Skip to content
This repository has been archived by the owner on Mar 12, 2024. It is now read-only.

Commit

Permalink
Merge pull request #6 from paullatzelsperger/docs/add_basic_flow
Browse files Browse the repository at this point in the history 
docs: add summary cred flow
  • Loading branch information
@paullatzelsperger
paullatzelsperger authored Jun 12, 2023
2 parents d30b883 + e08c6cb commit a3a1add
Show file tree
Hide file tree
Showing 4 changed files with 65 additions and 1 deletion.
8 changes: 8 additions & 0 deletions docs/architecture/cx-3-2/edc/identity.next.implementation.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,3 +105,11 @@ VC structure when the `contract.negotiation` and `transfer.process` scopes are e
interoperability, would be difficult for business analysts to author and read, and is cumbersome to use with Json-Ld
prefixes (i.e. the JSONPath expressions would have to specify properties in expanded form).

# Basic message flow
This diagram shows the proposed message sequence at a coarse level. Please note that this
is only scoped for the 3.2 Release of Tractus-X and is subject to change. It uses the [SummaryCredential](../../../credentials/summary/summary.vc.md), which is a temporary solution.

The JWT must be generated according to [this definition](./identity.next.md#51-self-issued-token-format) upon every request.
The Provider should validate the token format _before_ contacting the MiW.

![summary_flow](../flow.svg)
2 changes: 1 addition & 1 deletion docs/architecture/cx-3-2/edc/identity.next.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ Namely:
- The `iss` and `sub` claims must be equal and set to the bearer's `web:did`.
- The `sub_jwk` claim is not used
- The `aud` set to the BPN of the provider
- The `client_id` set to the BPN of the client
- The `client_id` set to the BPN of the consumer
- The `jti` claim that is used to mitigate against replay attacks
- The `vp` claim must contain at least one Verifiable Presentation that attests the BPN specified in the `client_id`.
- All VPs must be in the format specified by
Expand Down
23 changes: 23 additions & 0 deletions docs/architecture/cx-3-2/flow.puml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
@startuml
participant Consumer as cons
participant Provider as prov
participant "Managed Identity Wallet" as miw

autonumber

cons -> miw++: request VP
return VP

cons -> cons : create and sign JWT

cons -[#blue]>> prov ++: DSP request
note left: contains JWT with\nSummaryCredential\nas VP in header

prov -> prov: extract JWT (VP)
note left: validate JWT before sending
prov -> miw ++ : validate VP
return result

return DSP result (4xx or 2xx)

@enduml
33 changes: 33 additions & 0 deletions docs/architecture/cx-3-2/flow.svg
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit a3a1add

Please sign in to comment.