diff --git a/docs/architecture/cx-3-2/1. Introduction/Introduction.md b/docs/architecture/cx-3-2/1. Introduction/Introduction.md deleted file mode 100644 index 628ce55..0000000 --- a/docs/architecture/cx-3-2/1. Introduction/Introduction.md +++ /dev/null @@ -1,23 +0,0 @@ -# Overview - -# Goal for Release 3.2 -Cooming soon -# Architecture Overview -Cooming -## Component View -![](/docs/architecture/cx-3-2/src/Images/Minimal_Picture.png) - -## Sequence View - -### Wallet Creation -![Link to pumlfile](../2.%20Managed%20Identity%20Wallet/flows/createWallet.puml) - -### Credential Issuence -![Link to pumlfile](../2.%20Managed%20Identity%20Wallet/flows/issueMembershipVc.puml) - -### Presentation Validation -![Link to pumlfile](../2.%20Managed%20Identity%20Wallet/flows/validateVp.puml) - -# Notes - -* EDC to EDC VP Transfer needs to be documented in the EDC Repo? \ No newline at end of file diff --git a/docs/architecture/cx-3-2/2. Managed Identity Wallet/MiW.md b/docs/architecture/cx-3-2/2. Managed Identity Wallet/MiW.md deleted file mode 100644 index 937aa0f..0000000 --- a/docs/architecture/cx-3-2/2. Managed Identity Wallet/MiW.md +++ /dev/null @@ -1,98 +0,0 @@ -# Managed Identity Wallet - -To align the identity, authentication and data exchange of participants with the open and decentralized concepts within GAIA-X, especially self-sovereign identities, every legal entity associated to a BPNL number should have the possibility to also get a W3C compliant DID (Decentralized Identifier). Due to the lack of production-ready SSI infrastructure and slow adoption on the market, this is in a first step achieved by providing a managed wallet (also called "Custodian") with a private/public key pair and related DID for a legal entity along with the onboarding. This wallet can then be used via the Managed Identity Wallet API by other services or applications such as the Self Description or the EDC to issue and retrieve verifiable credentials and create verifiable presentations on behalf of a certain legal entity as part of governance processes and use cases. - -# EDC used Endpoints - -## Get Credential - -For Fetching an Credential the EDC can use the credentialendpoint -and define the Credential Type he wants to have. The Summary Credential -can only be one time in a User Wallet. - -"/api/credentials?type=['SummaryCredential']" - -## Create Presentation - -"/api/presentations?withAudience=['Audience1','Audience2']+asJwt=true" - -## Validate Presentation - -The Enpoint is called with the presentation in the body - -"/api/presentations/validation?withDateValidation=true" - -# Single Instance View - -![MIW Single Instance View](images/SingleInstanceDomainView.png) - -# Summary VC - -Summary VC Schema Documentation -Introduction -The Summary VC is a temporary credential designed to consolidate a set of individual Catena-X Verifiable Credentials (VCs) into a compact form. It serves the purpose of fitting within HTTP header limits, making it easier to transmit and process the credentials efficiently. This document provides the specifications for the Summary VC schema, outlining its structure and key properties. - -Summary VC Example -Here is an example of a Summary VC in JSON-LD format: - -```json -{ - "@context": [ - "https://w3id.org/2023/tractusx/credentials/summary/v1" - ], - "id": "", - "type": [ - "VerifiableCredential", - "SummaryCredential" - ], - "issuer": "", - "issuanceDate": "2023-06-02T12:00:00Z", - "expirationDate": "2022-06-16T18:56:59Z", - "credentialSubject": { - "id": "", - "holderIdentifier": "", - "type": "SummaryCredential", - "items": [ - "MembershipCredential", - "DismantlerCredential", - "PcfCredential", - "SustainabilityCredential", - "QualityCredential", - "TraceabilityCredential", - "BehaviorTwinCredential", - "BpnCredential" - ], - "contractTemplates": "https://public.catena-x.org/contracts/" - } -} -``` - -## Summary VC Schema Specification -The Summary VC schema is based on the JSON-LD format and consists of the following properties: - -- @context (array of strings): Specifies the context in which the Summary VC is interpreted. In this case, it references the Catena-X Summary VC schema version 1 context. - -- id (string): Represents the unique identifier for the Summary VC. - -- type (array of strings): Indicates the type of the credential. It includes "VerifiableCredential" and "SummaryCredential" to identify the Summary VC. - -- issuer (string): Represents the decentralized identifier (DID) of the entity issuing the Summary VC. - -- issuanceDate (string): Specifies the date and time when the Summary VC was issued, following the ISO 8601 format (e.g., "2023-06-02T12:00:00Z"). - -- expirationDate (string): Represents the date and time when the Summary VC will expire, following the ISO 8601 format. - -- credentialSubject (object): Contains information about the subject of the Summary VC. - -- id (string): Represents the decentralized identifier (DID) of the subject entity associated with the Summary VC. - -- holderIdentifier (string): Provides an identifier (e.g., BPN) for the holder of the Summary VC. - -- type (string): Specifies the type of the credential subject, which is "SummaryCredential" in this case. - -- items (array of strings): Lists the types of individual Catena-X VCs included in the summary. Each item is represented by a string value corresponding to the type of the VC. - -- contractTemplates (string): Indicates the URL pointing to the contract templates associated with the Summary VC. - -Conclusion -The Summary VC schema defines a structure for consolidating multiple Catena-X VCs into a concise format suitable for transmission within HTTP headers. It allows for efficient processing and sharing of credentials while adhering to the limitations imposed by header size restrictions. The example provided demonstrates the key properties and their roles within the schema. \ No newline at end of file diff --git a/docs/architecture/cx-3-2/2. Managed Identity Wallet/api/openapi.json b/docs/architecture/cx-3-2/2. Managed Identity Wallet/api/openapi.json deleted file mode 100644 index f2be567..0000000 --- a/docs/architecture/cx-3-2/2. Managed Identity Wallet/api/openapi.json +++ /dev/null @@ -1,3106 +0,0 @@ -{ - "openapi": "3.0.3", - "info": { - "title": "Managed Identity Wallets API", - "version": "0.0.1", - "description": "Managed Identity Wallets API", - "termsOfService": "https://www.eclipse.org/legal/termsofuse.php", - "contact": { - "name": "Eclipse Tractus-X", - "url": "https://projects.eclipse.org/projects/automotive.tractusx", - "email": "tractusx-dev@eclipse.org" - }, - "license": { - "name": "Apache 2.0", - "url": "https://github.com/eclipse-tractusx/managed-identity-wallets/blob/develop/LICENSE" - } - }, - "servers": [], - "paths": { - "/api/wallets": { - "get": { - "tags": [ - "Wallet Endpoints" - ], - "summary": "List of wallets", - "description": "Permission: **view_wallets**\n\nRetrieve list of registered wallets", - "parameters": [], - "responses": { - "200": { - "description": "List of wallets", - "content": { - "application/json": { - "schema": { - "items": { - "$ref": "#/components/schemas/WalletDto" - }, - "type": "array" - } - } - } - }, - "403": { - "description": "The request could not be completed due to a forbidden access.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "401": { - "description": "The request could not be completed due to a failed authorization.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - } - }, - "deprecated": false - } - }, - "/api/wallet": { - "post": { - "tags": [ - "Wallet Endpoints" - ], - "summary": "Create wallet", - "description": "Permission: **add_wallets**\n\nCreate a wallet and store it ", - "parameters": [], - "requestBody": { - "description": "wallet to create", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/WalletCreateDto" - }, - "examples": { - "demo": { - "value": { - "bpn": "name", - "name": "bpn" - } - } - } - } - }, - "required": true - }, - "responses": { - "201": { - "description": "Wallet was successfully created", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/WalletDto" - }, - "examples": { - "demo": { - "value": { - "name": "name", - "bpn": "bpn", - "did": "did", - "createdAt": "2023-02-13T15:06:06.539270", - "vcs": [] - } - } - } - } - } - }, - "400": { - "description": "The input does not comply to the syntax requirements", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "409": { - "description": "The request could not be completed due to a conflict.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "403": { - "description": "The request could not be completed due to a forbidden access.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "401": { - "description": "The request could not be completed due to a failed authorization.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - } - }, - "deprecated": false - } - }, - "/api/wallet/{identifier}": { - "get": { - "tags": [ - "Wallet Endpoints" - ], - "summary": "Retrieve wallet by identifier", - "description": "Permission: **view_wallets** OR **view_wallet** (The BPN of Wallet to retrieve must equal the BPN of caller)\n\nRetrieve single wallet by identifier, with or without its credentials", - "parameters": [ - { - "name": "identifier", - "in": "path", - "schema": { - "type": "string" - }, - "required": true, - "deprecated": false, - "examples": { - "did": { - "value": "did:example:0123" - }, - "bpn": { - "value": "bpn123" - } - } - }, - { - "name": "withCredentials", - "in": "query", - "schema": { - "type": "boolean" - }, - "required": true, - "deprecated": false, - "examples": { - "withCredentials": { - "value": ["false", "true"] - } - } - } - ], - "responses": { - "200": { - "description": "The wallet", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/WalletDto" - }, - "examples": { - "demo": { - "value": { - "name": "name", - "bpn": "bpn", - "did": "did", - "createdAt": "2023-02-13T15:06:06.539342", - "vcs": [] - } - } - } - } - } - }, - "400": { - "description": "The input does not comply to the syntax requirements", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "404": { - "description": "The required entity does not exists", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "403": { - "description": "The request could not be completed due to a forbidden access.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "401": { - "description": "The request could not be completed due to a failed authorization.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - } - }, - "deprecated": false - } - }, - "/api/wallet/{identifier}/credentials": { - "post": { - "tags": [ - "Wallet Endpoints" - ], - "summary": "Store Verifiable Credential", - "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of wallet to extract credentials from must equal BPN of caller)\n\nStore a verifiable credential in the wallet of the given identifier", - "parameters": [ - { - "name": "identifier", - "in": "path", - "schema": { - "type": "string" - }, - "required": true, - "deprecated": false, - "examples": { - "did": { - "value": "did:exp:123" - }, - "bpn": { - "value": "BPN123" - } - } - } - ], - "requestBody": { - "description": "The verifiable credential to be stored", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/IssuedVerifiableCredentialRequestDto" - }, - "examples": { - "DismantlerCredential": { - "value": { - "id": "http://example.edu/credentials/3732", - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/businessPartnerData" - ], - "issuer": "", - "type": ["VerifiableCredential", "DismantlerCredential"], - "issuanceDate": "2021-06-16T18:56:59Z", - "expirationDate": "2022-06-16T18:56:59Z", - "credentialSubject": { - "id": "", - "holderIdentifier": "", - "allowedVehicleBrands": ["Alfa Romeo", "Alpina", "BMW"] - }, - "proof": { - "type": "JsonWebSignature2020", - "created": "2021-11-13T18:19:39Z", - "verificationMethod": "did:web:issuerKey", - "proofPurpose": "assertionMethod", - "proofValue": "z4YrH995RG8SbmgHG5CLYzAsKfYUSJHSujbJNBqdLKwR6AhWJ8LLAutvg4rJCjGBqvdETEc3gbgJtTBzEQGx9ATbf" - } - } - } - } - } - }, - "required": true - }, - "responses": { - "201": { - "description": "Success message", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/SuccessResponse" - }, - "examples": { - "demo": { - "value": { - "message": "Credential with id http://example.edu/credentials/3732has been successfully stored" - } - } - } - } - } - }, - "422": { - "description": "The input can not be processed due to semantic mismatches", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "404": { - "description": "The required entity does not exists", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "403": { - "description": "The request could not be completed due to a forbidden access.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "401": { - "description": "The request could not be completed due to a failed authorization.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - } - }, - "deprecated": false - } - }, - "/api/didDocuments/{identifier}": { - "get": { - "tags": [ - "DID-Document" - ], - "summary": "Resolve DID Document", - "description": "Resolve the DID document for a given DID or BPN", - "parameters": [ - { - "name": "identifier", - "in": "path", - "schema": { - "type": "string" - }, - "required": true, - "deprecated": false, - "examples": { - "did": { - "value": "did:web:BPN123" - }, - "bpn": { - "value": "BPN123" - } - } - } - ], - "responses": { - "200": { - "description": "The resolved DID Document", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/DidDocumentDto" - }, - "examples": { - "demo": { - "value": { - "@context": [ - "https://www.w3.org/ns/did/v1", - "https://w3id.org/security/suites/ed25519-2020/v1" - ], - "id": "did:web:miwurl.com/BPN123", - "verificationMethod": [ - { - "id": "did:web:miwurl.com#key-0", - "type": "JsonWebKey2020", - "controller": "https://miwurl.com/BPN123", - "publicKeyJwk": { - "kty": "JsonWebKey2020", - "crv": "Ed25519", - "x": "23345436546456456457455644432325" - } - } - ] - } - } - } - } - } - }, - "404": { - "description": "The required entity does not exists", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "400": { - "description": "The input does not comply to the syntax requirements", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - } - }, - "deprecated": false - } - }, - "/api/credentials": { - "get": { - "tags": [ - "VerifiableCredentials" - ], - "summary": "Query Verifiable Credentials", - "description": "Permission: **view_wallets** OR **view_wallet** (The BPN of holderIdentifier must equal BPN of caller)\n\nSearch verifiable credentials with filter criteria", - "parameters": [ - { - "name": "holderIdentifier", - "in": "query", - "schema": { - "type": "string" - }, - "required": false, - "deprecated": false, - "examples": { - "BPN": { - "value": "BPN4567" - } - } - }, - { - "name": "id", - "in": "query", - "schema": { - "type": "string" - }, - "required": false, - "deprecated": false, - "examples": { - "id": { - "value": "Credential UUID" - } - } - }, - { - "name": "issuerIdentifier", - "in": "query", - "schema": { - "type": "string" - }, - "required": false, - "deprecated": false, - "examples": { - "issuer Did": { - "value": "did:example:BPN0123" - }, - "issuer BPN": { - "value": "BPN0123" - } - } - }, - { - "name": "type", - "in": "query", - "schema": { - "type": "array", - "items": { - "type": "string" - } - }, - "required": false, - "deprecated": false, - "examples": { - "membershipCredential": { - "value": ["MembershipCredential"] - }, - "bpnCredential": { - "value": ["BpnCredential"] - }, - "summaryCredential": { - "value": ["SummaryCredential"] - } - } - } - ], - "responses": { - "200": { - "description": "The list of verifiable credentials matching the query, empty if no match found", - "content": { - "application/json": { - "schema": { - "items": { - "$ref": "#/components/schemas/VerifiableCredentialDto" - }, - "type": "array" - } - } - } - }, - "403": { - "description": "The request could not be completed due to a forbidden access.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "401": { - "description": "The request could not be completed due to a failed authorization.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - } - }, - "deprecated": false - }, - "post": { - "tags": [ - "VerifiableCredentials" - ], - "summary": "Issue Verifiable Credential", - "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of the issuer of the Verifiable Credential must equal BPN of caller)\n\nIssue a verifiable credential with a given issuer DID", - "parameters": [], - "requestBody": { - "description": "The verifiable credential input data", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VerifiableCredentialRequestDto" - }, - "examples": { - "Dismantler Credential": { - "value":{ - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/businessPartnerData" - ], - "type": ["VerifiableCredential", "DismantlerCredential"], - "expirationDate": "2022-06-16T18:56:59Z", - "credentialSubject": { - "id": "", - "type": "DismantlerCredential", - "holderIdentifier": "", - "allowedVehicleBrands": ["Alfa Romeo", "Alpina", "BMW"] - } - } - }, - "Membership Credential": { - "value": { - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/businessPartnerData" - ], - "type": ["VerifiableCredential", "DismantlerCredential"], - "expirationDate": "2022-06-16T18:56:59Z", - "credentialSubject": { - "id": "", - "type": "DismantlerCredential", - "holderIdentifier": "", - "allowedVehicleBrands": ["Alfa Romeo", "Alpina", "BMW"] - } - } - } - } - } - }, - "required": true - }, - "responses": { - "201": { - "description": "The created Verifiable Credential", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VerifiableCredentialDto" - }, - "examples": { - "demo": { - "value": { - "id": "UUID", - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/businessPartnerData" - ], - "type": ["VerifiableCredential", "MembershipCredential"], - "issuanceDate": "2021-06-16T18:56:59Z", - "credentialSubject": { - "type":"MembershipCredential", - "holderIdentifier": "bpn", - "memberOf":"Catena-X", - "status":"Active", - "startTime":"2021-06-16T18:56:59Z" - }, - "proof": { - "type": "JsonWebSignature2020", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#key-1", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } - } - } - } - } - }, - "422": { - "description": "The input can not be processed due to semantic mismatches", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "400": { - "description": "The input does not comply to the syntax requirements", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "403": { - "description": "The request could not be completed due to a forbidden access.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "401": { - "description": "The request could not be completed due to a failed authorization.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - } - }, - "deprecated": false - }, - "delete": { - "tags": [ - "VerifiableCredentials" - ], - "summary": "Delete Verifiable Credential by ID", - "description": "Permission: **update_wallet**\n\nDelete a verifiable credential by its ID", - "parameters": [ - { - "name": "id", - "in": "path", - "description": "The ID of the Verifiable Credential to delete", - "schema": { - "type": "string" - }, - "required": true, - "deprecated": false - } - ], - "responses": { - "204": { - "description": "The Verifiable Credential was successfully deleted" - }, - "404": { - "description": "The Verifiable Credential with the specified ID was not found", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "The Verifiable Credential with ID '123' was not found", - "error": true - } - } - } - } - } - }, - "403": { - "description": "The request could not be completed due to a forbidden access.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason - exp. You are not the holder of the VC", - "error": true - } - } - } - } - } - }, - "401": { - "description": "The request could not be completed due to a failed authorization.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - } - }, - "deprecated": false - } - }, - "/api/credentials/issuer": { - "get": { - "tags": [ - "Verifiable Credential - Issuer" - ], - "summary": "Query Verifiable Credentials by Issuer/Holder", - "description": "Permission: **view_wallets** OR **view_wallet** (The BPN of holderIdentifier must equal BPN of caller)\n\nSearch verifiable credentials by issuer DID, holder DID, issuer BPN, or holder BPN", - "parameters": [ - { - "name": "issuerDid", - "in": "query", - "schema": { - "type": "string" - }, - "required": false, - "deprecated": false, - "examples": { - "issuer Did": { - "value": "did:example:BPN0123" - } - } - }, - { - "name": "holderDid", - "in": "query", - "schema": { - "type": "string" - }, - "required": false, - "deprecated": false, - "examples": { - "holder Did": { - "value": "did:example:BPN4567" - } - } - }, - { - "name": "issuerBpn", - "in": "query", - "schema": { - "type": "string" - }, - "required": false, - "deprecated": false, - "examples": { - "issuer BPN": { - "value": "BPN0123" - } - } - }, - { - "name": "holderBpn", - "in": "query", - "schema": { - "type": "string" - }, - "required": false, - "deprecated": false, - "examples": { - "holder BPN": { - "value": "BPN4567" - } - } - } - ], - "responses": { - "200": { - "description": "The list of verifiable credentials matching the query, empty if no match found", - "content": { - "application/json": { - "schema": { - "items": { - "$ref": "#/components/schemas/VerifiableCredentialDto" - }, - "type": "array" - } - } - } - }, - "403": { - "description": "The request could not be completed due to forbidden access.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "401": { - "description": "The request could not be completed due to failed authorization.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - } - }, - "deprecated": false - }, - "post": { - "tags": [ - "Verifiable Credential - Issuer" - ], - "summary": "Issue a Verifiable Credential with base wallet issuer", - "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of base wallet must equal BPN of caller)\n\nIssue a verifiable credential by base wallet", - "parameters": [ - { - "name": "holderDid", - "in": "query", - "schema": { - "type": "string" - }, - "required": true, - "deprecated": false, - "examples": { - "DID": { - "value": "did:web:uri:BPN4567" - } - } - } - ], - "requestBody": { - "description": "The verifiable credential input", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VerifiableCredentialRequestWithoutIssuerDto" - }, - "examples": { - "demo": { - "value": { - "id": "uuid", - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/businessPartnerData" - ], - "type": ["VerifiableCredential", "AnyType"], - "issuanceDate": "2021-06-16T18:56:59Z", - "credentialSubject": { - "any":"subjects" - } - } - } - } - } - }, - "required": true - }, - "responses": { - "201": { - "description": "The created Verifiable Credential", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VerifiableCredentialDto" - }, - "examples": { - "demo": { - "value": { - "id": "did", - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/businessPartnerData" - ], - "type": ["VerifiableCredential", "MembershipCredential"], - "issuanceDate": "2021-06-16T18:56:59Z", - "credentialSubject": { - "type":"MembershipCredential", - "holderIdentifier": "bpn", - "memberOf":"Catena-X", - "status":"Active", - "startTime":"2021-06-16T18:56:59Z" - }, - "proof": { - "type": "JsonWebSignature2020", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#key-1", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } - } - } - } - } - }, - "422": { - "description": "The input can not be processed due to semantic mismatches", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "400": { - "description": "The input does not comply to the syntax requirements", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "403": { - "description": "The request could not be completed due to a forbidden access.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "401": { - "description": "The request could not be completed due to a failed authorization.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - } - }, - "deprecated": false - } - }, - "/api/credentials/issuer/membership": { - "post": { - "tags": [ - "Verifiable Credential - Issuer" - ], - "summary": "Issue a Membership Verifiable Credential with base wallet issuer", - "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of base wallet must equal BPN of caller)\n\nIssue a verifiable credential by base wallet", - "parameters": [], - "requestBody": { - "description": "The bpn of the holders wallet", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CreateMembershipVCDto" - }, - "examples": { - "demo": { - "value": { - "bpn": "bpn" - } - } - } - } - }, - "required": true - }, - "responses": { - "201": { - "description": "The created Verifiable Credential", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VerifiableCredentialDto" - }, - "examples": { - "demo": { - "value": { - "id": "UUID", - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/businessPartnerData" - ], - "type": ["VerifiableCredential", "MembershipCredential"], - "issuanceDate": "2021-06-16T18:56:59Z", - "credentialSubject": { - "type":"MembershipCredential", - "holderIdentifier": "bpn", - "memberOf":"Catena-X", - "status":"Active", - "startTime":"2021-06-16T18:56:59Z" - }, - "proof": { - "type": "JsonWebSignature2020", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:web:miw.de/bpn0000000000#key-0", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } - } - } - } - } - }, - "422": { - "description": "The input can not be processed due to semantic mismatches", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "400": { - "description": "The input does not comply to the syntax requirements", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "403": { - "description": "The request could not be completed due to a forbidden access.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "401": { - "description": "The request could not be completed due to a failed authorization.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - } - }, - "deprecated": false - } - }, - "/api/credentials/issuer/framework": { - "post": { - "tags": [ - "Verifiable Credential - Issuer" - ], - "summary": "Issue a Use Case Verifiable Credential with base wallet issuer", - "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of base wallet must equal BPN of caller)\n\nIssue a verifiable credential by base wallet", - "parameters": [], - "requestBody": { - "description": "The bpn of the holders wallet", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CreateMembershipVCDto" - }, - "examples": { - "Tracability": { - "value": { - "bpn": "bpn", - "type": "TraceabilityCredential", - "contractTemplate": "https://public.catena-x.org/contracts/traceabilty.v1.pdf", - "contractVersion": "1.0.0" - } - } - } - } - }, - "required": true - }, - "responses": { - "201": { - "description": "The created Verifiable Credential", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VerifiableCredentialDto" - }, - "examples": { - "Behavior Twin Use Case Credential": { - "value": { - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1", - "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/UseCaseVC" - ], - "id": "https://public.catena-x.org/contracts/behavior_twin.v1.pdf", - "issuer": "", - "type": ["VerifiableCredential", "UseCaseFrameworkCondition"], - "issuanceDate": "somedate", - "credentialSubject": { - "id": "", - "holderIdentifier": "BPN", - "usecase-agreement": { - "type": "BehaviorTwinCredential", - "contractTemplate": "https://public.catena-x.org/contracts/behavior_twin.v1.pdf", - "contractVersion": "1.0.0" - } - }, - "proof": { - "type": "JsonWebSignature2020", - "created": "2021-11-13T18:19:39Z", - "verificationMethod": "did:web:myKey#key-0", - "proofPurpose": "assertionMethod", - "proofValue": "z4YrH995RG8SbmgHG5CLYzAsKfYUSJHSujbJNBqdLKwR6AhWJ8LLAutvg4rJCjGBqvdETEc3gbgJtTBzEQGx9ATbf" - } - } - }, - "Trace Use Case Credential": { - "value": { - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1", - "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/UseCaseVC" - ], - "id": "https://public.catena-x.org/contracts/traceabilty.v1.pdf", - "issuer": "", - "type": ["VerifiableCredential", "Use_Case_Framework_Condition"], - "holder": "BPN of holder", - "validFrom": "1684301310", - "validUntil": "1734409682", - "credentialSubject": { - "id": "", - "usecase-agreement": { - "type": "TraceabilityCredential", - "contract-template": "https://public.catena-x.org/contracts/traceabilty.v1.pdf", - "contract-version": "1.0.0" - } - }, - "proof": { - "type": "JsonWebSignature2020", - "created": "2021-11-13T18:19:39Z", - "verificationMethod": "did:web:myKey", - "proofPurpose": "assertionMethod", - "proofValue": "z4YrH995RG8SbmgHG5CLYzAsKfYUSJHSujbJNBqdLKwR6AhWJ8LLAutvg4rJCjGBqvdETEc3gbgJtTBzEQGx9ATbf" - } - } - }, - "Quality Use Case Credential":{ - "value": { - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1", - "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/UseCaseVC" - ], - "id": "https://public.catena-x.org/contracts/quality.v1.pdf", - "issuer": "", - "type": ["VerifiableCredential", "Use_Case_Framework_Condition"], - "holder": "BPN of holder", - "validFrom": "1684301310", - "validUntil": "1734409682", - "credentialSubject": { - "id": "", - "usecase-agreement": { - "type": "QualityCredential", - "contract-template": "https://public.catena-x.org/contracts/quality.v1.pdf", - "contract-version": "1.0.0" - } - }, - "proof": { - "type": "JsonWebSignature2020", - "created": "2021-11-13T18:19:39Z", - "verificationMethod": "did:web:myKey", - "proofPurpose": "assertionMethod", - "proofValue": "z4YrH995RG8SbmgHG5CLYzAsKfYUSJHSujbJNBqdLKwR6AhWJ8LLAutvg4rJCjGBqvdETEc3gbgJtTBzEQGx9ATbf" - } - } - }, - "PCF Use Case Credential":{ - "value": { - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1", - "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/UseCaseVC" - ], - "id": "https://public.catena-x.org/contracts/quality.v1.pdf", - "issuer": "", - "type": ["VerifiableCredential", ""], - "holder": "BPN of holder", - "validFrom": "1684301310", - "validUntil": "1734409682", - "credentialSubject": { - "id": "", - "usecase-agreement": { - "value": "", - "type": "", - "contract-template": "", - "contract-version": "1.0.0" - } - }, - "proof": { - "type": "JsonWebSignature2020", - "created": "2021-11-13T18:19:39Z", - "verificationMethod": "did:web:myKey", - "proofPurpose": "assertionMethod", - "proofValue": "z4YrH995RG8SbmgHG5CLYzAsKfYUSJHSujbJNBqdLKwR6AhWJ8LLAutvg4rJCjGBqvdETEc3gbgJtTBzEQGx9ATbf" - } - } - }, - "Access to PCR Use Case Credential":{ - "value": { - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1", - "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/UseCaseVC" - ], - "id": "https://public.catena-x.org/contracts/quality.v1.pdf", - "issuer": "", - "type": ["VerifiableCredential", ""], - "holder": "BPN of holder", - "validFrom": "1684301310", - "validUntil": "1734409682", - "credentialSubject": { - "id": "", - "usecase-agreement": { - "value": "", - "type": "", - "contract-template": "", - "contract-version": "1.0.0" - } - }, - "proof": { - "type": "JsonWebSignature2020", - "created": "2021-11-13T18:19:39Z", - "verificationMethod": "did:web:myKey", - "proofPurpose": "assertionMethod", - "proofValue": "z4YrH995RG8SbmgHG5CLYzAsKfYUSJHSujbJNBqdLKwR6AhWJ8LLAutvg4rJCjGBqvdETEc3gbgJtTBzEQGx9ATbf" - } - } - } - } - - } - } - }, - "422": { - "description": "The input can not be processed due to semantic mismatches", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "400": { - "description": "The input does not comply to the syntax requirements", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "403": { - "description": "The request could not be completed due to a forbidden access.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "401": { - "description": "The request could not be completed due to a failed authorization.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - } - }, - "deprecated": false - } - }, - "/api/credentials/issuer/dismantler": { - "post": { - "tags": [ - "Verifiable Credential - Issuer" - ], - "summary": "Issue a Use Case Verifiable Credential with base wallet issuer", - "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of base wallet must equal BPN of caller)\n\nIssue a verifiable credential by base wallet", - "parameters": [], - "requestBody": { - "description": "The bpn of the holders wallet", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CreateDismantlerVCDto" - }, - "examples": { - "Dismantler": { - "value": { - "bpn": "bpn", - "activityType": "vehicleDismantle", - "allowedVehicleBrands": ["Alfa Romeo", "Alpina", "..."] - } - } - } - } - }, - "required": true - }, - "responses": { - "201": { - "description": "The created Verifiable Credential", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VerifiableCredentialDto" - }, - "examples": { - "UseCase Agreement": { - "value": { - "id": "http://example.edu/credentials/3732", - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1" - ], - "type": [ - "MembershipCredential, VerifiableCredential" - ], - "issuer": "did:web:miw.de/bpn0000000000", - "issuanceDate": "2021-06-16T18:56:59Z", - "credentialSubject": { - "type":"MembershipCredential", - "memberOf": "Catena-X", - "status":"Active", - "startTime":"2021-06-16T18:56:59Z" - }, - "holderIdentifier": "bpn", - "proof": { - "type": "JsonWebSignature2020", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:web:miw.de/bpn0000000000#key-0", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } - }, - "SomeOtherCredential": { - "value": { - "id": "http://example.edu/credentials/3732", - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1" - ], - "type": [ - "MembershipCredential, VerifiableCredential" - ], - "issuer": "did:web:miw.de/bpn0000000000", - "issuanceDate": "2021-06-16T18:56:59Z", - "credentialSubject": { - "type":"MembershipCredential", - "memberOf": "Catena-X", - "status":"Active", - "startTime":"2021-06-16T18:56:59Z" - }, - "holderIdentifier": "bpn", - "proof": { - "type": "JsonWebSignature2020", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:web:miw.de/bpn0000000000#key-0", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } - } - } - } - } - }, - "422": { - "description": "The input can not be processed due to semantic mismatches", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "400": { - "description": "The input does not comply to the syntax requirements", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "403": { - "description": "The request could not be completed due to a forbidden access.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "401": { - "description": "The request could not be completed due to a failed authorization.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - } - }, - "deprecated": false - } - }, - "/api/credentials/validation": { - "post": { - "tags": [ - "Verifiable Credential - Validation" - ], - "summary": "Validate Verifiable Credential", - "description": "Permission: **view_wallets** OR **view_wallet**\n\nValidate Verifiable Credentials", - "parameters": [ - { - "name": "withDateValidation", - "in": "query", - "schema": { - "type": "boolean", - "default": false, - "nullable": true - }, - "required": false, - "deprecated": false, - "examples": { - "withDateValidation": { - "value": "false" - } - } - }, - { - "name": "withRevocationValidation", - "in": "query", - "schema": { - "type": "boolean", - "default": true - }, - "required": false, - "deprecated": false, - "examples": { - "withRevocationValidation": { - "value": "false" - } - } - } - ], - "requestBody": { - "description": "The verifiable credential to validate", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VerifiableCredentialDto" - }, - "examples": { - "demo": { - "value": { - "id": "http://example.edu/credentials/3732", - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1" - ], - "type": [ - "University-Degree-Credential, VerifiableCredential" - ], - "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "issuanceDate": "2019-06-16T18:56:59Z", - "expirationDate": "2019-06-17T18:56:59Z", - "credentialSubject": { - "college": "Test-University" - }, - "proof": { - "type": "JsonWebSignature2020", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#key-1", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } - } - } - } - } - }, - "responses": { - "200": { - "description": "The verification value", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VerifyResponse" - }, - "examples": { - "demo": { - "value": { - "valid": true, - "vp": { - "@context": [ - "https://www.w3.org/2018/credentials/v1" - ], - "type": [ - "VerifiablePresentation" - ], - "holder": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "verifiableCredential": [ - { - "id": "http://example.edu/credentials/3732", - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1" - ], - "type": [ - "University-Degree-Credential, VerifiableCredential" - ], - "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "issuanceDate": "2019-06-16T18:56:59Z", - "expirationDate": "2019-06-17T18:56:59Z", - "credentialSubject": { - "college": "Test-University" - }, - "proof": { - "type": "JsonWebSignature2020", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#key-1", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } - ], - "proof": { - "type": "JsonWebSignature2020", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#key-1", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } - } - } - } - } - } - }, - "422": { - "description": "The input can not be processed due to semantic mismatches", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "400": { - "description": "The input does not comply to the syntax requirements", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "403": { - "description": "The request could not be completed due to a forbidden access.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "401": { - "description": "The request could not be completed due to a failed authorization.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - } - }, - "deprecated": false - } - }, - "/api/presentations": { - "post": { - "tags": [ - "Verifiable Presentation - Generation" - ], - "summary": "Create Verifiable Presentation", - "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of the issuer of the Verifiable Presentation must equal to BPN of caller)\n\nCreate a verifiable presentation from a list of verifiable credentials, signed by the holder", - "parameters": [ - { - "name": "withAudience", - "in": "query", - "schema": { - "type": "array", - "items": { - "type": "string" - } - }, - "required": false, - "deprecated": false, - "examples": { - "audiences": { - "value": ["audience1", "audience2"] - } - } - }, - { - "name": "asJwt", - "in": "query", - "schema": { - "type": "boolean", - "default": true - }, - "required": false, - "deprecated": false, - "examples": { - "asJwt": { - "value": "false" - } - } - }, - { - "name": "withCredentialsDateValidation", - "in": "query", - "schema": { - "type": "boolean", - "default": true - }, - "required": false, - "deprecated": false, - "examples": { - "withCredentialsDateValidation": { - "value": "false" - } - } - }, - { - "name": "withCredentialsValidation", - "in": "query", - "schema": { - "type": "boolean", - "default": true - }, - "required": false, - "deprecated": false, - "examples": { - "withCredentialsValidation": { - "value": "false" - } - } - }, - { - "name": "withRevocationValidation", - "in": "query", - "schema": { - "type": "boolean", - "default": true - }, - "required": false, - "deprecated": false, - "examples": { - "withRevocationValidation": { - "value": "false" - } - } - } - ], - "requestBody": { - "description": "The verifiable presentation input data", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VerifiablePresentationRequestDto" - }, - "examples": { - "demo": { - "value": { - "holderIdentifier": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "verifiableCredentials": [ - { - "id": "http://example.edu/credentials/333", - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1" - ], - "type": [ - "University-Degree-Credential, VerifiableCredential" - ], - "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "issuanceDate": "2019-06-16T18:56:59Z", - "expirationDate": "2019-06-17T18:56:59Z", - "credentialSubject": { - "college": "Test-University" - }, - "proof": { - "type": "JsonWebSignature2020", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#keys-1", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } - ] - } - } - } - } - }, - "required": true - }, - "responses": { - "201": { - "description": "The created verifiable presentation", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VerifiablePresentationDto" - }, - "examples": { - "demo": { - "value": { - "@context": [ - "https://www.w3.org/2018/credentials/v1" - ], - "type": [ - "VerifiablePresentation" - ], - "holder": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "verifiableCredential": [ - { - "id": "http://example.edu/credentials/3732", - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1" - ], - "type": [ - "University-Degree-Credential, VerifiableCredential" - ], - "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "issuanceDate": "2019-06-16T18:56:59Z", - "expirationDate": "2019-06-17T18:56:59Z", - "credentialSubject": { - "college": "Test-University" - }, - "proof": { - "type": "JsonWebSignature2020", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#key-1", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } - ], - "proof": { - "type": "JsonWebSignature2020", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#key-1", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } - } - } - } - } - }, - "422": { - "description": "The input can not be processed due to semantic mismatches", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "403": { - "description": "The request could not be completed due to a forbidden access.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "401": { - "description": "The request could not be completed due to a failed authorization.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - } - }, - "deprecated": false - } - }, - "/api/presentations/validation": { - "post": { - "tags": [ - "Verifiable Presentation - Validation" - ], - "summary": "Validate Verifiable Presentation", - "description": "Permission: **view_wallets** OR **view_wallet**\n\nValidate Verifiable Presentation with all included credentials", - "parameters": [ - { - "name": "withDateValidation", - "in": "query", - "schema": { - "type": "boolean", - "default": false, - "nullable": true - }, - "required": false, - "deprecated": false, - "examples": { - "withDateValidation": { - "value": "false" - } - } - } - ], - "requestBody": { - "description": "The verifiable presentation to validate", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VerifiablePresentationDto" - }, - "examples": { - "demo": { - "value": { - "@context": [ - "https://www.w3.org/2018/credentials/v1" - ], - "type": [ - "VerifiablePresentation" - ], - "holder": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "verifiableCredential": [ - { - "id": "http://example.edu/credentials/3732", - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1" - ], - "type": [ - "University-Degree-Credential, VerifiableCredential" - ], - "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "issuanceDate": "2019-06-16T18:56:59Z", - "expirationDate": "2019-06-17T18:56:59Z", - "credentialSubject": { - "college": "Test-University" - }, - "proof": { - "type": "JsonWebSignature2020", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#key-1", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } - ], - "proof": { - "type": "JsonWebSignature2020", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#key-1", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } - } - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "The verification value", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VerifyResponse" - }, - "examples": { - "demo": { - "value": { - "valid": true, - "vp": { - "@context": [ - "https://www.w3.org/2018/credentials/v1" - ], - "type": [ - "VerifiablePresentation" - ], - "holder": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "verifiableCredential": [ - { - "id": "http://example.edu/credentials/3732", - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1" - ], - "type": [ - "University-Degree-Credential, VerifiableCredential" - ], - "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "issuanceDate": "2019-06-16T18:56:59Z", - "expirationDate": "2019-06-17T18:56:59Z", - "credentialSubject": { - "college": "Test-University" - }, - "proof": { - "type": "JsonWebSignature2020", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#key-1", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } - ], - "proof": { - "type": "JsonWebSignature2020", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#key-1", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } - } - } - } - } - } - }, - "422": { - "description": "The input can not be processed due to semantic mismatches", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "400": { - "description": "The input does not comply to the syntax requirements", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "403": { - "description": "The request could not be completed due to a forbidden access.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "401": { - "description": "The request could not be completed due to a failed authorization.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - } - }, - "deprecated": false - } - } - }, - "components": { - "schemas": { - "WalletDto": { - "properties": { - "bpn": { - "type": "string" - }, - "createdAt": { - "$ref": "#/components/schemas/LocalDateTime" - }, - "did": { - "type": "string" - }, - "name": { - "type": "string" - }, - "vcs": { - "items": { - "$ref": "#/components/schemas/VerifiableCredentialDto" - }, - "type": "array" - } - }, - "required": [ - "name", - "bpn", - "did", - "createdAt", - "vcs" - ], - "type": "object" - }, - "VerifiableCredentialDto": { - "properties": { - "@context": { - "items": { - "type": "string" - }, - "type": "array" - }, - "credentialSubject": { - "additionalProperties": { - "$ref": "#/components/schemas/Any" - }, - "type": "object" - }, - "expirationDate": { - "type": "string", - "nullable": true - }, - "id": { - "type": "string", - "nullable": true - }, - "issuanceDate": { - "type": "string" - }, - "issuer": { - "type": "string" - }, - "proof": { - "$ref": "#/components/schemas/LdProofDto" - }, - "type": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "@context", - "type", - "issuer", - "issuanceDate", - "credentialSubject" - ], - "type": "object" - }, - "LdProofDto": { - "type": "object", - "properties": { - "type": { - "type": "string", - "example": "JsonWebSignature2020" - }, - "created": { - "type": "string", - "example": "2019-12-11T03:50:55Z" - }, - "proofValue": { - "type": "string", - "example": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..MJ5GwWRMsadCyLNXU_flgJtsS32584MydBxBuygps_cM0sbU3abTEOMyUvmLNcKOwOBE1MfDoB1_YY425W3sAg", - "nullable": true - }, - "proofPurpose": { - "type": "string", - "example": "assertionMethod", - "nullable": true - }, - "verificationMethod": { - "type": "string", - "example": "did:example:123#_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A" - } - }, - "required": ["type", "created", "verificationMethod"], - "example": { - "type": "JsonWebSignature2020", - "created": "2019-12-11T03:50:55Z", - "proofValue": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..MJ5GwWRMsadCyLNXU_flgJtsS32584MydBxBuygps_cM0sbU3abTEOMyUvmLNcKOwOBE1MfDoB1_YY425W3sAg", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:example:123#_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A" - } - }, - "ExceptionResponse": { - "properties": { - "error": { - "type": "boolean" - }, - "message": { - "type": "string" - } - }, - "required": [ - "message" - ], - "type": "object" - }, - "WalletCreateDto": { - "properties": { - "bpn": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "required": [ - "bpn", - "name" - ], - "type": "object" - }, - "CreateMembershipVCDto": { - "properties": { - "bpn": { - "type": "string" - } - }, - "required": [ - "bpn" - ], - "type": "object" - }, - "CreateDismantlerVCDto": { - "properties": { - "bpn": { - "type": "string" - }, - "allowedVehicleBrands": { - "type": "array" - } - }, - "required": [ - "bpn", - "activityType", - "allowedVehicleBrands", - "validWorkingArea", - "validWorkingCountry" - ], - "type": "object" - }, - "SuccessResponse": { - "properties": { - "message": { - "type": "string" - } - }, - "required": [ - "message" - ], - "type": "object" - }, - "IssuedVerifiableCredentialRequestDto": { - "properties": { - "@context": { - "items": { - "type": "string" - }, - "type": "array" - }, - "CredentialStatus": { - }, - "credentialSubject": { - "additionalProperties": { - "$ref": "#/components/schemas/Any" - }, - "type": "object" - }, - "expirationDate": { - "type": "string", - "nullable": true - }, - "id": { - "type": "string", - "nullable": true - }, - "issuanceDate": { - "type": "string" - }, - "issuer": { - "type": "string" - }, - "proof": { - "$ref": "#/components/schemas/LdProofDto" - }, - "type": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "@context", - "type", - "issuer", - "issuanceDate", - "credentialSubject", - "proof" - ], - "type": "object" - }, - "DidDocumentDto": { - "properties": { - "alsoKnownAs": { - "type": "string", - "nullable": true - }, - "assertionMethodVerificationMethods": { - "items": { - "$ref": "#/components/schemas/Any" - }, - "type": "array" - }, - "authenticationVerificationMethods": { - "items": { - "$ref": "#/components/schemas/Any" - }, - "type": "array" - }, - "capabilityDelegationVerificationMethods": { - "items": { - "$ref": "#/components/schemas/Any" - }, - "type": "array" - }, - "capabilityInvocationVerificationMethods": { - "items": { - "$ref": "#/components/schemas/Any" - }, - "type": "array" - }, - "context": { - "items": { - "type": "string" - }, - "type": "array" - }, - "controller": { - "$ref": "#/components/schemas/Short" - }, - "id": { - "type": "string" - }, - "keyAgreementVerificationMethods": { - "items": { - "$ref": "#/components/schemas/Any" - }, - "type": "array" - }, - "services": { - "items": { - }, - "type": "array" - }, - "verificationMethods": { - "items": { - "$ref": "#/components/schemas/DidVerificationMethodDto" - }, - "type": "array" - } - }, - "required": [ - "id", - "context" - ], - "type": "object" - }, - "DidVerificationMethodDto": { - "type": "object", - "properties": { - "controller": { - "type": "string" - }, - "id": { - "type": "string" - }, - "publicKeyJwk": { - "type": "object", - "properties": { - "kty": { - "type": "string" - }, - "crv": { - "type": "string" - }, - "x": { - "type": "string" - } - }, - "required": ["kty", "crv", "x"], - "example": { - "kty": "OKP", - "crv": "Ed25519", - "x": "VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ" - } - }, - "type": { - "type": "string", - "enum": ["JsonWebKey2020"] - } - }, - "required": ["id", "type", "controller"], - "example": { - "@context": ["https://www.w3.org/ns/did/v1", "https://w3id.org/security/suites/jws-2020/v1"], - "id": "did:example:123", - "publicKey": [ - { - "id": "did:example:123#_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A", - "type": "JsonWebKey2020", - "controller": "did:example:123", - "publicKeyJwk": { - "kty": "OKP", - "crv": "Ed25519", - "x": "VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ" - } - } - ] - } - }, - "VerifiableCredentialRequestDto": { - "properties": { - "@context": { - "items": { - "type": "string" - }, - "type": "array" - }, - "credentialSubject": { - "additionalProperties": { - "$ref": "#/components/schemas/Any" - }, - "type": "object" - }, - "expirationDate": { - "type": "string", - "nullable": true - }, - "holderIdentifier": { - "type": "string", - "nullable": true - }, - "id": { - "type": "string", - "nullable": true - }, - "isRevocable": { - "type": "boolean" - }, - "issuanceDate": { - "type": "string", - "nullable": true - }, - "issuerIdentifier": { - "type": "string" - }, - "type": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "@context", - "type", - "issuerIdentifier", - "issuanceDate", - "credentialSubject" - ], - "type": "object" - }, - "VerifiableCredentialRequestWithoutIssuerDto": { - "properties": { - "@context": { - "items": { - "type": "string" - }, - "type": "array" - }, - "credentialSubject": { - "additionalProperties": { - "$ref": "#/components/schemas/Any" - }, - "type": "object" - }, - "expirationDate": { - "type": "string", - "nullable": true - }, - "holderIdentifier": { - "type": "string" - }, - "id": { - "type": "string", - "nullable": true - }, - "isRevocable": { - "type": "boolean" - }, - "issuanceDate": { - "type": "string", - "nullable": true - }, - "type": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "@context", - "type", - "issuanceDate", - "credentialSubject", - "holderIdentifier" - ], - "type": "object" - }, - "VerifiablePresentationRequestDto": { - "properties": { - "holderIdentifier": { - "type": "string" - }, - "verifiableCredentials": { - "items": { - "$ref": "#/components/schemas/VerifiableCredentialDto" - }, - "type": "array" - } - }, - "required": [ - "holderIdentifier", - "verifiableCredentials" - ], - "type": "object" - }, - "VerifiablePresentationDto": { - "properties": { - "@context": { - "items": { - "type": "string" - }, - "type": "array" - }, - "holder": { - "type": "string", - "nullable": true - }, - "id": { - "type": "string", - "nullable": true - }, - "proof": { - "$ref": "#/components/schemas/LdProofDto" - }, - "type": { - "items": { - "type": "string" - }, - "type": "array" - }, - "verifiableCredential": { - "items": { - "$ref": "#/components/schemas/VerifiableCredentialDto" - }, - "type": "array" - } - }, - "required": [ - "@context", - "type" - ], - "type": "object" - }, - "VerifyResponse": { - "properties": { - "error": { - "type": "string", - "nullable": true - }, - "valid": { - "type": "boolean" - }, - "vp": { - "$ref": "#/components/schemas/VerifiablePresentationDto" - } - }, - "required": [ - "valid" - ], - "type": "object" - }, - "LocalDateTime": { - "properties": { - "date": { - "$ref": "#/components/schemas/LocalDate" - }, - "time": { - "$ref": "#/components/schemas/LocalTime" - } - }, - "type": "object" - }, - "LocalDate": { - "properties": { - "year": { - "format": "int32", - "type": "integer" - }, - "month": { - "$ref": "#/components/schemas/Short" - }, - "day": { - "$ref": "#/components/schemas/Short" - } - }, - "type": "object" - }, - "Short": { - "properties": {}, - "type": "object" - }, - "LocalTime": { - "properties": { - "hour": { - "$ref": "#/components/schemas/Short" - }, - "minute": { - "$ref": "#/components/schemas/Short" - }, - "second": { - "$ref": "#/components/schemas/Short" - }, - "nano": { - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "Byte": { - "properties": {}, - "type": "object" - }, - "Any": { - "properties": {}, - "type": "object" - } - }, - "securitySchemes": { - "auth-token": { - "bearerFormat": "JWT", - "type": "http", - "scheme": "bearer" - } - } - }, - "security": [], - "tags": [] -} \ No newline at end of file diff --git a/docs/architecture/cx-3-2/2. Managed Identity Wallet/flows/createWallet.puml b/docs/architecture/cx-3-2/2. Managed Identity Wallet/flows/createWallet.puml deleted file mode 100644 index 47f456c..0000000 --- a/docs/architecture/cx-3-2/2. Managed Identity Wallet/flows/createWallet.puml +++ /dev/null @@ -1,41 +0,0 @@ -@startuml -title Create Wallet - -actor User as user - -participant PortalIDP as keycloak -participant ManagedIdentityWallet as MIW - -box "Get Accesstoken" - user -> keycloak: Get AccessToken - keycloak --> user: AccessToken -end box - -group "Create Wallet" - box "Create Wallet" - user -> MIW: "/api/wallet" with BPN and Name - group "Wallet Creation" - MIW -> MIW: Create Database entry - MIW -> MIW: Create Private and Public Key - MIW -> MIW: Store Private Key AES encrypted in DB - MIW -> MIW: Create DID:web Document - MIW -> MIW: Store DID-Document - end group - group "BPN Credential" - MIW -> MIW: Create BPN Credential - MIW -> MIW: Sign JSON-LD BPN Credential with issuer private key (Private Key of Issuer Wallet) - MIW -> MIW: Store BPN Credential - end group - group "Summary Credential" - MIW -> MIW: Access User Wallet - MIW -> MIW: Check if Summary Credential is already Created - MIW -> MIW: Check BPN Credential is not already in Summary Credential - MIW -> MIW: Create Summary Credential with BPN - MIW -> MIW: Store Summary Credential in Issuer Wallet - MIW -> MIW: Store Summary Credential in Holder Wallet - end group - MIW --> user: Return Wallet - end box -end group - -@enduml diff --git a/docs/architecture/cx-3-2/2. Managed Identity Wallet/flows/fetchSummaryVp.puml b/docs/architecture/cx-3-2/2. Managed Identity Wallet/flows/fetchSummaryVp.puml deleted file mode 100644 index 29ae6a4..0000000 --- a/docs/architecture/cx-3-2/2. Managed Identity Wallet/flows/fetchSummaryVp.puml +++ /dev/null @@ -1,27 +0,0 @@ -@startuml -title Fetch SummaryVP - -actor User as User - -participant PortalIDP as keycloak -participant ManagedIdentityWallet as MIW - -box "Get Accesstoken" - User -> keycloak: Get AccessToken - keycloak --> User: AccessToken -end box - -group "Get Summary VP" - group "Get Summary Credential" - User -> MIW: "/api/credentials?type=['SummaryCredential']" - MIW -> MIW: Lookup Credential in Wallet with Type - MIW --> User: Return Credential(s) with Type - end group - group "Create Summary Presentation" - User -> MIW: "/api/presentations?withAudience=['Audience1','Audience2']+asJwt=true" - MIW -> MIW: Issue VP with Audience as JWT - MIW --> User: Return signed Presentation - end group -end group - -@enduml \ No newline at end of file diff --git a/docs/architecture/cx-3-2/2. Managed Identity Wallet/flows/issueDismantlerVc.puml b/docs/architecture/cx-3-2/2. Managed Identity Wallet/flows/issueDismantlerVc.puml deleted file mode 100644 index 758bf1d..0000000 --- a/docs/architecture/cx-3-2/2. Managed Identity Wallet/flows/issueDismantlerVc.puml +++ /dev/null @@ -1,34 +0,0 @@ -@startuml -title Issue Dismantler Credential - -actor User as User - -participant PortalIDP as keycloak -participant ManagedIdentityWallet as MIW - -box "Get Accesstoken" - User -> keycloak: Get AccessToken - keycloak --> User: AccessToken -end box - -group "Issue Dismantler Credential" - User -> MIW: "/api/credentials/issuer/dismantler" with bpn, activityType, allowedVehicleBrands - group "Create Dismantler Credential" - MIW -> MIW: Create Dismantler Credential - MIW -> MIW: Sign JSON-LD Dismantler Credential with issuer private key (Private Key of Issuer Wallet) - MIW -> MIW: Store Credential in Issuer Wallet - MIW -> MIW: Store Credential in Holder Wallet - end group - group "Summary Credential" - MIW -> MIW: Access User Wallet - MIW -> MIW: Check if Summary Credential is already Created - MIW -> MIW: Check Dismantler Credential is not already in Summary Credential - MIW -> MIW: Delete Summary Credential in User Wallet - MIW -> MIW: Create Summary Credential with Dismantler added - MIW -> MIW: Store Summary Credential in Issuer Wallet - MIW -> MIW: Store Summary Credential in Holder Wallet - end group - MIW --> User: Return signed Dismantler Credential -end group - -@enduml \ No newline at end of file diff --git a/docs/architecture/cx-3-2/2. Managed Identity Wallet/flows/issueMembershipVc.puml b/docs/architecture/cx-3-2/2. Managed Identity Wallet/flows/issueMembershipVc.puml deleted file mode 100644 index a1d6178..0000000 --- a/docs/architecture/cx-3-2/2. Managed Identity Wallet/flows/issueMembershipVc.puml +++ /dev/null @@ -1,34 +0,0 @@ -@startuml -title Issue Membership Credential - -actor User as User - -participant PortalIDP as keycloak -participant ManagedIdentityWallet as MIW - -box "Get Accesstoken" - User -> keycloak: Get AccessToken - keycloak --> User: AccessToken -end box - -group "Issue Membership" - User -> MIW: "/api/credentials/issuer/membership" with BPN - group "Create Membership Credential" - MIW -> MIW: Create Use Case Credential - MIW -> MIW: Sign JSON-LD Use Case Credential with issuer private key (Private Key of Issuer Wallet) - MIW -> MIW: Store Credential in Issuer Wallet - MIW -> MIW: Store Credential in Holder Wallet - end group - group "Summary Credential" - MIW -> MIW: Access User Wallet - MIW -> MIW: Check if Summary Credential is already Created - MIW -> MIW: Check Membership Credential is not already in Summary Credential - MIW -> MIW: Delete Summary Credential in User Wallet - MIW -> MIW: Create Summary Credential with specific Use Case - MIW -> MIW: Store Summary Credential in Issuer Wallet - MIW -> MIW: Store Summary Credential in Holder Wallet - end group - MIW --> User: Return signed Membership Credential -end group - -@enduml \ No newline at end of file diff --git a/docs/architecture/cx-3-2/2. Managed Identity Wallet/flows/issueUsecaseVc.puml b/docs/architecture/cx-3-2/2. Managed Identity Wallet/flows/issueUsecaseVc.puml deleted file mode 100644 index 6177c84..0000000 --- a/docs/architecture/cx-3-2/2. Managed Identity Wallet/flows/issueUsecaseVc.puml +++ /dev/null @@ -1,33 +0,0 @@ -@startuml -title Issue UseCaseFrameworkCredential - -actor User as User - -participant PortalIDP as keycloak -participant ManagedIdentityWallet as MIW - -box "Get Accesstoken" - User -> keycloak: Get AccessToken - keycloak --> User: AccessToken -end box - -group "Issue UseCaseCredential" - User -> MIW: "/api/credentials/issuer/framework" with (BPN, Type, ContractVersion, ContractTemplate) - group "Use Case Credential" - MIW -> MIW: Create Use Case Credential - MIW -> MIW: Sign JSON-LD Use Case Credential with issuer private key (Private Key of Issuer Wallet) - MIW -> MIW: Store Credential in Issuer Wallet - end group - group "Summary Credential" - MIW -> MIW: Access User Wallet - MIW -> MIW: Check if Summary Credential is already Created - MIW -> MIW: Check Use Case Credential is not already in Summary Credential - MIW -> MIW: If not delete Summary Credential in User Wallet - MIW -> MIW: Create Summary Credential with specific Use Case - MIW -> MIW: Store Summary Credential in Issuer Wallet - MIW -> MIW: Store Summary Credential in Holder Wallet - end group - MIW --> User: Return signed Use Case Credential -end group - -@enduml \ No newline at end of file diff --git a/docs/architecture/cx-3-2/2. Managed Identity Wallet/flows/validateVp.puml b/docs/architecture/cx-3-2/2. Managed Identity Wallet/flows/validateVp.puml deleted file mode 100644 index 9033ab0..0000000 --- a/docs/architecture/cx-3-2/2. Managed Identity Wallet/flows/validateVp.puml +++ /dev/null @@ -1,30 +0,0 @@ -@startuml Validate VP -title Issue Membership Credential - -actor User as User - -participant PortalIDP as keycloak -participant ManagedIdentityWallet as MIW - -box "Get Accesstoken" - User -> keycloak: Get AccessToken - keycloak --> User: AccessToken -end box - -group "Verify/Validate Verifiable Presentation" - User -> MIW: "/api/presentations/validation?withDateValidation=true" with VP - group "Presentation Validation" - MIW -> MIW: Check Presentation is not expired - MIW -> MIW: Validate Presentation JsonLD - MIW -> MIW: Verify Presentation Signature - end group - group "Credential Validation" - MIW -> MIW: Extract VCs - MIW -> MIW: Check Credential is not expired - MIW -> MIW: Validate Credential JsonLD - MIW -> MIW: Verify Credential Signature - end group - MIW --> User: Return Valid or Invalid + Reason -end group - -@enduml \ No newline at end of file diff --git a/docs/architecture/cx-3-2/2. Managed Identity Wallet/images/SingleInstanceDomainView.png b/docs/architecture/cx-3-2/2. Managed Identity Wallet/images/SingleInstanceDomainView.png deleted file mode 100644 index c22268e..0000000 Binary files a/docs/architecture/cx-3-2/2. Managed Identity Wallet/images/SingleInstanceDomainView.png and /dev/null differ diff --git a/docs/architecture/cx-3-2/3. Verifiable Credentials/CX-Credentials/summary/summary.vc.context.modified.v1.json b/docs/architecture/cx-3-2/3. Verifiable Credentials/CX-Credentials/summary/summary.vc.context.modified.v1.json deleted file mode 100644 index 2c6fc5b..0000000 --- a/docs/architecture/cx-3-2/3. Verifiable Credentials/CX-Credentials/summary/summary.vc.context.modified.v1.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "@context": { - "@version": 1.1, - "@protected": true, - "summary": "https://w3id.org/2023/tractusx/credentials/summary/", - "id": "@id", - "type": "@type", - "SummaryCredential": { - "@context": [ - "https://www.w3.org/2018/credentials/v1" - ], - "@id": "summary:SummaryCredential" - }, - "holderIdentifier": { - "@id": "summary:holderIdentifier" - }, - "hasCredentials": { - "@id": "summary:hasCredentials", - "@type": "https://schema.org/Text" - }, - "contractTemplate": { - "@id": "summary:contractTemplate", - "@type": "@id" - } - } -} diff --git a/docs/architecture/cx-3-2/3. Verifiable Credentials/CX-Credentials/summary/summary.vc.context.v1.json b/docs/architecture/cx-3-2/3. Verifiable Credentials/CX-Credentials/summary/summary.vc.context.v1.json deleted file mode 100644 index dddd413..0000000 --- a/docs/architecture/cx-3-2/3. Verifiable Credentials/CX-Credentials/summary/summary.vc.context.v1.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "@context": { - "@version": 1.1, - "@protected": true, - "summary": "https://w3id.org/2023/tractusx/credentials/summary/", - "id": "@id", - "type": "@type", - "SummaryCredential": { - "@context": [ - "https://www.w3.org/2018/credentials/v1" - ], - "@id": "summary:SummaryCredential" - }, - "holderIdentifier": { - "@id": "summary:holderIdentifier" - }, - "items": { - "@id": "summary:items", - "@type": "https://schema.org/Text" - }, - "contractTemplate": { - "@id": "summary:contract-template", - "@type": "https://schema.org/Text" - } - } -} diff --git a/docs/architecture/cx-3-2/3. Verifiable Credentials/CX-Credentials/summary/summary.vc.md b/docs/architecture/cx-3-2/3. Verifiable Credentials/CX-Credentials/summary/summary.vc.md deleted file mode 100644 index 94feeba..0000000 --- a/docs/architecture/cx-3-2/3. Verifiable Credentials/CX-Credentials/summary/summary.vc.md +++ /dev/null @@ -1,74 +0,0 @@ -# 1. Introduction: The Summary VC - -The Summary VC (S-VC) is a temporary credential designed to roll-up a number of other Tractus-X VCs into a compact form -that will fit within HTTP header limits. This document specifies the Summary VC schema. - -The following is an example Summary VC: - -```json - { - "@context": [ - "https://w3id.org/2023/tractusx/credentials/summary/v1" - ], - "id": "", - "type": [ - "VerifiableCredential", - "SummaryCredential" - ], - "issuer": "", - "issuanceDate": "2023-06-02T12:00:00Z", - "expirationDate": "2022-06-16T18:56:59Z", - "credentialSubject": { - "id": "", - "holderIdentifier": "", - "type": "SummaryCredential", - "items": [ - "MembershipCredential", - "DismantlerCredential", - "PcfCredential", - "SustainabilityCredential", - "QualityCredential", - "TraceabilityCredential", - "BehaviorTwinCredential", - "BpnCredential" - ], - "contractTemplates": "https://public.catena-x.org/contracts/" - } -} -``` - -A Json-Ld context defining Summary VC terms is [here](./summary.vc.context.v1.json) - -# 2. Verifiable Credential Properties - -## 2.1. Credential Subject and Credential Holder - -The credential subject and credential holder must be the same as described by -the [Verifiable Credentials Data Model v1.1](https://www.w3.org/TR/vc-data-model/#subject-is-the-holder). - -- The mandatory `id` property of the `credentialSubject` object must be set to the subject's DID (`did:web`). -- The mandatory `holderIdentifier` property of the `credentialSubject` object must be set to the subject's BPN. - -## 2.2 Summary Items - -The mandatory `items` property defined by the `https://w3id.org/2023/tractusx/credentials/summary/v1` context contains a -set of string identifiers indicating the credential types held by the subject. - -Valid items are: - -- MembershipCredentialCX -- DismantlerCredential -- PcfCredential -- SustainabilityCredential -- QualityCredential -- TraceabilityCredential -- BehaviorTwinCredential -- BpnCredential - -## 2.3 Mandatory Properties - -If mandatory properties are not present, the VC should be interpreted as invalid. - -# 3. Issues - -Context place must be defined for the Summary Credential \ No newline at end of file diff --git a/docs/architecture/cx-3-2/3. Verifiable Credentials/Structure and Formats.md b/docs/architecture/cx-3-2/3. Verifiable Credentials/Structure and Formats.md deleted file mode 100644 index 2779bdb..0000000 --- a/docs/architecture/cx-3-2/3. Verifiable Credentials/Structure and Formats.md +++ /dev/null @@ -1,51 +0,0 @@ -# Structure and Formats - -The following is an example of a verifiable credential that demonstrates the structure and formats used: - -```json -{ - "id": "UUID", - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://w3id.org/security/suites/jws-2020/v1", - "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/businessPartnerData" - ], - "type": ["VerifiableCredential", "MembershipCredentialCX"], - "issuanceDate": "2021-06-16T18:56:59Z", - "expirationDate": "2022-06-16T18:56:59Z", - "issuer": "did", // operating environment - "credentialSubject": { - "type": "MembershipCredential", - "holderIdentifier": "bpn", - "memberOf": "Catena-X", - "status": "Active", - "startTime": "2021-06-16T18:56:59Z" - } -} -``` - -This verifiable credential includes the following information: - -* **id:** A unique identifier for the credential (UUID). -* **@context:** An array of context URLs specifying the context for interpreting the credential. -* **type:** An array indicating the type of the credential, including "VerifiableCredential" and "MembershipCredentialCX". -* **issuanceDate:** The date and time when the credential was issued (in UTC format). -* **expirationDate:** The date and time when the credential expires (in UTC format). -* **issuer:** The issuer of the credential, identified by a decentralized identifier (did) associated with the operating environment. -* **credentialSubject:** An object containing information about the subject of the credential. -* **type:** The type of the credential subject, which is "MembershipCredential". -* **holderIdentifier:** A unique identifier for the holder of the credential (in this case, "bpn"). -* **memberOf:** The organization or group the holder is a member of (in this case, "Catena-X"). - - - - - - - - - -**status:** The status of the credential, indicating it is currently "Active". -startTime: The date and time when the membership started (in UTC format). - -This example showcases the structure and key attributes of a verifiable credential, demonstrating how it can be used to represent membership credentials within the Catena-X ecosystem. \ No newline at end of file diff --git a/docs/architecture/cx-3-2/3. Verifiable Credentials/tx.vc.guidelines.md b/docs/architecture/cx-3-2/3. Verifiable Credentials/tx.vc.guidelines.md deleted file mode 100644 index ce94e14..0000000 --- a/docs/architecture/cx-3-2/3. Verifiable Credentials/tx.vc.guidelines.md +++ /dev/null @@ -1,77 +0,0 @@ -# 1. Introduction: Tractus-X Verifiable Credentials - -The document provides guidelines for defining Tractus-X Verifiable Credentials (VC) based on -the [Verifiable Credentials Data Model v1.1](https://www.w3.org/TR/vc-data-model/). - -## 1.2. Goals - -The goal of these guidelines are to provide a baseline for VC interoperability across Tractus-X projects regardless of -technology platform. These guidelines are intended to ensure that: - -- It is possible to process and verify VCs using independent software stacks -- All TX VCs have consistent schemas and Json-Ld contexts -- All VC Json-Ld contexts are correctly defined and allow for proper Json-Ld processing -- Consistent naming standards are used for all VC definitions -- A consistent versioning scheme is adopted for all VCs -- A consistent Json-Ld context resolution scheme is used for all VCs - -# 2. The Tractus-X Namespace - -All VCs must be defined in the `Tractus-X namespace` - -# 3. Defining Verifiable Credentials - -All TX verifiable credentials must conform to -the [Verifiable Credentials Data Model v1.1](https://www.w3.org/TR/vc-data-model/). - -> Note that the URL scheme adopted by this specification is the one in use by the W3C, which supports the ability to -> version context definitions. - -## 3.1. The Master VC Context - -A master Json-Ld 1.1 context is defined that contains common terms. VCs may have their own contexts that define terms -and reference the master context. This allows VC definitions to be evolved and versioned independently. The master -context should be referenced as: - -`https://w3id.org/tractusx/2023/credentials/v1.0.0` - -## 3.2. Individual VC Contexts - -Individual VC contexts define terms specific to the VC and should be referenced using a URL similar to the following: - -`https://w3id.org/tractusx/2023/credentials/traceability/v1.0.0` - -This URL is constructed by taking determining the year the VC definition is published, appending it to the base W3ID -url, and further appending the VC name and version. - -## 3.3. Term Definitions - -Term definitions that represent types should use term keys that are mixed-case, for example, `DismantlerCredential`. -Term definitions that do not represent types should use camel case syntax, for example, `holderIdentifier`. Term keys -should be unambiguous and must be associated with a proper IRI so that they are not removed during Json-Ld expansion: - -```json -{ - "@context": { - "@version": 1.1, - "ex": "https://w3id.org/2023/tractusx/credentials/example/", - "ExampleCredential": { - "@id": "ex:ExampleCredential", - "exampleData": { - "@id": "ex:exampleData" - } - } - } -} - -``` - -# 4. Testing - -All VC and context definitions must be tested for proper Json-Ld expansion. - -> Note it is important to test for incorrect Json-Ld contexts as these may result in stripping out terms that are not -> part of a vocabulary from the canonical data used for the proof algorithm. - - - diff --git a/docs/architecture/cx-3-2/5. Examples/SummaryCredential_VP.md b/docs/architecture/cx-3-2/5. Examples/SummaryCredential_VP.md deleted file mode 100644 index dd06f14..0000000 --- a/docs/architecture/cx-3-2/5. Examples/SummaryCredential_VP.md +++ /dev/null @@ -1,9 +0,0 @@ -# Example VP Response from MiW - -## Summary Credential VP - -```json -{ - "vp": "eyJraWQiOiJkaWQ6d2ViOmEwMTYtMjAzLTEyOS0yMTMtOTkubmdyb2stZnJlZS5hcHA6QlBOTDAwMDAwMDAwMDAwMCIsInR5cCI6IkpXVCIsImFsZyI6IkVkRFNBIn0.eyJzdWIiOiJkaWQ6d2ViOmEwMTYtMjAzLTEyOS0yMTMtOTkubmdyb2stZnJlZS5hcHA6QlBOTDAwMDAwMDAwMDAwMCIsImF1ZCI6InNtYXJ0U2Vuc2UiLCJpc3MiOiJkaWQ6d2ViOmEwMTYtMjAzLTEyOS0yMTMtOTkubmdyb2stZnJlZS5hcHA6QlBOTDAwMDAwMDAwMDAwMCIsInZwIjp7ImlkIjoiZGlkOndlYjphMDE2LTIwMy0xMjktMjEzLTk5Lm5ncm9rLWZyZWUuYXBwOkJQTkwwMDAwMDAwMDAwMDAjZjQxZTM3NDAtOGUxZi00NDcxLTg2M2ItNDNiMmE2ZGEzMTQ0IiwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sIkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJTdW1tYXJ5Q3JlZGVudGlhbCJdLCJpZCI6InVybjp1dWlkOjEyMzQ1Njc4LTEyMzQtMTIzNC0xMjM0LTEyMzQ1Njc4OWFiYyIsImlzc3VlciI6ImRpZDp3ZWI6YTAxNi0yMDMtMTI5LTIxMy05OS5uZ3Jvay1mcmVlLmFwcDpCUE5MMDAwMDAwMDAwMDAwIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wNi0wMlQxMjowMDowMFoiLCJleHBpcmF0aW9uRGF0ZSI6IjIwMjItMDYtMTZUMTg6NTY6NTlaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaG9sZGVySWRlbnRpZmllciI6IkJQTiBvZiBob2xkZXIiLCJuYW1lIjoiQ1gtQ3JlZGVudGlhbHMiLCJpZCI6ImRpZDp3ZWI6YTAxNi0yMDMtMTI5LTIxMy05OS5uZ3Jvay1mcmVlLmFwcDpCUE5MMDAwMDAwMDAwMDAwIiwidHlwZSI6IlN1bW1hcnktTGlzdCIsIml0ZW1zIjpbImN4LWFjdGl2ZS1tZW1iZXIiLCJjeC1kaXNtYW50bGVyIiwiY3gtcGNmIiwiY3gtc3VzdGFpbmFiaWxpdHkiLCJjeC1xdWFsaXR5IiwiY3gtdHJhY2VhYmlsaXR5IiwiY3gtYmVoYXZpb3ItdHdpbiIsImN4LWJwbiJdLCJjb250cmFjdC10ZW1wbGF0ZXMiOiJodHRwczovL3B1YmxpYy5jYXRlbmEteC5vcmcvY29udHJhY3RzLyJ9LCJwcm9vZiI6eyJwcm9vZlB1cnBvc2UiOiJhc3NlcnRpb25NZXRob2QiLCJ0eXBlIjoiRWQyNTUxOVNpZ25hdHVyZTIwMTgiLCJ2ZXJpZmljYXRpb25NZXRob2QiOiJkaWQ6d2ViOmV4YW1wbGUuY29tI2tleS0xIiwiY3JlYXRlZCI6IjIwMjMtMDYtMDJUMTI6MDA6MDBaIiwiandzIjoiZXlKaGJHY2lPaUpGWkVSVFFTSjkuZXlKcFlYUWlPakUyTWpNMU56QTNOREVzSW1WNGNDSTZNVFl5TXpVM05ETTBNU3dpYW5ScElqb2lNVEl6TkRVMk56Z3RNVEl6TkMweE1qTTBMVEV5TXpRdE1USXpORFUyTnpnNVlXSmpJaXdpY0hKdmIyWWlPbnNpYVdRaU9pSmthV1E2ZDJWaU9tVjRZVzF3YkdVdVkyOXRJaXdpYm1GdFpTSTZJa0psYVhOd2FXVnNMVTl5WjJGdWFYTmhkR2x2YmlKOWZRLlNpZ25lZEV4YW1wbGVTaWduYXR1cmUifX19LCJleHAiOjE2ODU3MTM2MTQsImp0aSI6IjgxNjVjMzkyLWM3MzktNDExNC05YWE0LWNlNDBjYTczYjhkMyJ9.lhoiyPwOp7cfFdciE9IilMEXkYyajU5iWcSsm_jCaCMIhL7pOztYIvIVkiDtnQRhnOmj8gGBwLY57jrFFke-Ag" - } - ``` \ No newline at end of file diff --git a/docs/architecture/cx-3-2/6. Technical Debts/Technical Debts.md b/docs/architecture/cx-3-2/6. Technical Debts/Technical Debts.md deleted file mode 100644 index 5250bc3..0000000 --- a/docs/architecture/cx-3-2/6. Technical Debts/Technical Debts.md +++ /dev/null @@ -1,38 +0,0 @@ -# Technical Debts - -## DID Technical Debts - -* did document covers only varification method. No service endpoints. -* -## MiW Technical Debts - -* No real Tenant System. -* Private Keys ar AES encrypted stored in the MiW Postgres Database. -* No Revocation Service -* Summary Credential used as token. -* Only 1 VC in a VP possible. -* Summary VC created in the backend with the private key of the auhtority. -* DID documents are stored in the MiW. -* Summary Credentials always get deleted when new CX Credential is added to the MiW. -* Creation of CX-Credential are located in the MiW. Should be a dedicated service outside of the wallet. -* Only Central Wallet available. No self-mangaged wallet. -* No Issuer Registry. Only one trusted issuer available. -* Download of VC to own wallet not possible. -* No varifiable data registry in place. -* No key rotation. -* No update possibility of credentials. Credentials need to be deleted and new generated. - -## Verifiable credential - -* CX-Credentials are not consistent -* Only Summary Credential will be used because of the http header limition of 8KB - -## SSI Lib - - * No complete JsonWebSignature2020. Only ED22519 is supported. - * No validation for JsonWebSignature2020 with RSA key. - * No Security valdition only Sercurity Assesment. No attack vectors are tested. - * ... - -## EDC - \ No newline at end of file diff --git a/docs/architecture/cx-3-2/README.md b/docs/architecture/cx-3-2/README.md deleted file mode 100644 index 0bb1cf3..0000000 --- a/docs/architecture/cx-3-2/README.md +++ /dev/null @@ -1 +0,0 @@ -# Interim solution for Catena-X 3.2 diff --git a/docs/architecture/cx-3-2/edc/identity.next.implementation.md b/docs/architecture/cx-3-2/edc/identity.next.implementation.md deleted file mode 100644 index d6f8c7c..0000000 --- a/docs/architecture/cx-3-2/edc/identity.next.implementation.md +++ /dev/null @@ -1,115 +0,0 @@ -# Introduction - -The implementation for supporting the _Identity Next_ milestone consists of three work streams: - -1. Incremental changes to core EDC to support requirements associated with adding verifiable presentations to outgoing - requests. -2. An implementation of `IdentityService` extension point that will be hosted in the Tractus-X EDC repository as its - requirements are specific to the Catena-X dataspace. -3. A set of policy functions for handling outbound and inbound verifiable presentations. - -# Requirements - -The following are technical requirements that the implementation will adhere to: - -1. All verifiable presentations will be processed as native Json-Ld using - the [Titanium library](https://github.com/filip26/titanium-json-ld). The EDC has chosen Titanium as its Json-Ld - library and Tractus-X EDC will align with that. -2. Verifiable presentations will be validated in process using Titanium's sibling - library, [Iron](https://github.com/filip26/iron-verifiable-credentials). There is no need to introduce the complexity - and performance overhead of additional libraries or out-of-process calls. -3. Policy functions will operate on verifiable presentations as Json-P structures. These structures will be in Json-Ld - expanded form, which will be computed by EDC services transparently on request ingress. - -# Usage Policies and Verifiable Presentations - -DSP usage policy (ODRL) will be employed to advertise which verifiable presentations are required. For example, a usage -policy could be: - -```json -{ - "@context": { - "cx": "https://w3id.org/cx/v0.8/", - "@vocab": "http://www.w3.org/ns/odrl.jsonld" - }, - "@type": "Offer", - "@id": "a343fcbf-99fc-4ce8-8e9b-148c97605aab", - "permission": [ - { - "action": "use", - "constraint": { - "leftOperand": "cx:CX_DismantlerCredential.allowedVehicleBrand", - "operator": "eq", - "rightOperand": "Brand A" - } - } - ] -} -``` - -or - -```json -{ - "@context": { - "cx": "https://w3id.org/cx/v0.8/", - "@vocab": "http://www.w3.org/ns/odrl.jsonld" - }, - "@type": "Offer", - "@id": "a343fcbf-99fc-4ce8-8e9b-148c97605aab", - "permission": [ - { - "action": "use", - "constraint": { - "leftOperand": "cx:CX_DismantlerCredential.activityType", - "operator": "eq", - "rightOperand": "vehicleDismantle" - } - } - ] -} -``` - -The presence of the `cx:CX_DismantlerCredential` in the left operand will inform the client to include a verifiable -presentation in contract negotiation and data transfer requests. - -# EDC Incremental Changes - -The EDC will introduce a two new policy scopes, `contract.negotiation.request` and `transfer.process.request` that will -be evaluated by `DspHttpRemoteMessageDispatcherImpl`. During evaluation, policy functions may update -the `TokenParameters.Builder` obtained from the `PolicyContext` (`TokenParameters` will be modified to take arbitrary -properties). These properties can then be used by the `IdentityService` implementation to request verifiable -presentations. - -The EDC DSP policy deserializers will also be enhanced to support demarshalling verifiable presentations serialized as -Json-Ld into a `LiteralExpression` that contains a Json-P structure. - -# Tractus-X `IdentityService` Implementation - -A custom implementation of the `IdentityService` will be created that can obtain verifiable presentations based -on `TokenParmeters` and create a self-issued authentication token to include in the outgoing request header. -The `IdentityService` implementation should support an extensible VP request processor based on the EDC registry -pattern. - -The implementation will also support verifying incoming VPs and adding their deserialized Json-Ld structures into the -return `ClaimToken`. Policy evaluation (see next section) will then operate on the deserialized `ClaimToken` and can -assume all VPs are valid. VP validation will be done by the **Iron library**. - -# Tractus-X Policy Functions - -Tractus-X will include a policy function for each VC type. The function will implement a simple policy expression that -will be defined for each verifiable credential type. The policy function will evaluate the expression against the Json-P -VC structure when the `contract.negotiation` and `transfer.process` scopes are engaged. - -**Note** that we will not implement a generic VC expression language (e.g. JSONPath) as it does not promote -interoperability, would be difficult for business analysts to author and read, and is cumbersome to use with Json-Ld -prefixes (i.e. the JSONPath expressions would have to specify properties in expanded form). - -# Basic message flow -This diagram shows the proposed message sequence at a coarse level. Please note that this -is only scoped for the 3.2 Release of Tractus-X and is subject to change. It uses the [SummaryCredential](../../../credentials/summary/summary.vc.md), which is a temporary solution. - -The JWT must be generated according to [this definition](./identity.next.md#51-self-issued-token-format) upon every request. -The Provider should validate the token format _before_ contacting the MiW. - -![summary_flow](../flow.svg) \ No newline at end of file diff --git a/docs/architecture/cx-3-2/edc/identity.next.md b/docs/architecture/cx-3-2/edc/identity.next.md deleted file mode 100644 index eb79acc..0000000 --- a/docs/architecture/cx-3-2/edc/identity.next.md +++ /dev/null @@ -1,236 +0,0 @@ -# 1. Introduction - -This document provides a technical specification for how Tractus-X will support self-issued access tokens and verifiable -credentials in conjunction with `Managed Identity Wallets` (MIW) for core data-sharing operations. - -### 2. Requirements - -The following are the key requirements that inform this specification: - -1. **Interoperability** - This specification will not require any implementation-specific or proprietary features. It - must be possible for Relying Parties (RPs) to run on entirely different software infrastructures and still - interoperate. -1. **Open Standards** - We will not re-invent the wheel. Existing standards will be used as much as possible. -1. **Open Source** - There must be an open source implementation of all components outlined in this specification. -1. **Business User Policies** - Business users must be able to easily author all required policies - -A separate document will provide a technical design for implementing this specification in Tractus-X EDC. - -# 3. Catena-X Identity - -The `Dataspace Protocol Specifications` (DSP) are based on the concept that all participants have a stable identifier. -Software systems, or `participant agents`, act on behalf of participants to perform operations such as data sharing. In -this scheme, participant agent identities may be ephemeral since all operations such as signing `contract agreements` -are associated with the participant identity. - -The fundamental stable identifier in Catena-X is the BPN. This specification will also make use of DIDs, which can be -employed to cryptographically verify a participant identity. These are related as follows: - -``` -BPN ----- Can resolve to ----> DID - ^ | - | | - |----------Associated with-------- -``` - -In this scheme it is possible for a participant to change its DID without altering its stable identifier. For example, a -participant may opt to change its hosting environment, resulting in a change to its DID such as the URL associated with -its DID in the case of `did:web` or its DID method. Since its BPN remains stable, existing signed contracts will not be -impacted. - -# 4. Limitations - -The following will be technical limitations of the first milestone: - -1. Only [did:web](https://w3c-ccg.github.io/did-method-web/) will be supported, although it will be possible to - accommodate other methods in the future. -2. Verifiable Presentations (VP) will only be transmitted as part of a client access token. A protocol for accessing VPs - by a Relying Party will be supported in a future milestone. Since access tokens transmitted in HTTP headers are - practically limited to 8K by most web infrastructure, size constraints will impact VP design. -3. The protocols described in this specification do not constitute a self-sovereign identity system (SSI) as key parts - require hosted infrastructure. -4. Only one proof scheme for Verifiable Credentials will be - supported - [JSON Web Signature 2020](https://www.w3.org/community/reports/credentials/CG-FINAL-lds-jws2020-20220721/). - -> [OUTSTANDING] Define one supported **Verification Method** - -# 5. Self-Issued Access Tokens - -## 5.1. Self-Issued Token Format - -The contents of the self-issued token must correspond -to [Open ID Connect Self-Issued Tokens](https://openid.net/specs/openid-connect-self-issued-v2-1_0.html#section-11) -and [JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens](https://datatracker.ietf.org/doc/html/rfc9068). -Namely: - -- The `iss` and `sub` claims must be equal and set to the bearer's `web:did`. -- The `sub_jwk` claim is not used -- The `aud` set to the BPN of the provider -- The `client_id` set to the BPN of the consumer -- The `jti` claim that is used to mitigate against replay attacks -- The `vp` claim must contain at least one Verifiable Presentation that attests the BPN specified in the `client_id`. -- All VPs must be in the format specified by - the [Verifiable Credentials Data Model v1.1](https://www.w3.org/TR/vc-data-model/) - -> In the future when VP subject-signed proofs are supported, the following parameters will be required: -> - All VPs must include a `domain` set to the BPN of the provider -> - All VPs must include a `challenge` as defined - > in [Verifiable Credentials Implementation Guidelines 1.0](https://www.w3.org/TR/vc-imp-guide/#presentations) - > **Note these parameters are not required for this release** - -> [OUTSTANDING] The `client_id` will not be set to the BPN. TBD what it will contain. - -## 5.2. Self-Issued Token Validation - -- If the `iss` and `sub` claims are equal, the RP must evaluate the token as a self-issued token. -- The `iss` claim must contain a `did:web` identifier -- The RP most resolve the `iss` DID and verify the token using the public key specified in the DID document. -- The RP must verify at least one VP is present in the `vp` claim that attests to the BPN specified in - the `client_id` **using the key specified in the DID document**. -- The RP must evaluate the `domain` and `challenge` in each VP. - -# 6. Verifiable Credentials and Presentations - -## 6.1. Format - -VCs will be in the following format specified by in the -[W3C VC Data Model example](https://www.w3.org/TR/vc-data-model/#example-usage-of-the-proof-property-on-a-verifiable-credential): - -The follow is an example structure for VPs: - -```json -{ - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1" - ], - "id": "http://example.gov/credentials/3732", - "type": [ - "VerifiableCredential", - "..." - ], - "issuer": "https://example.edu", - "issuanceDate": "2010-01-01T19:23:24Z", - "credentialSubject": { - "id": "did:example:ebfeb1f712ebc6f1c276e12ec21", - "...": {} - }, - "proof": { - "type": "Ed25519Signature2020", - "created": "2021-11-13T18:19:39Z", - "verificationMethod": "https://example.edu/issuers/14#key-1", - "proofPurpose": "assertionMethod", - "proofValue": "z58DAdFfa9SkqZMVPxAQpic7ndSayn1PzZs6ZjWp1CktyGesjuTSwRdoWhAfGFCF5bppETSTojQCrfFPP2oumHKtz" - } -} -``` - -The only supported proof type will -be [JSON Web Signature 2020](https://www.w3.org/community/reports/credentials/CG-FINAL-lds-jws2020-20220721/). - -> In the future, support may be required -> for [Ed25519Signature2020](https://www.w3.org/community/reports/credentials/CG-FINAL-di-eddsa-2020-20220724/) (for -> example, if GAIA-X uses it). - - -## 6.2. Supported VPs and VC Types - -The VC schemas will be defined in the [Product Core Schemas repository](https://github.com/catenax-ng/product-core-schemas/tree/main). - -The following VCs will be required: - -**Note this may be changed to only support the Summary VP** - -- **MembershipCredentialCX** - https://confluence.catena-x.net/display/CORE/Membership+Credential -- **BpnCredentialCX** - https://confluence.catena-x.net/display/CORE/BPN+Credential -- **DismantlerCredentialCX** - https://confluence.catena-x.net/display/CORE/Dismantler+Credential -- **UseCaseFrameworkConditionCX** - - PCF - https://confluence.catena-x.net/display/CORE/PCF+Use+Case+Credential - - Quality - https://confluence.catena-x.net/pages/viewpage.action?spaceKey=CORE&title=Quality+Use+Case+Credential - - Resiliency - https://confluence.catena-x.net/display/CORE/Resiliency+Use+Case+Credential - - Sustainability - https://confluence.catena-x.net/display/CORE/Sustainability+Use+Case+Credential - - Trace - https://confluence.catena-x.net/display/CORE/Trace+Use+Case+Credential - - Behavior Twin - https://confluence.catena-x.net/display/CORE/Behavior+Twin+Use+Case+Credential - -### 6.2.3 Subject Signed Proofs - -Subject-signed proofs will not be supported in this release. Instead, the self-issued token signature will be used as -proof. This requires the VC subject and token subject to be the same. In addition, a VC linking the BPN number to the -subject's DID must be present as a claim in the same authorization token. - -## 6.3. Obtaining Verifiable Presentations - -Access to MIW resources requires an access token obtained from an OAUth2 compatible endpoint using the client -credentials flow as explained in the [OAuth2 Specification](https://datatracker.ietf.org/doc/html/rfc6749#section-7). - -Verifiable presentations can be obtained from a client-controlled endpoint termed a `wallet`. The wallet is responsible -for generating the VP, including its proof, for a particular `domain`. - -### 6.3.1. MIR Verifiable Presentations Endpoints - -The MIW will provide three endpoints that are relevant to the EDC: - -#### Query Verifiable Credentials -`GET /api/credentials` - -This endpoint will return available VCs matching a set of criteria that can be used to create VPs. - - -#### Create Verifiable Presentations -`POST /api/presentations` - -This endpoint takes a list of VCs and generated a signed JWT containing VPs. - -#### Verify Credentials -`POST /api/credentials/validations` - -This endpoint will validate VPs. - - -## 6.3.1. Relying Party Endpoints for Obtaining Verifiable Presentations - -This milestone will not support a protocol for RPs to obtain verifiable presentations from a client endpoint. In the -future [OpenID for Verifiable Presentations](https://openid.net/specs/openid-4-verifiable-presentations-1_0.html) should -be evaluated for suitability as this protocol. - -# 7. DIDs - -Only the `did:web` method will be supported. All DIDs will be resolved from the central MIW instance and therefore will be in the following format: - -`did:web:[miw url]:[bpn as indentifier]` - -The MIW will provide the following endpint for DID resolution: - -`api/didDocuments/(identifier}` - -DID documents will be in the following format: - -```json -{ - "@context": [], - "id": "did:web:miwurl:bpn", - "verificationMethod": { - "id": "did:web:miwurl:bpn", - "type": "JsonWebKey2020", - "publicKeyJwk": { - "kty": "JsonWebKey2020", - "crv": "Ed25519", - "x": "..." - } - } -} -``` - -# 8. DSP Policy - -DSP Policy will be used to advertise credential requirements in an interoperable way. Each policy must: - -1. Be cryptographically tied to the BPN of the holder -2. A policy must be associated with the Json-ld type of its corresponding Verifiable Credential. This may be done out of - band. -3. Policies will be simple [ODRL contraints](https://www.w3.org/TR/odrl-model/#constraint) consisting of a left operator - that is a unique string key, an operand, and a right operator that may be an expression. The expression must be - capable of being authored by business analysts and not be an executable expression. This is to ensure - interoperability. - -Specific supported policies will be defined in separate specifications. diff --git a/docs/architecture/cx-3-2/flow.puml b/docs/architecture/cx-3-2/flow.puml deleted file mode 100644 index bb08286..0000000 --- a/docs/architecture/cx-3-2/flow.puml +++ /dev/null @@ -1,23 +0,0 @@ -@startuml -participant Consumer as cons -participant Provider as prov -participant "Managed Identity Wallet" as miw - -autonumber - -cons -> miw++: request VC -return VC -cons -> miw++: send VC, generate VP -return VP (JWT format) - -cons -[#blue]>> prov ++: DSP request -note left: contains JWT with\nSummaryCredential\nas VP in header - -prov -> prov: extract JWT (VP) -note left: validate JWT before sending -prov -> miw ++ : validate VP -return result - -return DSP result (4xx or 2xx) - -@enduml \ No newline at end of file diff --git a/docs/architecture/cx-3-2/flow.svg b/docs/architecture/cx-3-2/flow.svg deleted file mode 100644 index 471226e..0000000 --- a/docs/architecture/cx-3-2/flow.svg +++ /dev/null @@ -1 +0,0 @@ -ConsumerConsumerProviderProviderManaged Identity WalletManaged Identity Wallet1request VC2VC3send VC, generate VP4VP (JWT format)5DSP requestcontains JWT withSummaryCredentialas VP in header6extract JWT (VP)validate JWT before sending7validate VP8result9DSP result (4xx or 2xx) \ No newline at end of file diff --git a/docs/architecture/cx-3-2/src/Diagrams/Wallet Creation.wsd b/docs/architecture/cx-3-2/src/Diagrams/Wallet Creation.wsd deleted file mode 100644 index e5d45e2..0000000 --- a/docs/architecture/cx-3-2/src/Diagrams/Wallet Creation.wsd +++ /dev/null @@ -1,33 +0,0 @@ -@startuml - -participant Portal as Portal -participant PortalIDP as PIDP -participant ManagedIdentiyWallet as MIW - -Portal -> PIDP: Get Access Token -PIDP -> Portal : Send back Access Token -Portal -> MIW: POST/API/Wallets(BPN, Name) -note right: Bearer Token im Header -MIW -> MIW: Create Database entry -MIW -> MIW: Create Private and Public Key -MIW -> MIW: Store Private Key in vault -MIW -> MIW: Create DID:web Document -note right: did:web:url/.wellkown/did.json (did document with Public key oder mehrere keys - muss standardisiert werden.) Hosting der DID in der Sub Domain -MIW -> MIW: Create BPN Credential -MIW -> MIW: Store Membership Credential in Database - -alt Access token invalid - Portal -> PIDP: Get Access Token - PIDP -> Portal : Send back Access Token - Portal -> MIW: POST/API/Wallets(BPN, Name) -end - -Portal -> MIW: Create Membership Credential (BPN, Token) -MIW-> MIW: GET Wallet by BPN - MIW-> MIW: response (wallet object) -note right: Wallet object includes did -MIW-> MIW: Create Membershipcredential(BPN, did) -MIW-> MIW: sign jsonLD Membership Credential with issuer private key (authrotity Private Key from Portal) -MIW-> MIW: Create new Database entry for VC/BPN/Tenant - -@enduml \ No newline at end of file diff --git a/docs/architecture/cx-3-2/src/Images/Minimal_Picture.png b/docs/architecture/cx-3-2/src/Images/Minimal_Picture.png deleted file mode 100644 index 1cf9177..0000000 Binary files a/docs/architecture/cx-3-2/src/Images/Minimal_Picture.png and /dev/null differ diff --git a/docs/architecture/cx-3-2/src/Images/Wallet_Creation.png b/docs/architecture/cx-3-2/src/Images/Wallet_Creation.png deleted file mode 100644 index e2fccb0..0000000 Binary files a/docs/architecture/cx-3-2/src/Images/Wallet_Creation.png and /dev/null differ diff --git a/docs/architecture/cx-3-3/README.md b/docs/architecture/cx-3-3/README.md deleted file mode 100644 index 062aadd..0000000 --- a/docs/architecture/cx-3-3/README.md +++ /dev/null @@ -1 +0,0 @@ -# Long-term architectural design for Catena-X 3.3 diff --git a/docs/architecture/cx-3-2/3. Verifiable Credentials/CX-Credentials/Standardized CX-Credential.md b/specifications/credentials/Standardized CX-Credential.md similarity index 100% rename from docs/architecture/cx-3-2/3. Verifiable Credentials/CX-Credentials/Standardized CX-Credential.md rename to specifications/credentials/Standardized CX-Credential.md diff --git a/docs/credentials/summary/summary.vc.context.modified.v1.json b/specifications/credentials/summary/summary.vc.context.modified.v1.json similarity index 100% rename from docs/credentials/summary/summary.vc.context.modified.v1.json rename to specifications/credentials/summary/summary.vc.context.modified.v1.json diff --git a/docs/credentials/summary/summary.vc.context.v1.json b/specifications/credentials/summary/summary.vc.context.v1.json similarity index 100% rename from docs/credentials/summary/summary.vc.context.v1.json rename to specifications/credentials/summary/summary.vc.context.v1.json diff --git a/docs/credentials/summary/summary.vc.md b/specifications/credentials/summary/summary.vc.md similarity index 93% rename from docs/credentials/summary/summary.vc.md rename to specifications/credentials/summary/summary.vc.md index 07de9ef..4036379 100644 --- a/docs/credentials/summary/summary.vc.md +++ b/specifications/credentials/summary/summary.vc.md @@ -36,7 +36,7 @@ The following is an example Summary VC: } ``` -A Json-Ld context defining Summary VC terms is [here](./summary.vc.context.v1.json) +A Json-Ld context defining Summary VC terms is [here](summary.vc.context.v1.json) # 2. Verifiable Credential Properties @@ -71,7 +71,7 @@ If mandatory properties are not present, the VC should be interpreted as invalid # 3. Known Issues The following are known questions and issues that need to be resolved with respect to other VCs for the 3.3 released. -There is a [proposed context](./summary.vc.context.modified.v1.json) that resolves these issues for the summary +There is a [proposed context](summary.vc.context.modified.v1.json) that resolves these issues for the summary credential if it is decided not to retire that VC. Note that these issues will not be resolved for the 3.3 release. ## 3.1 Consistent Naming diff --git a/docs/credentials/tx.vc.guidelines.md b/specifications/credentials/tx.vc.guidelines.md similarity index 100% rename from docs/credentials/tx.vc.guidelines.md rename to specifications/credentials/tx.vc.guidelines.md diff --git a/docs/architecture/cx-3-2/4. Decentralized Identifiers (DIDs)/Decentralized Identifiers (DIDs).md b/specifications/did/Decentralized Identifiers (DIDs).md similarity index 100% rename from docs/architecture/cx-3-2/4. Decentralized Identifiers (DIDs)/Decentralized Identifiers (DIDs).md rename to specifications/did/Decentralized Identifiers (DIDs).md diff --git a/docs/architecture/cx-3-2/edc/policy.definitions.md b/specifications/policy/policy.definitions.md similarity index 100% rename from docs/architecture/cx-3-2/edc/policy.definitions.md rename to specifications/policy/policy.definitions.md