Getting error while using decentralized-identity extension for iam in version v0.5.1

[MUsman1992]

I have started working on Connector after a long time. I was previously using v0.0.1-milestone-9 tag but now the latest version is v0.5.1. With v0.5.1, when i try to use decentralized-identity extension for identity access management, I am getting this error:

"C:\Program Files\Eclipse Adoptium\jdk-17.0.9.9-hotspot\bin\java.exe" -Dedc.fs.config=data-transfer/consumer/config.properties -Dedc.keystore.password=password -Dedc.keystore=C:\Users\usajid\Desktop\eclipse-edc-connector-v0.5.1\Connector\data-transfer\consumer\vault-filesystemkeystore.jks -Dedc.vault=C:\Users\usajid\Desktop\eclipse-edc-connector-v0.5.1\Connector\data-transfer\consumer\vault-filesystemconfig.properties -Dfile.encoding=UTF-8 -jar C:\Users\usajid\Desktop\eclipse-edc-connector-v0.5.1\Connector\data-transfer\consumer\build\libs\consumer.jar
INFO 2024-03-21T15:45:53.4241654 Initialized FS Configuration
WARNING 2024-03-21T15:45:53.4927287 The runtime is configured as an anonymous participant. DO NOT DO THIS IN PRODUCTION.
SEVERE 2024-03-21T15:45:53.5846526 Error booting runtime: The following injected fields were not provided: Field "identityService" of type [interface org.eclipse.edc.spi.iam.IdentityService] required by org.eclipse.edc.connector.service.ControlPlaneServicesExtension Field "audienceResolver" of type [interface org.eclipse.edc.spi.iam.AudienceResolver] required by org.eclipse.edc.protocol.dsp.DspHttpCoreExtension Field "identityService" of type [interface org.eclipse.edc.spi.iam.IdentityService] required by org.eclipse.edc.protocol.dsp.DspHttpCoreExtension
org.eclipse.edc.spi.system.injection.EdcInjectionException: The following injected fields were not provided:
Field "identityService" of type [interface org.eclipse.edc.spi.iam.IdentityService] required by org.eclipse.edc.connector.service.ControlPlaneServicesExtension
Field "audienceResolver" of type [interface org.eclipse.edc.spi.iam.AudienceResolver] required by org.eclipse.edc.protocol.dsp.DspHttpCoreExtension
Field "identityService" of type [interface org.eclipse.edc.spi.iam.IdentityService] required by org.eclipse.edc.protocol.dsp.DspHttpCoreExtension
	at org.eclipse.edc.boot.system.DependencyGraph.of(DependencyGraph.java:102)
	at org.eclipse.edc.boot.system.ExtensionLoader.loadServiceExtensions(ExtensionLoader.java:119)
	at org.eclipse.edc.boot.system.runtime.BaseRuntime.createExtensions(BaseRuntime.java:149)
	at org.eclipse.edc.boot.system.runtime.BaseRuntime.boot(BaseRuntime.java:199)
	at org.eclipse.edc.boot.system.runtime.BaseRuntime.boot(BaseRuntime.java:83)
	at org.eclipse.edc.boot.system.runtime.BaseRuntime.main(BaseRuntime.java:71)

Process finished with exit code -1

After investigating a little bit, I have found that inside iam folder, all extensions like iam-mock, oauth2 and identity-trust have implementations of IdentityService interface but the decentralized-identity extension has no implementation of this interface. Can anyone guide me how to fix this issue? Also I can see identity-trust extension inside iam folder. Can anyone describe what kind of identity and access management does it provide? By looking at the code, i have realized that it's also based on credentials and DIDs .Can anyone describe with some detail how this extension works? Thanks

[matthiasdg]

I'm not an expert and not involved in the EDC development, but I think I can give you some pointers. There is a move to the Identity and Trust Protocol (IATP) from DWN (Decentralized Web Node):
Some useful links: https://github.com/eclipse-edc/docs/tree/main/developer/decision-records/2023-09-06-identity-trust and https://github.com/eclipse-tractusx/identity-trust/tree/main/specifications as well as https://github.com/eclipse-edc/IdentityHub/tree/main/docs/developer/decision-records/2023-09-27-adoption_of_the_identity_and_trust_protocol.

For me, diagrams like the old https://github.com/eclipse-edc/IdentityHub/tree/main/docs/developer/decision-records/2022-07-01-get-claims vs. the new https://github.com/eclipse-tractusx/identity-trust/blob/main/specifications/verifiable.presentation.protocol.md made it more tangible. The new protocol gives more control to the participants about who can access what verifiable presentation. So the old decentralized-identity-service that also implemented IdentityService is gone and replaced with identity-trust-service. Where before the obtainClientCredentials was passing on the DID so the other party could find the IdentityHub (and if not configured access it without authentication), in the new protocol this will fetch a token from the STS, which serves to access the Credential Service (=IdentityHub; see also https://github.com/eclipse-edc/IdentityHub/blob/main/docs/developer/architecture/identity-trust-protocol/identity.hub.architecture.md) with the proper scope.

What is not yet entirely clear to me, is whether there is already some service issuing the VCs; there used to be this RegistrationService before (though not production-grade), but that was not updated

[paullatzelsperger]

the version you referenced is ancient, so just upgrading to the most recent one will not work. The errors you are seeing are caused by new dependencies being introduced but are not satisfied by your setup.
You probably want to take a look at the MVD, specifically at the mvd-with-iatp.

Also, thanks to @matthiasdg for his comment.

What is not yet entirely clear to me, is whether there is already some service issuing the VCs; there used to be this RegistrationService before (though not production-grade), but that was not updated

no, the issuance protocol is not yet implemented, so you don't have a way to issue VCs now. We are aiming for the second half of this year.

[github-actions]

This issue is stale because it has been open for 14 days with no activity.

[github-actions]

This issue was closed because it has been inactive for 7 days since being marked as stale.