diff --git a/docs/architecture/cx-3-2/edc/identity.next.implementation.md b/docs/architecture/cx-3-2/edc/identity.next.implementation.md index 9c19484..d6f8c7c 100644 --- a/docs/architecture/cx-3-2/edc/identity.next.implementation.md +++ b/docs/architecture/cx-3-2/edc/identity.next.implementation.md @@ -105,3 +105,11 @@ VC structure when the `contract.negotiation` and `transfer.process` scopes are e interoperability, would be difficult for business analysts to author and read, and is cumbersome to use with Json-Ld prefixes (i.e. the JSONPath expressions would have to specify properties in expanded form). +# Basic message flow +This diagram shows the proposed message sequence at a coarse level. Please note that this +is only scoped for the 3.2 Release of Tractus-X and is subject to change. It uses the [SummaryCredential](../../../credentials/summary/summary.vc.md), which is a temporary solution. + +The JWT must be generated according to [this definition](./identity.next.md#51-self-issued-token-format) upon every request. +The Provider should validate the token format _before_ contacting the MiW. + +![summary_flow](../flow.svg) \ No newline at end of file diff --git a/docs/architecture/cx-3-2/edc/identity.next.md b/docs/architecture/cx-3-2/edc/identity.next.md index 36aa0ed..eb79acc 100644 --- a/docs/architecture/cx-3-2/edc/identity.next.md +++ b/docs/architecture/cx-3-2/edc/identity.next.md @@ -66,7 +66,7 @@ Namely: - The `iss` and `sub` claims must be equal and set to the bearer's `web:did`. - The `sub_jwk` claim is not used - The `aud` set to the BPN of the provider -- The `client_id` set to the BPN of the client +- The `client_id` set to the BPN of the consumer - The `jti` claim that is used to mitigate against replay attacks - The `vp` claim must contain at least one Verifiable Presentation that attests the BPN specified in the `client_id`. - All VPs must be in the format specified by diff --git a/docs/architecture/cx-3-2/flow.puml b/docs/architecture/cx-3-2/flow.puml new file mode 100644 index 0000000..dc2283c --- /dev/null +++ b/docs/architecture/cx-3-2/flow.puml @@ -0,0 +1,23 @@ +@startuml +participant Consumer as cons +participant Provider as prov +participant "Managed Identity Wallet" as miw + +autonumber + +cons -> miw++: request VP +return VP + +cons -> cons : create and sign JWT + +cons -[#blue]>> prov ++: DSP request +note left: contains JWT with\nSummaryCredential\nas VP in header + +prov -> prov: extract JWT (VP) +note left: validate JWT before sending +prov -> miw ++ : validate VP +return result + +return DSP result (4xx or 2xx) + +@enduml \ No newline at end of file diff --git a/docs/architecture/cx-3-2/flow.svg b/docs/architecture/cx-3-2/flow.svg new file mode 100644 index 0000000..7807f1b --- /dev/null +++ b/docs/architecture/cx-3-2/flow.svg @@ -0,0 +1,33 @@ +ConsumerConsumerProviderProviderManaged Identity WalletManaged Identity Wallet1request VP2VP3create and sign JWT4DSP requestcontains JWT withSummaryCredentialas VP in header5extract JWT (VP)validate JWT before sending6validate VP7result8DSP result (4xx or 2xx) \ No newline at end of file