke3okwH-tIlnPaCwyAw", - "credential": { - "credentialSubject": [ - { - "claims": { - "id": "did:web:localhost%3A7083", - "holderIdentifier": "BPN0000001", - "useCaseType": "PcfCredential", - "contractTemplate": "https://public.catena-x.org/contracts/pcf.v1.pdf", - "contractVersion": "1.0.0" - } - } - ], - "id": "http://org.yourdataspace.com/credentials/1235", - "type": [ - "VerifiableCredential", - "PcfCredential" - ], - "issuer": { - "id": "did:example:dataspace-issuer", - "additionalProperties": {} - }, - "issuanceDate": 1702339200.000000000, - "expirationDate": null, - "credentialStatus": null, - "description": null, - "name": null - } - } -} diff --git a/deployment/assets/credentials/local/consumer/dataprocessor-credential.json b/deployment/assets/credentials/local/consumer/dataprocessor-credential.json new file mode 100644 index 000000000..04883adb6 --- /dev/null +++ b/deployment/assets/credentials/local/consumer/dataprocessor-credential.json @@ -0,0 +1,39 @@ +{ + "id": "40e24588-b510-41ca-966c-c1e0f57d1b15", + "participantId": "did:web:localhost%3A7083", + "timestamp": 1700659822500, + "issuerId": "did:example:dataspace-issuer", + "holderId": "did:web:localhost%3A7093", + "state": 500, + "issuancePolicy": null, + "reissuancePolicy": null, + "verifiableCredential": { + "format": "JWT", + "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsImNvbnRyYWN0VmVyc2lvbiI6Im12ZC1jcmVkZW50aWFsczpjb250cmFjdFZlcnNpb24iLCJsZXZlbCI6Im12ZC1jcmVkZW50aWFsczpsZXZlbCJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNEYXRhUHJvY2Vzc29yQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6bG9jYWxob3N0JTNBNzA4MyIsImNvbnRyYWN0VmVyc2lvbiI6IjEuMC4wIiwibGV2ZWwiOiJwcm9jZXNzaW5nIn19LCJpYXQiOjE3MjEzODU0Nzd9.vmumM-nRghKDASiwXZoRumnGAq_aRRw7UNO6PaIZZGu-Swl4GQzL5-4aXhEw0FrRMBRchmK9_FUcWenzbcBaDw", + "credential": { + "credentialSubject": [ + { + "claims": { + "id": "did:web:localhost%3A7083", + "contractVersion": "1.0.0", + "level": "processing" + } + } + ], + "id": "http://org.yourdataspace.com/credentials/1235", + "type": [ + "VerifiableCredential", + "DataProcessorCredential" + ], + "issuer": { + "id": "did:example:dataspace-issuer", + "additionalProperties": {} + }, + "issuanceDate": 1702339200.000000000, + "expirationDate": null, + "credentialStatus": null, + "description": null, + "name": null + } + } +} diff --git a/deployment/assets/credentials/local/consumer/membership-credential.json b/deployment/assets/credentials/local/consumer/membership-credential.json new file mode 100644 index 000000000..a97b92c62 --- /dev/null +++ b/deployment/assets/credentials/local/consumer/membership-credential.json @@ -0,0 +1,41 @@ +{ + "id": "40e24588-b510-41ca-966c-c1e0f57d1b14", + "participantId": "did:web:localhost%3A7083", + "timestamp": 1700659822500, + "issuerId": "did:example:dataspace-issuer", + "holderId": "did:web:localhost%3A7083", + "state": 500, + "issuancePolicy": null, + "reissuancePolicy": null, + "verifiableCredential": { + "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsIm1lbWJlcnNoaXAiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXBUeXBlIiwid2Vic2l0ZSI6Im12ZC1jcmVkZW50aWFsczp3ZWJzaXRlIiwiY29udGFjdCI6Im12ZC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJtdmQtY3JlZGVudGlhbHM6c2luY2UifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwODMiLCJtZW1iZXJzaGlwIjp7Im1lbWJlcnNoaXBUeXBlIjoiRnVsbE1lbWJlciIsIndlYnNpdGUiOiJ3d3cud2hhdGV2ZXIuY29tIiwiY29udGFjdCI6Im1peC5tYXhAd2hhdGV2ZXIuY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTcyMTM4NTQ3N30.hpaXIX61B0yAXVDbXkpjVXEJyShYCJa-A0HJNUvWcpn_dpDgHoS9ocSPHUEfS3eNnJWodsQ0AFDSnyndjOymCA", + "format": "JWT", + "credential": { + "credentialSubject": [ + { + "claims": { + "membershipType": "FullMember", + "website": "www.some-other-website.com", + "contact": "bar.baz@company.com", + "since": "2023-01-01T00:00:00Z" + }, + "id": "did:web:localhost%3A7083" + } + ], + "id": "http://org.yourdataspace.com/credentials/2347", + "type": [ + "VerifiableCredential", + "MembershipCredential" + ], + "issuer": { + "id": "did:example:dataspace-issuer", + "additionalProperties": {} + }, + "issuanceDate": 1702339200.000000000, + "expirationDate": null, + "credentialStatus": null, + "description": null, + "name": null + } + } +} diff --git a/deployment/assets/credentials/local/consumer/unsigned/pcf_vc.json b/deployment/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json similarity index 52% rename from deployment/assets/credentials/local/consumer/unsigned/pcf_vc.json rename to deployment/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json index 4d3ad471a..e5780fe95 100644 --- a/deployment/assets/credentials/local/consumer/unsigned/pcf_vc.json +++ b/deployment/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json @@ -4,23 +4,21 @@ "https://w3id.org/security/suites/jws-2020/v1", "https://www.w3.org/ns/did/v1", { - "cx-credentials": "https://w3id.org/catenax/credentials/", - "contractTemplate": "cx-credentials:contractTemplate", - "contractVersion": "cx-credentials:contractVersion", - "holderIdentifier": "cx-credentials:holderIdentifier" + "mvd-credentials": "https://w3id.org/mvd/credentials/", + "contractVersion": "mvd-credentials:contractVersion", + "level": "mvd-credentials:level" } ], "id": "http://org.yourdataspace.com/credentials/2347", "type": [ "VerifiableCredential", - "http://org.yourdataspace.com#PcfCredential" + "http://org.yourdataspace.com#DataProcessorCredential" ], "issuer": "did:example:dataspace-issuer", "issuanceDate": "2023-08-18T00:00:00Z", "credentialSubject": { "id": "did:web:localhost%3A7083", - "contractTemplate": "https://public.catena-x.org/contracts/pcf.v1.pdf", "contractVersion": "1.0.0", - "holderIdentifier": "BPN000000XYZ" + "level": "processing" } } \ No newline at end of file diff --git a/deployment/assets/credentials/local/consumer/unsigned/membership_vc.json b/deployment/assets/credentials/local/consumer/unsigned/membership_vc.json index e1e5bdb9d..f5cef4917 100644 --- a/deployment/assets/credentials/local/consumer/unsigned/membership_vc.json +++ b/deployment/assets/credentials/local/consumer/unsigned/membership_vc.json @@ -4,12 +4,12 @@ "https://w3id.org/security/suites/jws-2020/v1", "https://www.w3.org/ns/did/v1", { - "cx-credentials": "https://w3id.org/catenax/credentials/", - "membership": "cx-credentials:membership", - "membershipType": "cx-credentials:membershipType", - "website": "cx-credentials:website", - "contact": "cx-credentials:contact", - "since": "cx-credentials:since" + "mvd-credentials": "https://w3id.org/mvd/credentials/", + "membership": "mvd-credentials:membership", + "membershipType": "mvd-credentials:membershipType", + "website": "mvd-credentials:website", + "contact": "mvd-credentials:contact", + "since": "mvd-credentials:since" } ], "id": "http://org.yourdataspace.com/credentials/2347", diff --git a/deployment/assets/credentials/local/provider/bob-membership-credential.json b/deployment/assets/credentials/local/provider/bob-membership-credential.json deleted file mode 100644 index 996cd2f28..000000000 --- a/deployment/assets/credentials/local/provider/bob-membership-credential.json +++ /dev/null @@ -1,43 +0,0 @@ -{ - "id": "40e24588-b510-41ca-966c-c1e0f57d1b14", - "participantId": "did:web:localhost%3A7093", - "timestamp": 1700659822500, - "issuerId": "did:example:dataspace-issuer", - "holderId": "BPN0000002", - "state": 500, - "issuancePolicy": null, - "reissuancePolicy": null, - "verifiableCredential": { - "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDkzIiwic3ViIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDkzIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsiY3gtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL2NhdGVuYXgvY3JlZGVudGlhbHMvIiwibWVtYmVyc2hpcCI6ImN4LWNyZWRlbnRpYWxzOm1lbWJlcnNoaXAiLCJtZW1iZXJzaGlwVHlwZSI6ImN4LWNyZWRlbnRpYWxzOm1lbWJlcnNoaXBUeXBlIiwid2Vic2l0ZSI6ImN4LWNyZWRlbnRpYWxzOndlYnNpdGUiLCJjb250YWN0IjoiY3gtY3JlZGVudGlhbHM6Y29udGFjdCIsInNpbmNlIjoiY3gtY3JlZGVudGlhbHM6c2luY2UifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8xMjM0IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMiLCJtZW1iZXJzaGlwIjp7Im1lbWJlcnNoaXBUeXBlIjoiUHJvc3BlY3RNZW1iZXIiLCJ3ZWJzaXRlIjoid3d3LnF1aXp6cXVhenouY29tIiwiY29udGFjdCI6ImZvby5iYXJAcXVpenpxdWF6ei5jb20iLCJzaW5jZSI6IjIwMjMtMDEtMDFUMDA6MDA6MDBaIn19fSwiaWF0IjoxNzE4NDQ2Njg3fQ.u2aVR5QOZfQ0dWZ0tUWSV395so1DFcnBdzjtn4sQ5_1Yx6kILbNYMhyrsmjPwNcaS_zu0yzw3kemKVp7TvHZBw", - "format": "JWT", - "credential": { - "credentialSubject": [ - { - "claims": { - "membership": { - "contact": "fizz.buzz@quizzquazz.com", - "membershipType": "PartialMember", - "since": "2023-01-01T00:00:00Z", - "website": "www.quizzquazz.com" - } - }, - "id": "did:web:localhost%3A7093" - } - ], - "id": "http://org.yourdataspace.com/credentials/1234", - "type": [ - "VerifiableCredential", - "MembershipCredential" - ], - "issuer": { - "id": "did:example:dataspace-issuer", - "additionalProperties": {} - }, - "issuanceDate": 1702339200.000000000, - "expirationDate": null, - "credentialStatus": null, - "description": null, - "name": null - } - } -} diff --git a/deployment/assets/credentials/local/provider/bob-pcf-credential.json b/deployment/assets/credentials/local/provider/bob-pcf-credential.json deleted file mode 100644 index ad585d6b1..000000000 --- a/deployment/assets/credentials/local/provider/bob-pcf-credential.json +++ /dev/null @@ -1,41 +0,0 @@ -{ - "id": "40e24588-b510-41ca-966c-c1e0f57d1ca7", - "participantId": "did:web:localhost%3A7093", - "timestamp": 1700659822500, - "issuerId": "did:example:dataspace-issuer", - "holderId": "BPN0000001", - "state": 500, - "issuancePolicy": null, - "reissuancePolicy": null, - "verifiableCredential": { - "format": "JWT", - "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDkzIiwic3ViIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDkzIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsiY3gtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL2NhdGVuYXgvY3JlZGVudGlhbHMvIiwiY29udHJhY3RUZW1wbGF0ZSI6ImN4LWNyZWRlbnRpYWxzOmNvbnRyYWN0VGVtcGxhdGUiLCJjb250cmFjdFZlcnNpb24iOiJjeC1jcmVkZW50aWFsczpjb250cmFjdFZlcnNpb24iLCJob2xkZXJJZGVudGlmaWVyIjoiY3gtY3JlZGVudGlhbHM6aG9sZGVySWRlbnRpZmllciJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNQY2ZDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDkzIiwiY29udHJhY3RUZW1wbGF0ZSI6Imh0dHBzOi8vcHVibGljLmNhdGVuYS14Lm9yZy9jb250cmFjdHMvcGNmLnYxLnBkZiIsImNvbnRyYWN0VmVyc2lvbiI6IjEuMC4wIiwiaG9sZGVySWRlbnRpZmllciI6IkJQTjAwMDAwMFhZWiJ9fSwiaWF0IjoxNzE4NTIxMjQ3fQ.OvyW42QXWrcVoiFOT4NMAxOvuDlR9A61CTTH8sCRBtMo9I_YLCVGMcA2Fs9fAAo41E8ioKP5ayFdCVKibpUrCw", - "credential": { - "credentialSubject": [ - { - "claims": { - "id": "did:web:localhost%3A7093", - "holderIdentifier": "BPN0000002", - "useCaseType": "PcfCredential", - "contractTemplate": "https://public.catena-x.org/contracts/pcf.v1.pdf", - "contractVersion": "1.0.0" - } - } - ], - "id": "http://org.yourdataspace.com/credentials/1265", - "type": [ - "VerifiableCredential", - "UseCaseFrameworkCondition" - ], - "issuer": { - "id": "did:example:dataspace-issuer", - "additionalProperties": {} - }, - "issuanceDate": 1702339200.000000000, - "expirationDate": null, - "credentialStatus": null, - "description": null, - "name": null - } - } -} diff --git a/deployment/assets/credentials/local/provider/dataprocessor-credential.json b/deployment/assets/credentials/local/provider/dataprocessor-credential.json new file mode 100644 index 000000000..f2bab6bd7 --- /dev/null +++ b/deployment/assets/credentials/local/provider/dataprocessor-credential.json @@ -0,0 +1,39 @@ +{ + "id": "40e24588-b510-41ca-966c-c1e0f57d1ca7", + "participantId": "did:web:localhost%3A7093", + "timestamp": 1700659822500, + "issuerId": "did:example:dataspace-issuer", + "holderId": "did:web:localhost%3A7093", + "state": 500, + "issuancePolicy": null, + "reissuancePolicy": null, + "verifiableCredential": { + "format": "JWT", + "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJjb250cmFjdFZlcnNpb24iOiJtdmQtY3JlZGVudGlhbHM6Y29udHJhY3RWZXJzaW9uIiwibGV2ZWwiOiJtdmQtY3JlZGVudGlhbHM6bGV2ZWwifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jRGF0YVByb2Nlc3NvckNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMiLCJjb250cmFjdFZlcnNpb24iOiIxLjAuMCIsImxldmVsIjoicHJvY2Vzc2luZyJ9fSwiaWF0IjoxNzIxMzg1NDc3fQ._i_hg7MgTYZOb_ZsDvQpZrKZQkiN7VDs8sHyBng7cSTAaQoGgCOt8br4yhMw38Qs1EYYHT87S4Fs_yTmp8niDw", + "credential": { + "credentialSubject": [ + { + "claims": { + "id": "did:web:localhost%3A7093", + "contractVersion": "1.0.0", + "level": "processing" + } + } + ], + "id": "http://org.yourdataspace.com/credentials/1265", + "type": [ + "VerifiableCredential", + "DataProcessorCredential" + ], + "issuer": { + "id": "did:example:dataspace-issuer", + "additionalProperties": {} + }, + "issuanceDate": 1702339200.000000000, + "expirationDate": null, + "credentialStatus": null, + "description": null, + "name": null + } + } +} diff --git a/deployment/assets/credentials/local/provider/membership-credential.json b/deployment/assets/credentials/local/provider/membership-credential.json new file mode 100644 index 000000000..4f25dfadf --- /dev/null +++ b/deployment/assets/credentials/local/provider/membership-credential.json @@ -0,0 +1,43 @@ +{ + "id": "40e24588-b510-41ca-966c-c1e0f57d1b14", + "participantId": "did:web:localhost%3A7093", + "timestamp": 1700659822500, + "issuerId": "did:example:dataspace-issuer", + "holderId": "did:web:localhost%3A7093", + "state": 500, + "issuancePolicy": null, + "reissuancePolicy": null, + "verifiableCredential": { + "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXAiLCJtZW1iZXJzaGlwVHlwZSI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwVHlwZSIsIndlYnNpdGUiOiJtdmQtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJtdmQtY3JlZGVudGlhbHM6Y29udGFjdCIsInNpbmNlIjoibXZkLWNyZWRlbnRpYWxzOnNpbmNlIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMTIzNCIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI01lbWJlcnNoaXBDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDkzIiwibWVtYmVyc2hpcCI6eyJtZW1iZXJzaGlwVHlwZSI6IlByb3NwZWN0TWVtYmVyIiwid2Vic2l0ZSI6Ind3dy5xdWl6enF1YXp6LmNvbSIsImNvbnRhY3QiOiJmb28uYmFyQHF1aXp6cXVhenouY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTcyMTM4NTQ3N30.2-ZplCofXyq-Uj9rVmY1tt9rLcXxIw6HVByq-v338mx7qiQSQqt1cv_0RNZ5doMQqR5n1L2MycA5EQtRZGlqCg", + "format": "JWT", + "credential": { + "credentialSubject": [ + { + "claims": { + "membership": { + "contact": "fizz.buzz@quizzquazz.com", + "membershipType": "PartialMember", + "since": "2023-01-01T00:00:00Z", + "website": "www.quizzquazz.com" + } + }, + "id": "did:web:localhost%3A7093" + } + ], + "id": "http://org.yourdataspace.com/credentials/1234", + "type": [ + "VerifiableCredential", + "MembershipCredential" + ], + "issuer": { + "id": "did:example:dataspace-issuer", + "additionalProperties": {} + }, + "issuanceDate": 1702339200.000000000, + "expirationDate": null, + "credentialStatus": null, + "description": null, + "name": null + } + } +} diff --git a/deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json b/deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json new file mode 100644 index 000000000..8095b0bc6 --- /dev/null +++ b/deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json @@ -0,0 +1,24 @@ +{ + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://w3id.org/security/suites/jws-2020/v1", + "https://www.w3.org/ns/did/v1", + { + "mvd-credentials": "https://w3id.org/mvd/credentials/", + "contractVersion": "mvd-credentials:contractVersion", + "level": "mvd-credentials:level" + } + ], + "id": "http://org.yourdataspace.com/credentials/2347", + "type": [ + "VerifiableCredential", + "http://org.yourdataspace.com#DataProcessorCredential" + ], + "issuer": "did:example:dataspace-issuer", + "issuanceDate": "2023-08-18T00:00:00Z", + "credentialSubject": { + "id": "did:web:localhost%3A7093", + "level": "processing", + "contractVersion": "1.0.0" + } +} \ No newline at end of file diff --git a/deployment/assets/credentials/local/provider/unsigned/membership_vc.json b/deployment/assets/credentials/local/provider/unsigned/membership_vc.json index 2a1553b80..62abcdee7 100644 --- a/deployment/assets/credentials/local/provider/unsigned/membership_vc.json +++ b/deployment/assets/credentials/local/provider/unsigned/membership_vc.json @@ -4,12 +4,12 @@ "https://w3id.org/security/suites/jws-2020/v1", "https://www.w3.org/ns/did/v1", { - "cx-credentials": "https://w3id.org/catenax/credentials/", - "membership": "cx-credentials:membership", - "membershipType": "cx-credentials:membershipType", - "website": "cx-credentials:website", - "contact": "cx-credentials:contact", - "since": "cx-credentials:since" + "mvd-credentials": "https://w3id.org/mvd/credentials/", + "membership": "mvd-credentials:membership", + "membershipType": "mvd-credentials:membershipType", + "website": "mvd-credentials:website", + "contact": "mvd-credentials:contact", + "since": "mvd-credentials:since" } ], "id": "http://org.yourdataspace.com/credentials/1234", diff --git a/deployment/assets/credentials/local/provider/unsigned/pcf_vc.json b/deployment/assets/credentials/local/provider/unsigned/pcf_vc.json deleted file mode 100644 index a197f2af9..000000000 --- a/deployment/assets/credentials/local/provider/unsigned/pcf_vc.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://w3id.org/security/suites/jws-2020/v1", - "https://www.w3.org/ns/did/v1", - { - "cx-credentials": "https://w3id.org/catenax/credentials/", - "contractTemplate": "cx-credentials:contractTemplate", - "contractVersion": "cx-credentials:contractVersion", - "holderIdentifier": "cx-credentials:holderIdentifier" - } - ], - "id": "http://org.yourdataspace.com/credentials/2347", - "type": [ - "VerifiableCredential", - "http://org.yourdataspace.com#PcfCredential" - ], - "issuer": "did:example:dataspace-issuer", - "issuanceDate": "2023-08-18T00:00:00Z", - "credentialSubject": { - "id": "did:web:localhost%3A7093", - "contractTemplate": "https://public.catena-x.org/contracts/pcf.v1.pdf", - "contractVersion": "1.0.0", - "holderIdentifier": "BPN000000XYZ" - } -} \ No newline at end of file diff --git a/deployment/modules/catalog-server/variables.tf b/deployment/modules/catalog-server/variables.tf index 7eaf52eff..4655ff1b1 100644 --- a/deployment/modules/catalog-server/variables.tf +++ b/deployment/modules/catalog-server/variables.tf @@ -29,12 +29,12 @@ variable "image-pull-policy" { variable "humanReadableName" { type = string - description = "Human readable name of the connector, NOT the BPN!!. Required." + description = "Human readable name of the connector, NOT the ID!!. Required." } variable "participantId" { type = string - description = "Participant ID of the connector. In Catena-X, this MUST be the BPN" + description = "Participant ID of the connector. Usually a DID" } variable "participant-did" { diff --git a/deployment/modules/identity-hub/variables.tf b/deployment/modules/identity-hub/variables.tf index 5ad829617..1cbf1a841 100644 --- a/deployment/modules/identity-hub/variables.tf +++ b/deployment/modules/identity-hub/variables.tf @@ -23,12 +23,12 @@ variable "humanReadableName" { type = string - description = "Human readable name of the connector, NOT the BPN!!. Required." + description = "Human readable name of the connector, NOT the ID!!. Required." } variable "participantId" { type = string - description = "Participant ID of the connector. In Catena-X, this MUST be the BPN" + description = "Participant ID of the connector. Usually a DID" } variable "namespace" { diff --git a/deployment/postman/MVD K8S.postman_environment.json b/deployment/postman/MVD K8S.postman_environment.json new file mode 100644 index 000000000..040e1f4ab --- /dev/null +++ b/deployment/postman/MVD K8S.postman_environment.json @@ -0,0 +1,51 @@ +{ + "id": "9432baf7-0849-46e4-a1a7-dece247a41be", + "name": "MVD K8S", + "values": [ + { + "key": "HOST", + "value": "http://localhost/consumer/cp", + "type": "default", + "enabled": true + }, + { + "key": "CS_URL", + "value": "http://localhost/consumer/cs/", + "type": "default", + "enabled": true + }, + { + "key": "PROVIDER_ID", + "value": "did:web:provider-identityhub%3A7083:provider", + "type": "default", + "enabled": true + }, + { + "key": "CATALOG_SERVER_DSP_URL", + "value": "http://provider-catalog-server-controlplane:8082", + "type": "default", + "enabled": true + }, + { + "key": "CONSUMER_CATALOG_QUERY_URL", + "value": "http://localhost/consumer/fc", + "type": "default", + "enabled": true + }, + { + "key": "PROVIDER_DSP_URL", + "value": "http://provider-qna-controlplane:8082", + "type": "default", + "enabled": true + }, + { + "key": "PROVIDER_PUBLIC_API", + "value": "http://localhost/provider-qna/public", + "type": "default", + "enabled": true + } + ], + "_postman_variable_scope": "environment", + "_postman_exported_at": "2024-07-19T12:19:41.675Z", + "_postman_exported_using": "Postman/11.4.0" +} \ No newline at end of file diff --git a/deployment/postman/MVD Local Development.postman_environment.json b/deployment/postman/MVD Local Development.postman_environment.json new file mode 100644 index 000000000..8f8a436af --- /dev/null +++ b/deployment/postman/MVD Local Development.postman_environment.json @@ -0,0 +1,51 @@ +{ + "id": "35c096d9-84c2-499f-8ed0-8bcf3275370b", + "name": "MVD Local Development", + "values": [ + { + "key": "HOST", + "value": "http://localhost:8081", + "type": "default", + "enabled": true + }, + { + "key": "CS_URL", + "value": "http://localhost:7082", + "type": "default", + "enabled": true + }, + { + "key": "PROVIDER_ID", + "value": "did:web:localhost%3A7093", + "type": "default", + "enabled": true + }, + { + "key": "CATALOG_SERVER_DSP_URL", + "value": "http://localhost:8092", + "type": "default", + "enabled": true + }, + { + "key": "CONSUMER_CATALOG_QUERY_URL", + "value": "http://localhost:8084", + "type": "default", + "enabled": true + }, + { + "key": "PROVIDER_DSP_URL", + "value": "http://localhost:8192", + "type": "default", + "enabled": true + }, + { + "key": "PROVIDER_PUBLIC_API", + "value": "http://localhost:12001", + "type": "default", + "enabled": true + } + ], + "_postman_variable_scope": "environment", + "_postman_exported_at": "2024-07-19T12:19:50.250Z", + "_postman_exported_using": "Postman/11.4.0" +} \ No newline at end of file diff --git a/deployment/postman/MVD.postman_collection.json b/deployment/postman/MVD.postman_collection.json index 502b2ad88..f665f08bc 100644 --- a/deployment/postman/MVD.postman_collection.json +++ b/deployment/postman/MVD.postman_collection.json @@ -58,7 +58,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"@context\": {},\n \"@id\": \"asset-2\",\n \"@type\": \"Asset\",\n \"properties\": {\n \"description\": \"This asset requires Membership to view and Sustainability to negotiate.\"\n },\n \"dataAddress\": {\n \"@type\": \"DataAddress\",\n \"type\": \"HttpData\",\n \"baseUrl\": \"https://jsonplaceholder.typicode.com/todos\",\n \"proxyPath\": \"true\",\n \"proxyQueryParams\": \"true\"\n }\n }" + "raw": "{\n \"@context\": {},\n \"@id\": \"asset-2\",\n \"@type\": \"Asset\",\n \"properties\": {\n \"description\": \"This asset requires Membership to view and SensitiveData credential to negotiate.\"\n },\n \"dataAddress\": {\n \"@type\": \"DataAddress\",\n \"type\": \"HttpData\",\n \"baseUrl\": \"https://jsonplaceholder.typicode.com/todos\",\n \"proxyPath\": \"true\",\n \"proxyQueryParams\": \"true\"\n }\n }" }, "url": { "raw": "{{HOST}}/api/management/v3/assets", @@ -109,7 +109,7 @@ "response": [] }, { - "name": "Create PCF Use case policy", + "name": "Create DataProcessor policy", "request": { "method": "POST", "header": [ @@ -124,7 +124,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"@context\": {\n \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n },\n \"@type\": \"PolicyDefinitionRequestDto\",\n \"@id\": \"require-pcf\",\n \"policy\": {\n \"@type\": \"http://www.w3.org/ns/odrl/2/Set\",\n \"odrl:obligation\": [\n {\n \"odrl:action\": \"use\",\n \"odrl:constraint\": {\n \"@type\": \"LogicalConstraint\",\n \"odrl:leftOperand\": \"FrameworkCredential.pcf\",\n \"odrl:operator\": {\n \"@id\": \"odrl:eq\"\n },\n \"odrl:rightOperand\": \"active\"\n }\n }\n ]\n }\n}" + "raw": "{\n \"@context\": {\n \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n },\n \"@type\": \"PolicyDefinitionRequestDto\",\n \"@id\": \"require-dataprocessor\",\n \"policy\": {\n \"@type\": \"http://www.w3.org/ns/odrl/2/Set\",\n \"odrl:obligation\": [\n {\n \"odrl:action\": \"use\",\n \"odrl:constraint\": {\n \"@type\": \"LogicalConstraint\",\n \"odrl:leftOperand\": \"DataAccess.level\",\n \"odrl:operator\": {\n \"@id\": \"odrl:eq\"\n },\n \"odrl:rightOperand\": \"processing\"\n }\n }\n ]\n }\n}" }, "url": { "raw": "{{HOST}}/api/management/v3/policydefinitions", @@ -142,7 +142,7 @@ "response": [] }, { - "name": "Create Sustainability Use case policy", + "name": "Create Sensitive Data Processor policy", "request": { "method": "POST", "header": [ @@ -157,7 +157,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"@context\": {\n \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n },\n \"@type\": \"PolicyDefinitionRequestDto\",\n \"@id\": \"require-sustainability\",\n \"policy\": {\n \"@type\": \"http://www.w3.org/ns/odrl/2/Set\",\n \"odrl:obligation\": [\n {\n \"odrl:action\": \"USE\",\n \"odrl:constraint\": {\n \"@type\": \"LogicalConstraint\",\n \"odrl:leftOperand\": \"FrameworkCredential.sustainability\",\n \"odrl:operator\": {\n \"@id\": \"odrl:eq\"\n },\n \"odrl:rightOperand\": \"active\"\n }\n }\n ]\n }\n}" + "raw": "{\n \"@context\": {\n \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n },\n \"@type\": \"PolicyDefinitionRequestDto\",\n \"@id\": \"require-sensitive\",\n \"policy\": {\n \"@type\": \"http://www.w3.org/ns/odrl/2/Set\",\n \"odrl:obligation\": [\n {\n \"odrl:action\": \"use\",\n \"odrl:constraint\": {\n \"@type\": \"LogicalConstraint\",\n \"odrl:leftOperand\": \"DataAccess.level\",\n \"odrl:operator\": {\n \"@id\": \"odrl:eq\"\n },\n \"odrl:rightOperand\": \"sensitive\"\n }\n }\n ]\n }\n}" }, "url": { "raw": "{{HOST}}/api/management/v3/policydefinitions", @@ -175,7 +175,7 @@ "response": [] }, { - "name": "Create \"member-and-pcf-cred\" definition", + "name": "Create \"member-and-data-cred\" definition", "request": { "method": "POST", "header": [ @@ -190,7 +190,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"@context\": {},\n \"@id\": \"member-and-pcf-def\",\n \"@type\": \"ContractDefinition\",\n \"accessPolicyId\": \"require-membership\",\n \"contractPolicyId\": \"require-pcf\",\n \"assetsSelector\" : {\n \"@type\" : \"CriterionDto\",\n \"operandLeft\": \"https://w3id.org/edc/v0.0.1/ns/id\",\n \"operator\": \"=\",\n \"operandRight\": \"asset-1\"\n }\n }" + "raw": "{\n \"@context\": {},\n \"@id\": \"member-and-dataprocessor-def\",\n \"@type\": \"ContractDefinition\",\n \"accessPolicyId\": \"require-membership\",\n \"contractPolicyId\": \"require-dataprocessor\",\n \"assetsSelector\" : {\n \"@type\" : \"CriterionDto\",\n \"operandLeft\": \"https://w3id.org/edc/v0.0.1/ns/id\",\n \"operator\": \"=\",\n \"operandRight\": \"asset-1\"\n }\n }" }, "url": { "raw": "{{HOST}}/api/management/v3/contractdefinitions", @@ -208,7 +208,7 @@ "response": [] }, { - "name": "Create \"require sustainability\" definition", + "name": "Create \"require sensitive\" definition", "request": { "method": "POST", "header": [ @@ -223,7 +223,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"@context\": {},\n \"@id\": \"sustainability-only-def\",\n \"@type\": \"ContractDefinition\",\n \"accessPolicyId\": \"require-membership\",\n \"contractPolicyId\": \"require-sustainability\",\n \"assetsSelector\" : {\n \"@type\" : \"CriterionDto\",\n \"operandLeft\": \"https://w3id.org/edc/v0.0.1/ns/id\",\n \"operator\": \"=\",\n \"operandRight\": \"asset-2\"\n }\n }" + "raw": "{\n \"@context\": {},\n \"@id\": \"sensitive-only-def\",\n \"@type\": \"ContractDefinition\",\n \"accessPolicyId\": \"require-membership\",\n \"contractPolicyId\": \"require-sensitive\",\n \"assetsSelector\": {\n \"@type\": \"CriterionDto\",\n \"operandLeft\": \"https://w3id.org/edc/v0.0.1/ns/id\",\n \"operator\": \"=\",\n \"operandRight\": \"asset-2\"\n }\n}" }, "url": { "raw": "{{HOST}}/api/management/v3/contractdefinitions", @@ -570,7 +570,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"@context\": {\n \"@vocab\": \"https://w3id.org/edc/v0.0.1/ns/\"\n },\n \"@type\": \"https://w3id.org/edc/v0.0.1/ns/ContractRequest\",\n \"counterPartyAddress\": \"{{PROVIDER_DSP_URL}}/api/dsp\",\n \"counterPartyId\": \"{{PROVIDER_ID}}\",\n \"protocol\": \"dataspace-protocol-http\",\n \"policy\": {\n \"@context\": \"http://www.w3.org/ns/odrl.jsonld\",\n \"@type\": \"http://www.w3.org/ns/odrl/2/Offer\",\n \"@id\": \"bWVtYmVyLWFuZC1wY2YtZGVm:YXNzZXQtMQ==:MDIxM2MzZDQtMzE3NS00MzFmLWIzM2UtNDFkY2I2Y2RhZjU1\",\n \"assigner\": \"{{PROVIDER_ID}}\",\n \"permission\": [],\n \"prohibition\": [],\n \"odrl:obligation\": {\n \"odrl:action\": {\n \"@id\": \"use\"\n },\n \"odrl:constraint\": {\n \"odrl:leftOperand\": {\n \"@id\": \"FrameworkCredential.pcf\"\n },\n \"odrl:operator\": {\n \"@id\": \"odrl:eq\"\n },\n \"odrl:rightOperand\": \"active\"\n }\n },\n \"target\": \"asset-1\"\n },\n \"callbackAddresses\": []\n}", + "raw": "{\n \"@context\": {\n \"@vocab\": \"https://w3id.org/edc/v0.0.1/ns/\"\n },\n \"@type\": \"https://w3id.org/edc/v0.0.1/ns/ContractRequest\",\n \"counterPartyAddress\": \"{{PROVIDER_DSP_URL}}/api/dsp\",\n \"counterPartyId\": \"{{PROVIDER_ID}}\",\n \"protocol\": \"dataspace-protocol-http\",\n \"policy\": {\n \"@context\": \"http://www.w3.org/ns/odrl.jsonld\",\n \"@type\": \"http://www.w3.org/ns/odrl/2/Offer\",\n \"@id\": \"bWVtYmVyLWFuZC1kYXRhcHJvY2Vzc29yLWRlZg==:YXNzZXQtMQ==:MmQ0ZWZjZTYtYzJjNy00NTM5LTk5ODAtZDAwOTlkZDNkOWQy\",\n \"assigner\": \"{{PROVIDER_ID}}\",\n \"permission\": [],\n \"prohibition\": [],\n \"odrl:obligation\": {\n \"odrl:action\": {\n \"@id\": \"use\"\n },\n \"odrl:constraint\": {\n \"odrl:leftOperand\": {\n \"@id\": \"DataAccess.level\"\n },\n \"odrl:operator\": {\n \"@id\": \"odrl:eq\"\n },\n \"odrl:rightOperand\": \"processing\"\n }\n },\n \"target\": \"asset-1\"\n },\n \"callbackAddresses\": []\n}", "options": { "raw": { "language": "json" @@ -633,7 +633,7 @@ "header": [], "body": { "mode": "raw", - "raw": "{\n \"@context\": {\n \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n },\n \"assetId\": \"asset-1\",\n \"counterPartyAddress\": \"{{PROVIDER_DSP_URL}}/api/dsp\",\n \"connectorId\": \"{{PROVIDER_ID}}\",\n \"contractId\": \"76ee7bc5-73b0-44c8-8e03-032726616996\",\n \"dataDestination\": {\n \"type\": \"HttpProxy\"\n },\n \"protocol\": \"dataspace-protocol-http\",\n \"transferType\": \"HttpData-PULL\"\n}", + "raw": "{\n \"@context\": {\n \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n },\n \"assetId\": \"asset-1\",\n \"counterPartyAddress\": \"{{PROVIDER_DSP_URL}}/api/dsp\",\n \"connectorId\": \"{{PROVIDER_ID}}\",\n \"contractId\": \"47e43627-d9b0-4e35-b534-cef450d7de88\",\n \"dataDestination\": {\n \"type\": \"HttpProxy\"\n },\n \"protocol\": \"dataspace-protocol-http\",\n \"transferType\": \"HttpData-PULL\"\n}", "options": { "raw": { "language": "json" @@ -734,7 +734,7 @@ } ], "url": { - "raw": "{{HOST}}/api/management/v3/edrs/392d1767-e546-4b54-ab6e-6fb20a3dc12a/dataaddress", + "raw": "{{HOST}}/api/management/v3/edrs/713dfab7-c70a-4c7b-9756-d372647276b5/dataaddress", "host": [ "{{HOST}}" ], @@ -743,7 +743,7 @@ "management", "v3", "edrs", - "392d1767-e546-4b54-ab6e-6fb20a3dc12a", + "713dfab7-c70a-4c7b-9756-d372647276b5", "dataaddress" ] } @@ -753,6 +753,9 @@ { "name": "Download Data from Public API", "request": { + "auth": { + "type": "noauth" + }, "method": "GET", "header": [ { @@ -761,7 +764,7 @@ }, { "key": "Authorization", - "value": "eyJraWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMja2V5LTEiLCJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMiLCJhdWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwODMiLCJzdWIiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMiLCJpYXQiOjE3MjA3Nzk3MjMwMjAsImp0aSI6ImJhZjUwM2ZmLTQ0YTEtNGEzNS1hNDJjLTgwNGM1ODNhYTIxZiJ9.JX6nLTgAJZ6lAEv68ZqVawjMQep2gkWS4Xoco2elm_7TyoWQcxHnxPbrYYFxNg-ATdeARfqr5EiyO3l8A6vAyQ", + "value": "eyJraWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMja2V5LTEiLCJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMiLCJhdWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwODMiLCJzdWIiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMiLCJpYXQiOjE3MjEzOTMxNjU5ODgsImp0aSI6ImFmOWI2YWIyLTMwNjYtNDNlNi1hNjg1LWIyMDVjNTFkZmJhMyJ9.ute0sLuMgc0bzG_ZUGG9G3pliFfANf9pWDxReiRrWjGudgUa4YmR9ftB5LeZTOvKCBJshRpbZX-hnQxR8fXMWA", "type": "text" } ], diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/FrameworkCredentialScopeExtractor.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/DataAccessCredentialScopeExtractor.java similarity index 63% rename from extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/FrameworkCredentialScopeExtractor.java rename to extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/DataAccessCredentialScopeExtractor.java index 5ab4906db..b29a503f6 100644 --- a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/FrameworkCredentialScopeExtractor.java +++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/DataAccessCredentialScopeExtractor.java @@ -20,27 +20,19 @@ import java.util.Set; -class FrameworkCredentialScopeExtractor implements ScopeExtractor { - private static final String FRAMEWORK_CREDENTIAL_PREFIX = "FrameworkCredential."; +class DataAccessCredentialScopeExtractor implements ScopeExtractor { + private static final String DATA_ACCESS_CONSTRAINT_PREFIX = "DataAccess."; private static final String CREDENTIAL_TYPE_NAMESPACE = "org.eclipse.edc.vc.type"; - - FrameworkCredentialScopeExtractor() { - } + public static final String DATA_PROCESSOR_CREDENTIAL_TYPE = "DataProcessorCredential"; @Override public Set extractScopes(Object leftValue, Operator operator, Object rightValue, PolicyContext context) { Set scopes = Set.of(); if (leftValue instanceof String leftOperand) { - if (leftOperand.startsWith(FRAMEWORK_CREDENTIAL_PREFIX)) { - var credentialType = leftOperand.replace(FRAMEWORK_CREDENTIAL_PREFIX, ""); - credentialType = "%sCredential".formatted(capitalize(credentialType)); - scopes = Set.of("%s:%s:read".formatted(CREDENTIAL_TYPE_NAMESPACE, credentialType)); + if (leftOperand.startsWith(DATA_ACCESS_CONSTRAINT_PREFIX)) { + scopes = Set.of("%s:%s:read".formatted(CREDENTIAL_TYPE_NAMESPACE, DATA_PROCESSOR_CREDENTIAL_TYPE)); } } return scopes; } - - private String capitalize(String input) { - return input.substring(0, 1).toUpperCase() + input.substring(1).toLowerCase(); - } } diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/DcpPatchExtension.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/DcpPatchExtension.java index a77608cc5..39b7cc099 100644 --- a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/DcpPatchExtension.java +++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/DcpPatchExtension.java @@ -71,7 +71,7 @@ public void initialize(ServiceExtensionContext context) { //register scope extractor - scopeExtractorRegistry.registerScopeExtractor(new FrameworkCredentialScopeExtractor()); + scopeExtractorRegistry.registerScopeExtractor(new DataAccessCredentialScopeExtractor()); typeTransformerRegistry.register(new JsonValueToGenericTypeTransformer(typeManager.getMapper(JSON_LD))); diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/AbstractCredentialEvaluationFunction.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/AbstractCredentialEvaluationFunction.java new file mode 100644 index 000000000..f15648688 --- /dev/null +++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/AbstractCredentialEvaluationFunction.java @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2024 Metaform Systems, Inc. + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * Metaform Systems, Inc. - initial API and implementation + * + */ + +package org.eclipse.edc.demo.dcp.policy; + +import org.eclipse.edc.iam.verifiablecredentials.spi.model.VerifiableCredential; +import org.eclipse.edc.spi.agent.ParticipantAgent; +import org.eclipse.edc.spi.result.Result; + +import java.util.List; + +public class AbstractCredentialEvaluationFunction { + private static final String VC_CLAIM = "vc"; + protected static final String MVD_NAMESPACE = "https://w3id.org/mvd/credentials/"; + + protected Result> getCredentialList(ParticipantAgent agent) { + var vcListClaim = agent.getClaims().get(VC_CLAIM); + + if (vcListClaim == null) { + return Result.failure("ParticipantAgent did not contain a '%s' claim.".formatted(VC_CLAIM)); + } + if (!(vcListClaim instanceof List)) { + return Result.failure("ParticipantAgent contains a '%s' claim, but the type is incorrect. Expected %s, received %s.".formatted(VC_CLAIM, List.class.getName(), vcListClaim.getClass().getName())); + } + var vcList = (List) vcListClaim; + if (vcList.isEmpty()) { + return Result.failure("ParticipantAgent contains a '%s' claim but it did not contain any VerifiableCredentials.".formatted(VC_CLAIM)); + } + return Result.success(vcList); + } +} diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/UseCaseFunction.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/DataAccessLevelFunction.java similarity index 62% rename from extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/UseCaseFunction.java rename to extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/DataAccessLevelFunction.java index a2c244b2f..86cbf899d 100644 --- a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/UseCaseFunction.java +++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/DataAccessLevelFunction.java @@ -21,14 +21,11 @@ import org.eclipse.edc.spi.agent.ParticipantAgent; import java.util.Map; +import java.util.Objects; -public class UseCaseFunction implements AtomicConstraintFunction { +public class DataAccessLevelFunction extends AbstractCredentialEvaluationFunction implements AtomicConstraintFunction { - private final String usecase; - - public UseCaseFunction(String usecase) { - this.usecase = usecase; - } + private static final String DATAPROCESSOR_CRED_TYPE = "DataProcessorCredential"; @Override public boolean evaluate(Operator operator, Object rightOperand, Duty duty, PolicyContext policyContext) { @@ -36,28 +33,34 @@ public boolean evaluate(Operator operator, Object rightOperand, Duty duty, Polic policyContext.reportProblem("Cannot evaluate operator %s, only %s is supported".formatted(operator, Operator.EQ)); return false; } - if (!"active".equalsIgnoreCase(rightOperand.toString())) { - policyContext.reportProblem("Use case credentials only support right operand 'active', but found '%s'".formatted(operator.toString())); - return false; - } var pa = policyContext.getContextData(ParticipantAgent.class); if (pa == null) { policyContext.reportProblem("ParticipantAgent not found on PolicyContext"); return false; } - var claims = pa.getClaims(); + var credentialResult = getCredentialList(pa); + if (credentialResult.failed()) { + policyContext.reportProblem(credentialResult.getFailureDetail()); + return false; + } + + return credentialResult.getContent() + .stream() + .filter(vc -> vc.getType().stream().anyMatch(t -> t.endsWith(DATAPROCESSOR_CRED_TYPE))) + .flatMap(credential -> credential.getCredentialSubject().stream()) + .anyMatch(credentialSubject -> { + var version = credentialSubject.getClaim(MVD_NAMESPACE, "contractVersion"); + var level = credentialSubject.getClaim(MVD_NAMESPACE, "level"); - String version = getClaim("contractVersion", claims); - String holderIdentifier = getClaim("holderIdentifier", claims); - String contractTemplate = getClaim("contractTemplate", claims); + return version != null && Objects.equals(level, rightOperand); + }); - return version != null && holderIdentifier != null && contractTemplate != null && - contractTemplate.contains(usecase); + } public String key() { - return "FrameworkCredential.%s".formatted(usecase); + return "DataAccess.level"; } @SuppressWarnings("unchecked") diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java index 83c188945..ebdb3fa25 100644 --- a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java +++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java @@ -14,7 +14,6 @@ package org.eclipse.edc.demo.dcp.policy; -import org.eclipse.edc.jsonld.spi.JsonLdKeywords; import org.eclipse.edc.policy.engine.spi.AtomicConstraintFunction; import org.eclipse.edc.policy.engine.spi.PolicyContext; import org.eclipse.edc.policy.model.Operator; @@ -22,14 +21,14 @@ import org.eclipse.edc.spi.agent.ParticipantAgent; import java.time.Instant; -import java.util.List; import java.util.Map; -public class MembershipCredentialEvaluationFunction implements AtomicConstraintFunction { +public class MembershipCredentialEvaluationFunction extends AbstractCredentialEvaluationFunction implements AtomicConstraintFunction { public static final String MEMBERSHIP_CONSTRAINT_KEY = "MembershipCredential"; - private static final String MEMBERSHIP_CLAIM = "https://w3id.org/catenax/credentials/membership"; - private static final String MEMBERSHIP_SINCE_CLAIM = "https://w3id.org/catenax/credentials/since"; + private static final String MEMBERSHIP_CLAIM = "membership"; + private static final String SINCE_CLAIM = "since"; + private static final String ACTIVE = "active"; @SuppressWarnings("unchecked") @Override @@ -38,24 +37,30 @@ public boolean evaluate(Operator operator, Object rightOperand, Permission permi policyContext.reportProblem("Invalid operator '%s', only accepts '%s'".formatted(operator, Operator.EQ)); return false; } + if (!ACTIVE.equals(rightOperand)) { + policyContext.reportProblem("Right-operand must be equal to '%s', but was '%s'".formatted(ACTIVE, rightOperand)); + return false; + } + var pa = policyContext.getContextData(ParticipantAgent.class); if (pa == null) { policyContext.reportProblem("No ParticipantAgent found on context."); return false; } - var claims = pa.getClaims(); - Map> membership = (Map>) claims.get(MEMBERSHIP_CLAIM); - if ("active".equalsIgnoreCase(rightOperand.toString())) { - String since = getArrayValue(membership.get(MEMBERSHIP_SINCE_CLAIM)); - var membershipStartDate = Instant.parse(since); - - return membershipStartDate.isBefore(Instant.now()); + var credentialResult = getCredentialList(pa); + if (credentialResult.failed()) { + policyContext.reportProblem(credentialResult.getFailureDetail()); + return false; } - return false; - } - private T getArrayValue(List entry) { - return (T) ((Map) entry.get(0)).get(JsonLdKeywords.VALUE); + return credentialResult.getContent() + .stream() + .filter(vc -> vc.getType().stream().anyMatch(t -> t.endsWith(MEMBERSHIP_CONSTRAINT_KEY))) + .flatMap(vc -> vc.getCredentialSubject().stream().filter(cs -> cs.getClaims().containsKey(MEMBERSHIP_CLAIM))) + .anyMatch(credential -> { + var membershipClaim = (Map) credential.getClaim(MVD_NAMESPACE, MEMBERSHIP_CLAIM); + var membershipStartDate = Instant.parse(membershipClaim.get(SINCE_CLAIM).toString()); + return membershipStartDate.isBefore(Instant.now()); + }); } - } diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java index 904c50843..e22db2f04 100644 --- a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java +++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java @@ -40,29 +40,26 @@ public class PolicyEvaluationExtension implements ServiceExtension { @Override public void initialize(ServiceExtensionContext context) { var fct = new MembershipCredentialEvaluationFunction(); - this.bindPermissionFunction(fct, TRANSFER_PROCESS_SCOPE, MEMBERSHIP_CONSTRAINT_KEY); - this.bindPermissionFunction(fct, NEGOTIATION_SCOPE, MEMBERSHIP_CONSTRAINT_KEY); - this.bindPermissionFunction(fct, CATALOG_SCOPE, MEMBERSHIP_CONSTRAINT_KEY); - registerUseCase("pcf"); - registerUseCase("traceability"); - registerUseCase("sustainability"); - registerUseCase("quality"); - registerUseCase("resiliency"); + bindPermissionFunction(fct, TRANSFER_PROCESS_SCOPE, MEMBERSHIP_CONSTRAINT_KEY); + bindPermissionFunction(fct, NEGOTIATION_SCOPE, MEMBERSHIP_CONSTRAINT_KEY); + bindPermissionFunction(fct, CATALOG_SCOPE, MEMBERSHIP_CONSTRAINT_KEY); + + registerDataAccessLevelFunction(); } - private void registerUseCase(String useCaseName) { - var frameworkFunction = new UseCaseFunction(useCaseName); - var usecase = frameworkFunction.key(); + private void registerDataAccessLevelFunction() { + var function = new DataAccessLevelFunction(); + var accessLevelKey = function.key(); - bindDutyFunction(frameworkFunction, TRANSFER_PROCESS_SCOPE, usecase); - bindDutyFunction(frameworkFunction, NEGOTIATION_SCOPE, usecase); - bindDutyFunction(frameworkFunction, CATALOG_SCOPE, usecase); + bindDutyFunction(function, TRANSFER_PROCESS_SCOPE, accessLevelKey); + bindDutyFunction(function, NEGOTIATION_SCOPE, accessLevelKey); + bindDutyFunction(function, CATALOG_SCOPE, accessLevelKey); } private void bindPermissionFunction(AtomicConstraintFunction function, String scope, String constraintType) { - ruleBindingRegistry.bind("USE", scope); + ruleBindingRegistry.bind("use", scope); ruleBindingRegistry.bind(ODRL_SCHEMA + "use", scope); ruleBindingRegistry.bind(constraintType, scope); @@ -70,7 +67,7 @@ private void bindPermissionFunction(AtomicConstraintFunction functio } private void bindDutyFunction(AtomicConstraintFunction function, String scope, String constraintType) { - ruleBindingRegistry.bind("USE", scope); + ruleBindingRegistry.bind("use", scope); ruleBindingRegistry.bind(ODRL_SCHEMA + "use", scope); ruleBindingRegistry.bind(constraintType, scope); diff --git a/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/IdentityHubExtension.java b/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/IdentityHubExtension.java index 016c82cd4..48e2a5cc6 100644 --- a/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/IdentityHubExtension.java +++ b/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/IdentityHubExtension.java @@ -62,7 +62,7 @@ public void start() { @Provider public ScopeToCriterionTransformer createScopeTransformer() { - return new MvdScopeTransformer(List.of("MembershipCredential", "DismantlerCredential", "BpnCredential")); + return new MvdScopeTransformer(List.of("MembershipCredential", "DataProcessorCredential")); } private void seedCredentials(String credentialsSourceDirectory, Monitor monitor) throws IOException { diff --git a/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/MvdScopeTransformer.java b/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/MvdScopeTransformer.java index 274a95ded..5f4fb54f0 100644 --- a/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/MvdScopeTransformer.java +++ b/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/MvdScopeTransformer.java @@ -40,9 +40,9 @@ public Result transform(String scope) { var credentialType = tokens.getContent()[1]; if (!knownCredentialTypes.contains(credentialType)) { - //select based on the credentialSubject.useCaseType property + //select based on the credentialSubject.level property // even though "claims" is a Map, we need to access it using the dot notation. See ReflectionUtil.java - return success(new Criterion("verifiableCredential.credential.credentialSubject.claims.useCaseType", "=", credentialType)); + return success(new Criterion("verifiableCredential.credential.credentialSubject.claims.level", "=", credentialType)); } else { return success(new Criterion(TYPE_OPERAND, CONTAINS_OPERATOR, credentialType)); } diff --git a/launchers/identity-hub/src/test/java/org/eclipse/edc/demo/dcp/JwtSigner.java b/launchers/identity-hub/src/test/java/org/eclipse/edc/demo/dcp/JwtSigner.java index 22b1719c1..9eec6ed5a 100644 --- a/launchers/identity-hub/src/test/java/org/eclipse/edc/demo/dcp/JwtSigner.java +++ b/launchers/identity-hub/src/test/java/org/eclipse/edc/demo/dcp/JwtSigner.java @@ -23,7 +23,11 @@ import com.nimbusds.jwt.SignedJWT; import org.eclipse.edc.keys.keyparsers.PemParser; import org.eclipse.edc.security.token.jwt.CryptoConverter; -import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtensionContext; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.Arguments; +import org.junit.jupiter.params.provider.ArgumentsProvider; +import org.junit.jupiter.params.provider.ArgumentsSource; import java.io.File; import java.io.IOException; @@ -33,6 +37,7 @@ import java.time.Instant; import java.util.Date; import java.util.Map; +import java.util.stream.Stream; import static org.mockito.Mockito.mock; @@ -47,8 +52,10 @@ public class JwtSigner { private final ObjectMapper mapper = new ObjectMapper(); - @Test - void generateJwt() throws JOSEException, IOException { + @SuppressWarnings("unchecked") + @ParameterizedTest + @ArgumentsSource(InputOutputProvider.class) + void generateJwt(String rawCredentialFilePath, File vcResource, String did) throws JOSEException, IOException { var header = new JWSHeader.Builder(JWSAlgorithm.EdDSA) .keyID("did:example:dataspace-issuer#key-1") @@ -56,13 +63,11 @@ void generateJwt() throws JOSEException, IOException { .build(); - //todo: change this to whatever credential JSON you want to sign - var credential = mapper.readValue(new File(System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/consumer/membership_vc.json"), Map.class); + var credential = mapper.readValue(new File(rawCredentialFilePath), Map.class); - //todo: change the claims to suit your needs - JWTClaimsSet claims = new JWTClaimsSet.Builder() - .audience("did:web:bob-identityhub%3A7083:bob") - .subject("did:web:bob-identityhub%3A7083:bob") + var claims = new JWTClaimsSet.Builder() + .audience(did) + .subject(did) .issuer("did:example:dataspace-issuer") .claim("vc", credential) .issueTime(Date.from(Instant.now())) @@ -74,7 +79,11 @@ void generateJwt() throws JOSEException, IOException { var jwt = new SignedJWT(header, claims); jwt.sign(CryptoConverter.createSignerFor(privateKey)); - System.out.println(jwt.serialize()); + // replace the "rawVc" field in the output file + + var content = Files.readString(vcResource.toPath()); + var updatedContent = content.replaceFirst("\"rawVc\":.*,", "\"rawVc\": \"%s\",".formatted(jwt.serialize())); + Files.write(vcResource.toPath(), updatedContent.getBytes()); } private String readFile(String path) { @@ -84,4 +93,47 @@ private String readFile(String path) { throw new RuntimeException(e); } } + + private static class InputOutputProvider implements ArgumentsProvider { + @Override + public Stream provideArguments(ExtensionContext extensionContext) { + return Stream.of( + + // PROVIDER credentials, K8S and local + Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/provider/membership_vc.json", + new File(System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/provider/membership-credential.json"), + "did:web:bob-identityhub%3A7083:bob"), + + Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/provider/dataprocessor_vc.json", + new File(System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/provider/dataprocessor-credential.json"), + "did:web:bob-identityhub%3A7083:bob"), + + Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/provider/unsigned/membership_vc.json", + new File(System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/provider/membership-credential.json"), + "did:web:bob-identityhub%3A7083:bob"), + + Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json", + new File(System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/provider/dataprocessor-credential.json"), + "did:web:bob-identityhub%3A7083:bob"), + + // CONSUMER credentials, K8S and local + Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/consumer/membership_vc.json", + new File(System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/consumer/membership-credential.json"), + "did:web:alice-identityhub%3A7083:alice"), + + Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json", + new File(System.getProperty("user.dir") + "/../../deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json"), + "did:web:alice-identityhub%3A7083:alice"), + + Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/consumer/unsigned/membership_vc.json", + new File(System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/consumer/membership-credential.json"), + "did:web:alice-identityhub%3A7083:alice"), + + Arguments.of(System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json", + new File(System.getProperty("user.dir") + "/../../deployment/assets/credentials/local/consumer/dataprocessor-credential.json"), + "did:web:alice-identityhub%3A7083:alice") + + ); + } + } } diff --git a/tests/end2end/src/test/java/org/eclipse/edc/demo/tests/transfer/TransferEndToEndTest.java b/tests/end2end/src/test/java/org/eclipse/edc/demo/tests/transfer/TransferEndToEndTest.java index 9caa308ab..e683f70c5 100644 --- a/tests/end2end/src/test/java/org/eclipse/edc/demo/tests/transfer/TransferEndToEndTest.java +++ b/tests/end2end/src/test/java/org/eclipse/edc/demo/tests/transfer/TransferEndToEndTest.java @@ -35,6 +35,7 @@ import org.eclipse.edc.transform.spi.TypeTransformerRegistry; import org.eclipse.edc.transform.transformer.edc.to.JsonValueToGenericTypeTransformer; import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.DisplayName; import org.junit.jupiter.api.Test; import java.time.Duration; @@ -62,6 +63,8 @@ public class TransferEndToEndTest { // public API endpoint of the provider-qna connector, goes through the ingress controller private static final String PROVIDER_PUBLIC_URL = "http://127.0.0.1/provider-qna/public"; private static final String PROVIDER_MANAGEMENT_URL = "http://127.0.0.1/provider-qna/cp"; + + private static final Duration TEST_TIMEOUT_DURATION = Duration.ofSeconds(120); private static final Duration TEST_POLL_DELAY = Duration.ofSeconds(2); @@ -95,8 +98,9 @@ public String fromIri(String s) { }).forEach(transformerRegistry::register); } + @DisplayName("Tests a successful End-to-End contract negotiation and data transfer") @Test - void transferData() { + void transferData_hasPermission_shouldTransferData() { System.out.println("Waiting for Provider dataplane to come online"); // wait until provider's dataplane is available await().atMost(TEST_TIMEOUT_DURATION) @@ -247,4 +251,93 @@ void transferData() { assertThat(response).isNotEmpty(); } + + @DisplayName("Tests a failing End-to-End contract negotiation because of an unfulfilled policy") + @Test + void transferData_doesNotHavePermission_shouldTerminate() { + System.out.println("Waiting for Provider dataplane to come online"); + // wait until provider's dataplane is available + await().atMost(TEST_TIMEOUT_DURATION) + .pollDelay(TEST_POLL_DELAY) + .untilAsserted(() -> { + var jp = baseRequest() + .get(PROVIDER_MANAGEMENT_URL + "/api/management/v3/dataplanes") + .then() + .statusCode(200) + .log().ifValidationFails() + .extract().body().jsonPath(); + + var state = jp.getString("state"); + assertThat(state).isEqualTo("[AVAILABLE]"); + }); + + System.out.println("Provider dataplane is online, fetching catalog"); + + var emptyQueryBody = Json.createObjectBuilder() + .add("@context", Json.createObjectBuilder().add("edc", "https://w3id.org/edc/v0.0.1/ns/")) + .add("@type", "QuerySpec") + .build(); + var offerId = new AtomicReference(); + // get catalog, extract offer ID + await().atMost(TEST_TIMEOUT_DURATION) + .pollDelay(TEST_POLL_DELAY) + .untilAsserted(() -> { + var jo = baseRequest() + .body(emptyQueryBody) + .post(CONSUMER_CATALOG_URL + "/api/catalog/v1alpha/catalog/query") + .then() + .log().ifError() + .statusCode(200) + .extract().body().as(JsonArray.class); + + var offerIdsFiltered = jo.stream().map(jv -> { + + var expanded = jsonLd.expand(jv.asJsonObject()).orElseThrow(f -> new AssertionError(f.getFailureDetail())); + var cat = transformerRegistry.transform(expanded, Catalog.class).orElseThrow(f -> new AssertionError(f.getFailureDetail())); + return cat.getDatasets().stream().filter(ds -> ds instanceof Catalog) // filter for CatalogAssets + .map(ds -> (Catalog) ds) + .filter(sc -> sc.getDataServices().stream().anyMatch(dataService -> dataService.getEndpointUrl().contains("provider-qna"))) // filter for assets from the Q&A Provider + .flatMap(c -> c.getDatasets().stream()) + .filter(dataset -> dataset.getId().equals("asset-2")) // we should not be allowed to negotiation for this asset! + .map(Dataset::getOffers) + .map(offers -> offers.keySet().iterator().next()) + .findFirst() + .orElse(null); + }).toList(); + assertThat(offerIdsFiltered).hasSize(1); + var oid = offerIdsFiltered.get(0); + assertThat(oid).isNotNull(); + offerId.set(oid); + }); + + System.out.println("Initiate contract negotiation"); + + // initiate negotiation + var negotiationRequest = TestUtils.getResourceFileContentAsString("negotiation-request.json") + .replace("{{PROVIDER_ID}}", PROVIDER_ID) + .replace("{{PROVIDER_DSP_URL}}", PROVIDER_DSP_URL) + .replace("{{OFFER_ID}}", offerId.get()) + .replaceFirst("\"odrl:rightOperand\": \"processing\"", " \"odrl:rightOperand\": \"sensitive\""); + var negotiationId = baseRequest() + .body(negotiationRequest) + .post(CONSUMER_MANAGEMENT_URL + "/api/management/v3/contractnegotiations") + .then() + .log().ifError() + .statusCode(200) + .extract().body().jsonPath().getString("@id"); + assertThat(negotiationId).isNotNull(); + + //wait until negotiation is TERMINATED + await().atMost(TEST_TIMEOUT_DURATION) + .pollDelay(TEST_POLL_DELAY) + .untilAsserted(() -> { + var jp = baseRequest() + .get(CONSUMER_MANAGEMENT_URL + "/api/management/v3/contractnegotiations/" + negotiationId) + .then() + .statusCode(200) + .extract().body().jsonPath(); + var state = jp.getString("state"); + assertThat(state).isEqualTo("TERMINATED"); + }); + } } diff --git a/tests/end2end/src/test/resources/negotiation-request.json b/tests/end2end/src/test/resources/negotiation-request.json index 97218afc4..79c1ae4eb 100644 --- a/tests/end2end/src/test/resources/negotiation-request.json +++ b/tests/end2end/src/test/resources/negotiation-request.json @@ -19,12 +19,12 @@ }, "odrl:constraint": { "odrl:leftOperand": { - "@id": "FrameworkCredential.pcf" + "@id": "DataAccess.level" }, "odrl:operator": { "@id": "odrl:eq" }, - "odrl:rightOperand": "active" + "odrl:rightOperand": "processing" } }, "target": "asset-1"