eclipse-edc / IdentityHub

IdentityHub
Apache License 2.0
21 stars 25 forks source link

EDC Identity Hub

documentation discord latest version license
build snapshot build nightly build


This repository contains an implementation for the Decentralized Claims Protocol (DCP) specification. In short, IdentityHub contains multiple VerifiableCredentials and makes them available to authorized parties as VerifiablePresentations. It also receives VerifiableCredentials issued by an issuer and stores them. Convenience features like automatic credential renewal and re-issuance are also included. This functionality is sometimes referred to as "wallet".

IdentityHub makes heavy use of EDC components for core functionality, specifically those of the connector for extension loading, runtime bootstrap, configuration, API handling etc., while adding specific functionality using the EDC extensibility mechanism.

Here, developers find everything necessary to build and run a basic "vanilla" version of IdentityHub.

Documentation

Base documentation can be found on the documentation website. \ Developer documentation can be found under docs/developer, \ where the main concepts and decisions are captured as decision records.

Security Warning

Older versions of IdentityHub (in particular <= 0.3.1 ) must not be used anymore, as they were intended for proof-of-concept purposes only and may contain significant security vulnerabilities (for example missing authn/authz on the API) and possibly others. Please always use the latest version of IdentityHub.

Quick start

A basic launcher configured with in-memory stores (i.e. no persistent storage) can be found here. There are two ways of running IdentityHub:

  1. As native Java process
  2. Inside a Docker image

Build the *.jar file

./gradlew :launcher:identityhub:shadowJar

Start IdentityHub as Java process

Once the jar file is built, IdentityHub can be launched using this shell command:

java -Dweb.http.presentation.port=10001 \
     -Dweb.http.presentation.path="/api/presentation" \
     -Dweb.http.port=8181 \
     -Dweb.http.path="/api" \
     -Dweb.http.identity.port=8182 \
     -Dweb.http.identity.path="/api/identity" \
     -Dedc.ih.api.superuser.key="c3VwZXItdXNlcgo=c3VwZXItc2VjcmV0Cg==" \
     -jar launcher/identityhub/build/libs/identity-hub.jar

this will expose the Presentation API at http://localhost:10001/api/presentation and the Identity API at http://localhost:8191/api/identity. More information about IdentityHub's APIs can be found here

Create the Docker image

docker build -t identity-hub ./launcher/identityhub

Start the Identity Hub

docker run --rm --name identity-hub \
            -e "WEB_HTTP_PRESENTATION_PORT=10001" \
            -e "WEB_HTTP_PRESENTATION_PATH=/api/presentation/" \
            -e "WEB_HTTP_PATH=/api" \
            -e "WEB_HTTP_PORT=8181" \
            -e "WEB_HTTP_IDENTITY_PORT=8182" \
            -e "WEB_HTTP_IDENTITY_PATH=/api/identity" \
            -e "EDC_IH_API_SUPERUSER_KEY=c3VwZXItdXNlcgo=c3VwZXItc2VjcmV0Cg==" \
            identity-hub:latest

Architectural concepts of IdentityHub

Key architectural concepts are outlined here.

Module structure of IdentityHub

IdentityHub's module structure and key SPIs is described here.

Please note that some classes or functionalities mentioned there may not yet have been implemented, for example automatic credential renewal.

API overview of IdentityHub

IdentityHub exposes several APIs that are described in more detail here.

Future work

References

Contributing

See how to contribute.