Decentralized Identifiers

agera-edc / MinimumViableDataspace

Guidance on documentation, scripts and integration steps on using the EDC project results

Apache License 2.0

0 stars 2 forks source link

Decentralized Identifiers #116

Closed chrislomonico closed 2 years ago

chrislomonico commented 2 years ago

Description

[Draft Based on Team Discussions]

Acceptance Criteria

[x] IDS requests are secured using Wed DID
[x] JWTs are verified using the DID of the requestor
[x] Sample mocked Verifiable Credentials are in place (region=eu) and enforced at each connector

Stories

[x] agera-edc/MinimumViableDataspaceFork#113
[x] agera-edc/MinimumViableDataspaceFork#107
[x] agera-edc/MinimumViableDataspaceFork#112
[x] agera-edc/MinimumViableDataspaceFork#136
[x] agera-edc/MinimumViableDataspaceFork#111
~[ ] agera-edc/MinimumViableDataspaceFork#96 (stretch goal)~

marcgs commented 2 years ago

It is questionable if the IdentityHub deployment is required for this feature. EDC contains a DummyCredentialsVerifier that can be used to mock credential retrieval which seems perfectly fine for this step. Calling the IdentityHub in a similar manner like IdentityHubCredentialsVerifier does (see https://github.com/eclipse-dataspaceconnector/DataSpaceConnector/issues/1070) will return empty credentials unless we seed data as well. To me this area is still too unclear and it is worth keeping it simple at the beginning. @algattik

marcgs commented 2 years ago

It is questionable if the IdentityHub deployment is required for this feature. EDC contains a DummyCredentialsVerifier that can be used to mock credential retrieval which seems perfectly fine for this step. Calling the IdentityHub in a similar manner like IdentityHubCredentialsVerifier does (see eclipse-dataspaceconnector/DataSpaceConnector#1070) will return empty credentials unless we seed data as well. To me this area is still too unclear and it is worth keeping it simple at the beginning. @algattik

Removing IdentityHub integration for this feature. The Verifiable Credentials provided by the Hub bring no value without a policies and a policy enforcement mechanism in place. This should be reevaluated together once there is more clarity. @zeier

marcgs commented 2 years ago

It is questionable if the IdentityHub deployment is required for this feature. EDC contains a DummyCredentialsVerifier that can be used to mock credential retrieval which seems perfectly fine for this step. Calling the IdentityHub in a similar manner like IdentityHubCredentialsVerifier does (see eclipse-dataspaceconnector/DataSpaceConnector#1070) will return empty credentials unless we seed data as well. To me this area is still too unclear and it is worth keeping it simple at the beginning. @algattik

Removing IdentityHub integration for this feature. The Verifiable Credentials provided by the Hub bring no value without a policies and a policy enforcement mechanism in place. This should be reevaluated together once there is more clarity. @zeier

As discussed in the planning, evaluation of a basic policy "data resides in EU" should work. Adding stories for IdentityHub.