From 40356178dc3efbf6bb91baaa19b28dee818d76f1 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Mon, 3 Jul 2023 08:31:38 +0000 Subject: [PATCH 1/7] Update Submodules --- core/canis-major | 2 +- core/cygnus | 2 +- core/orion-ld | 2 +- core/stellio | 2 +- data-publication/business-api/logic-proxy | 2 +- iot-agents/iotagent-json | 2 +- iot-agents/iotagent-node-lib | 2 +- iot-agents/iotagent-ultralight | 2 +- iot-agents/open-vidu | 2 +- processing/perseo/front-end | 2 +- robotics/Fast-DDS | 2 +- security/keycloak-vc-issuer | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/core/canis-major b/core/canis-major index 5d0d3b0d1..c41dc36c0 160000 --- a/core/canis-major +++ b/core/canis-major @@ -1 +1 @@ -Subproject commit 5d0d3b0d18266ecef681429da5bd7a5c4e967e77 +Subproject commit c41dc36c0c83aa63e125b96b591eb4c1c0c6d251 diff --git a/core/cygnus b/core/cygnus index 670da1f2d..09c02d86f 160000 --- a/core/cygnus +++ b/core/cygnus @@ -1 +1 @@ -Subproject commit 670da1f2d54f286124442a6a7e9f532cdc2f4a68 +Subproject commit 09c02d86fa1b4ab5f54953cd51202da0307ddc3c diff --git a/core/orion-ld b/core/orion-ld index a13e7ed3e..0def54a63 160000 --- a/core/orion-ld +++ b/core/orion-ld @@ -1 +1 @@ -Subproject commit a13e7ed3ecf1c66ccd5f7763f2fa4a87f50ade58 +Subproject commit 0def54a630d65b443128df2beea708ea847a56b6 diff --git a/core/stellio b/core/stellio index e3746aa58..bb9617bad 160000 --- a/core/stellio +++ b/core/stellio @@ -1 +1 @@ -Subproject commit e3746aa582bab7b7aaa71a5a3894e9a56e770b4b +Subproject commit bb9617bad6cf1059802635492327f27594413b65 diff --git a/data-publication/business-api/logic-proxy b/data-publication/business-api/logic-proxy index 35b288dfe..04345a21d 160000 --- a/data-publication/business-api/logic-proxy +++ b/data-publication/business-api/logic-proxy @@ -1 +1 @@ -Subproject commit 35b288dfea9f21cdaaf19f93053ee7c90c5f7585 +Subproject commit 04345a21d5f7ba11a169e9ea36c0ff87e348e4ce diff --git a/iot-agents/iotagent-json b/iot-agents/iotagent-json index 07071ac9e..00a5b2cd8 160000 --- a/iot-agents/iotagent-json +++ b/iot-agents/iotagent-json @@ -1 +1 @@ -Subproject commit 07071ac9e3f64e35a6c20e5b2457ae1f1042fc80 +Subproject commit 00a5b2cd85b69c1739694667eaa3e963a5a6e211 diff --git a/iot-agents/iotagent-node-lib b/iot-agents/iotagent-node-lib index 89cea3fac..0ab531d30 160000 --- a/iot-agents/iotagent-node-lib +++ b/iot-agents/iotagent-node-lib @@ -1 +1 @@ -Subproject commit 89cea3fac157d8b4e0ce5e59a39419ed0680b420 +Subproject commit 0ab531d30587d6d7415b770e0f9072fce3f910d0 diff --git a/iot-agents/iotagent-ultralight b/iot-agents/iotagent-ultralight index 27d147ab2..a33fc1b11 160000 --- a/iot-agents/iotagent-ultralight +++ b/iot-agents/iotagent-ultralight @@ -1 +1 @@ -Subproject commit 27d147ab28364dff854ff62b5247cfab8d28bde8 +Subproject commit a33fc1b1105338cb5f7fe37c150a536113e6777c diff --git a/iot-agents/open-vidu b/iot-agents/open-vidu index 8dcf0096e..6bf48078a 160000 --- a/iot-agents/open-vidu +++ b/iot-agents/open-vidu @@ -1 +1 @@ -Subproject commit 8dcf0096eeeac5ba0c0f877e85fc2c0f9b10aa4e +Subproject commit 6bf48078a58efb388c5ffaad6c718f7ec9ee4f1e diff --git a/processing/perseo/front-end b/processing/perseo/front-end index 4d1e4d33f..4940ba7fd 160000 --- a/processing/perseo/front-end +++ b/processing/perseo/front-end @@ -1 +1 @@ -Subproject commit 4d1e4d33fca63df9788948df08a898ffbc107c79 +Subproject commit 4940ba7fd63985810b04f821f796c0ea42a71a66 diff --git a/robotics/Fast-DDS b/robotics/Fast-DDS index 67e1827db..7d5880404 160000 --- a/robotics/Fast-DDS +++ b/robotics/Fast-DDS @@ -1 +1 @@ -Subproject commit 67e1827dbf884bb4a5dbca941444f1096c0950a3 +Subproject commit 7d588040429b9bcd3def6fe113fe4d31259afcc1 diff --git a/security/keycloak-vc-issuer b/security/keycloak-vc-issuer index 2d9c3a423..8932abc92 160000 --- a/security/keycloak-vc-issuer +++ b/security/keycloak-vc-issuer @@ -1 +1 @@ -Subproject commit 2d9c3a423f461b6838f4d3b9602986b9db29faf4 +Subproject commit 8932abc929cfdebf05062c2519fe88ae13034687 From e47e98e22dd9bf1da3faa0891575ee179d7ade58 Mon Sep 17 00:00:00 2001 From: Jason Fox Date: Mon, 3 Jul 2023 15:18:06 +0200 Subject: [PATCH 2/7] Update README.md --- security/README.md | 70 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) diff --git a/security/README.md b/security/README.md index a43755a19..dea47437c 100644 --- a/security/README.md +++ b/security/README.md @@ -261,3 +261,73 @@ account became temporarily blocked, a recover procedure password, a second facto Additional security checks and features improve the security and usability of a system, SPASSWORD helps to reduce development time by avoiding the need to implement and test bespoke secure system functions. + + + + + + +## :seedling: Trusted Issuers List Service (Incubated) + +[![](https://nexus.lab.fiware.org/repository/raw/public/badges/chapters/security.svg)](./README.md) +![License](https://img.shields.io/github/license/FIWARE/trusted-issuers-list.svg) +![](https://img.shields.io/github/last-commit/FIWARE/trusted-issuers-list) +![](https://img.shields.io/github/tag/FIWARE/trusted-issuers-list.svg) + +The Trusted-Issuers-List Service provides an EBSI Trusted Issuers Registry implementation to act as the Trusted-List-Service in the DSBA Trust and IAM Framework. In addition, a Trusted Issuers List API to manage the issuers is provided. + + + +## :seedling: DSBA PDP (Incubated) + +[![](https://nexus.lab.fiware.org/repository/raw/public/badges/chapters/security.svg)](./README.md) +![License](https://img.shields.io/github/license/FIWARE/dsba-pdp.svg) +![](https://img.shields.io/github/last-commit/FIWARE/dsba-pdp) +![](https://img.shields.io/github/tag/FIWARE/dsba-pdp.svg) + +Implementation of a Policy-Desicion Point, evaluating Json-Web-Tokens containing VerifiableCredentials in an DSBA-compliant way. It also supports the evaluation in the context of i4Trust. + + + +## :seedling: VC-Verifier (Incubated) + +[![](https://nexus.lab.fiware.org/repository/raw/public/badges/chapters/security.svg)](./README.md) +![License](https://img.shields.io/github/license/FIWARE/VCVerifier.svg) +![](https://img.shields.io/github/last-commit/FIWARE/VCVerifier) +![](https://img.shields.io/github/tag/FIWARE/VCVerifier.svg) + +VCVerifier provides the necessary endpoints(see API) to offer SIOP-2/OIDC4VP compliant authentication flows. It exchanges VerfiableCredentials for JWT, that can be used for authorization and authentication in down-stream components. + + + +## :seedling: Keycloak VC-Issuer (Incubated) + +[![](https://nexus.lab.fiware.org/repository/raw/public/badges/chapters/security.svg)](./README.md) +![License](https://img.shields.io/github/license/FIWARE/keycloak-vc-issuer.svg) +![](https://img.shields.io/github/last-commit/FIWARE/keycloak-vc-issuer) +![](https://img.shields.io/github/tag/FIWARE/keycloak-vc-issuer.svg) + +The Keycloak-VC-Issuer is plugin for Keycloak to support SIOP-2/ OIDC4VP clients and issue VerifiableCredentials through the OIDC4VCI-Protocol to compliant wallets. + + + +## :seedling: Credentials Config Service (Incubated) + +[![](https://nexus.lab.fiware.org/repository/raw/public/badges/chapters/security.svg)](./README.md) +![License](https://img.shields.io/github/license/FIWARE/credentials-config-service.svg) +![](https://img.shields.io/github/last-commit/FIWARE/credentials-config-service) +![](https://img.shields.io/github/tag/FIWARE/credentials-config-service.svg) + +The Credentials Config Service manages and provides information about services and the credentials they are using. It returns the scope to be requested from the wallet per service and the credentials and issuers that are considered to be trusted for a certain service. + + + +## :seedling: Trusted Issuers Registry (Incubated) + +[![](https://nexus.lab.fiware.org/repository/raw/public/badges/chapters/security.svg)](./README.md) +![License](https://img.shields.io/github/license/FIWARE/trusted-issuers-registry.svg) +![](https://img.shields.io/github/last-commit/FIWARE/trusted-issuers-registry) +![](https://img.shields.io/github/tag/FIWARE/trusted-issuers-registry.svg) + +The Trusted Issuers Registry provides both an EBSI Trusted Issuers Registry implementation and an iShare implementation. The service provides data from an NGSI-LD compliant backend and configuration files. + From f93bd2f44c325c407111b7a9420eecae2bd9bd3a Mon Sep 17 00:00:00 2001 From: Jason Fox Date: Mon, 3 Jul 2023 15:22:13 +0200 Subject: [PATCH 3/7] Update README.md --- security/README.md | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/security/README.md b/security/README.md index dea47437c..8aeb7f8d4 100644 --- a/security/README.md +++ b/security/README.md @@ -274,8 +274,13 @@ development time by avoiding the need to implement and test bespoke secure syste ![](https://img.shields.io/github/last-commit/FIWARE/trusted-issuers-list) ![](https://img.shields.io/github/tag/FIWARE/trusted-issuers-list.svg) +### What is the Trusted Issuers List Service ? + The Trusted-Issuers-List Service provides an EBSI Trusted Issuers Registry implementation to act as the Trusted-List-Service in the DSBA Trust and IAM Framework. In addition, a Trusted Issuers List API to manage the issuers is provided. +### What is the Trusted Issuers List Service ? + + ## :seedling: DSBA PDP (Incubated) @@ -285,8 +290,12 @@ The Trusted-Issuers-List Service provides an EBSI Trusted Issuers Registry imple ![](https://img.shields.io/github/last-commit/FIWARE/dsba-pdp) ![](https://img.shields.io/github/tag/FIWARE/dsba-pdp.svg) +### What is the DSBA PDP ? + Implementation of a Policy-Desicion Point, evaluating Json-Web-Tokens containing VerifiableCredentials in an DSBA-compliant way. It also supports the evaluation in the context of i4Trust. +### Why use the DSBA PDP ? + ## :seedling: VC-Verifier (Incubated) @@ -296,8 +305,12 @@ Implementation of a Policy-Desicion Point, evaluating Json-Web-Tokens containing ![](https://img.shields.io/github/last-commit/FIWARE/VCVerifier) ![](https://img.shields.io/github/tag/FIWARE/VCVerifier.svg) +### What is VCVerifier ? + VCVerifier provides the necessary endpoints(see API) to offer SIOP-2/OIDC4VP compliant authentication flows. It exchanges VerfiableCredentials for JWT, that can be used for authorization and authentication in down-stream components. +### Why use VCVerifier ? + ## :seedling: Keycloak VC-Issuer (Incubated) @@ -307,7 +320,11 @@ VCVerifier provides the necessary endpoints(see API) to offer SIOP-2/OIDC4VP com ![](https://img.shields.io/github/last-commit/FIWARE/keycloak-vc-issuer) ![](https://img.shields.io/github/tag/FIWARE/keycloak-vc-issuer.svg) -The Keycloak-VC-Issuer is plugin for Keycloak to support SIOP-2/ OIDC4VP clients and issue VerifiableCredentials through the OIDC4VCI-Protocol to compliant wallets. +### What is the Keycloak VC-Issuer ? + +The Keycloak-VC-Issuer is plugin for Keycloak to support SIOP-2/ OIDC4VP clients and issue VerifiableCredentials through the OIDC4VCI-Protocol to compliant wallets. + +### Why use the Keycloak VC-Issuer ? @@ -318,8 +335,12 @@ The Keycloak-VC-Issuer is plugin for Keycloak to support SIOP-2/ OIDC4VP clients ![](https://img.shields.io/github/last-commit/FIWARE/credentials-config-service) ![](https://img.shields.io/github/tag/FIWARE/credentials-config-service.svg) +### What is the Credentials Config Service ? + The Credentials Config Service manages and provides information about services and the credentials they are using. It returns the scope to be requested from the wallet per service and the credentials and issuers that are considered to be trusted for a certain service. +### Why use the Credentials Config Service ? + ## :seedling: Trusted Issuers Registry (Incubated) @@ -329,5 +350,8 @@ The Credentials Config Service manages and provides information about services a ![](https://img.shields.io/github/last-commit/FIWARE/trusted-issuers-registry) ![](https://img.shields.io/github/tag/FIWARE/trusted-issuers-registry.svg) +### What is the Trusted Issuers Registry ? + The Trusted Issuers Registry provides both an EBSI Trusted Issuers Registry implementation and an iShare implementation. The service provides data from an NGSI-LD compliant backend and configuration files. +### Why use the Trusted Issuers Registry ? From b97d80bddb784a2921e245c0afbf5b6cf5d5b61b Mon Sep 17 00:00:00 2001 From: Jason Fox Date: Mon, 3 Jul 2023 16:12:46 +0200 Subject: [PATCH 4/7] Update README.md Add descriptions --- security/README.md | 52 ++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 43 insertions(+), 9 deletions(-) diff --git a/security/README.md b/security/README.md index 8aeb7f8d4..a50d15c4e 100644 --- a/security/README.md +++ b/security/README.md @@ -262,9 +262,6 @@ account became temporarily blocked, a recover procedure password, a second facto Additional security checks and features improve the security and usability of a system, SPASSWORD helps to reduce development time by avoiding the need to implement and test bespoke secure system functions. - - - ## :seedling: Trusted Issuers List Service (Incubated) @@ -278,8 +275,15 @@ development time by avoiding the need to implement and test bespoke secure syste The Trusted-Issuers-List Service provides an EBSI Trusted Issuers Registry implementation to act as the Trusted-List-Service in the DSBA Trust and IAM Framework. In addition, a Trusted Issuers List API to manage the issuers is provided. -### What is the Trusted Issuers List Service ? +### Why used the Trusted Issuers List Service ? +In an DSBA-compliant framework, the Verifier has to check for incoming [Verifiable Credentials](https://www.w3.org/TR/vc-data-model/) that the corresponding issuer is allowed to issue: + +- the given type of credential +- with the given claims +- and at the current time + +To do so, it requires a service that provides this information @@ -292,10 +296,16 @@ The Trusted-Issuers-List Service provides an EBSI Trusted Issuers Registry imple ### What is the DSBA PDP ? -Implementation of a Policy-Desicion Point, evaluating Json-Web-Tokens containing VerifiableCredentials in an DSBA-compliant way. It also supports the evaluation in the context of i4Trust. +Implementation of a Policy-Desicion Point, evaluating Json-Web-Tokens containing [Verifiable Credentials](https://www.w3.org/TR/vc-data-model/) s in an DSBA-compliant way. It also supports the evaluation in the context of i4Trust. ### Why use the DSBA PDP ? +A Policy Decision Point (PDP) is a mechanism that restricts access to resources by comparing them to a security policy. The +permit/deny mechanism ensure than only authorised users are able to access a given resource. This PDP for data spaces uses +well-defined policy structures found within JWTs, where the policy structure follows the reccommendations made by the Data +Spaces Business Alliance ((DSBA)[https://data-spaces-business-alliance.eu/]) and therefore ensuring that multiple organisations +are able to create policies in common across a data space. + ## :seedling: VC-Verifier (Incubated) @@ -307,10 +317,16 @@ Implementation of a Policy-Desicion Point, evaluating Json-Web-Tokens containing ### What is VCVerifier ? -VCVerifier provides the necessary endpoints(see API) to offer SIOP-2/OIDC4VP compliant authentication flows. It exchanges VerfiableCredentials for JWT, that can be used for authorization and authentication in down-stream components. +VCVerifier provides the necessary endpoints(see API) to offer SIOP-2/OIDC4VP compliant authentication flows. +It exchanges [Verifiable Credentials](https://www.w3.org/TR/vc-data-model/) for a JSON Web Token ([JWT](https://jwt.io/)), +that can be used for authorization and authentication in down-stream components. ### Why use VCVerifier ? +The JWT used for a Verifiable Credential is not the same JWT that can be used for authorization and authentication. +The component reads in a Verifiable Credential and replaces it with an authorisation policy which can be used to permit +access to services. + ## :seedling: Keycloak VC-Issuer (Incubated) @@ -322,10 +338,15 @@ VCVerifier provides the necessary endpoints(see API) to offer SIOP-2/OIDC4VP com ### What is the Keycloak VC-Issuer ? -The Keycloak-VC-Issuer is plugin for Keycloak to support SIOP-2/ OIDC4VP clients and issue VerifiableCredentials through the OIDC4VCI-Protocol to compliant wallets. +The Keycloak-VC-Issuer is plugin for [Keycloak](https://www.keycloak.org/) to support SIOP-2/ OIDC4VP clients and +issue [Verifiable Credentials](https://www.w3.org/TR/vc-data-model/) through the OIDC4VCI-Protocol to compliant wallets. ### Why use the Keycloak VC-Issuer ? +Issuance of Verified credentials is an essential step in creating a common data space. Effectively creating a digital club +card allowing a user to access various services. This plugin extends the existing Keycloak service so that Keycloak itself +is able to issue a credential. + ## :seedling: Credentials Config Service (Incubated) @@ -337,10 +358,20 @@ The Keycloak-VC-Issuer is plugin for Keycloak to support SIOP-2/ OIDC4VP clients ### What is the Credentials Config Service ? -The Credentials Config Service manages and provides information about services and the credentials they are using. It returns the scope to be requested from the wallet per service and the credentials and issuers that are considered to be trusted for a certain service. +The Credentials Config Service manages and provides information about services and the credentials they are using. It returns +the scope to be requested from the wallet per service and the credentials and issuers that are considered to be trusted for a +certain service. ### Why use the Credentials Config Service ? +In an DSBA-compliant framework, a Verifier is responsible to communicate with wallets and verify the credentials they provide. +To get this done, it needs information about: + +- the credentials to be requested from a wallet +- the credentials and claims an issuer is allowed to issue + +To do so, it requires a service that provides such information + ## :seedling: Trusted Issuers Registry (Incubated) @@ -352,6 +383,9 @@ The Credentials Config Service manages and provides information about services a ### What is the Trusted Issuers Registry ? -The Trusted Issuers Registry provides both an EBSI Trusted Issuers Registry implementation and an iShare implementation. The service provides data from an NGSI-LD compliant backend and configuration files. +The Trusted Issuers Registry provides both an EBSI Trusted Issuers Registry implementation and an iShare implementation. +The service provides data from an NGSI-LD compliant backend and configuration files. ### Why use the Trusted Issuers Registry ? + +A Trusted Issuers Registry (TIR) is a decentralised registry for storing information about trusted issuers, such as public information and accreditations. The TIR stores all information within a smart contract in the form of Verifiable Accreditations, which are issued by Trust Chain participants or self-issued. Issuers can then designate proxies for credential verification that can be used to assess the validity of the credential or check whether it has been revoked. From bb7afd59a8c9a447908dcedc0faf29c6f074310f Mon Sep 17 00:00:00 2001 From: Jason Fox Date: Mon, 3 Jul 2023 18:54:23 +0200 Subject: [PATCH 5/7] Update README.md --- security/README.md | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/security/README.md b/security/README.md index a50d15c4e..3e1244f4e 100644 --- a/security/README.md +++ b/security/README.md @@ -271,6 +271,9 @@ development time by avoiding the need to implement and test bespoke secure syste ![](https://img.shields.io/github/last-commit/FIWARE/trusted-issuers-list) ![](https://img.shields.io/github/tag/FIWARE/trusted-issuers-list.svg) +| :octocat: [Git Repository](https://github.com/FIWARE/trusted-issuers-list) | [quay.io](https://quay.io/repository/fiware/trusted-issuers-registry) | :books: [Documentation](https://github.com/FIWARE/trusted-issuers-list/blob/main/README.md) | +| --- | --- | --- | + ### What is the Trusted Issuers List Service ? The Trusted-Issuers-List Service provides an EBSI Trusted Issuers Registry implementation to act as the Trusted-List-Service in the DSBA Trust and IAM Framework. In addition, a Trusted Issuers List API to manage the issuers is provided. @@ -279,9 +282,9 @@ The Trusted-Issuers-List Service provides an EBSI Trusted Issuers Registry imple In an DSBA-compliant framework, the Verifier has to check for incoming [Verifiable Credentials](https://www.w3.org/TR/vc-data-model/) that the corresponding issuer is allowed to issue: -- the given type of credential -- with the given claims -- and at the current time +- the given type of credential +- with the given claims +- and at the current time To do so, it requires a service that provides this information @@ -294,6 +297,9 @@ To do so, it requires a service that provides this information ![](https://img.shields.io/github/last-commit/FIWARE/dsba-pdp) ![](https://img.shields.io/github/tag/FIWARE/dsba-pdp.svg) +| :octocat: [Git Repository](https://github.com/FIWARE/dsba-pdp) | [quay.io](https://quay.io/repository/fiware/dsba-pdp) | :books: [Documentation](https://github.com/FIWARE/dsba-pdp/blob/main/README.md) | +| --- | --- | --- | + ### What is the DSBA PDP ? Implementation of a Policy-Desicion Point, evaluating Json-Web-Tokens containing [Verifiable Credentials](https://www.w3.org/TR/vc-data-model/) s in an DSBA-compliant way. It also supports the evaluation in the context of i4Trust. @@ -315,6 +321,9 @@ are able to create policies in common across a data space. ![](https://img.shields.io/github/last-commit/FIWARE/VCVerifier) ![](https://img.shields.io/github/tag/FIWARE/VCVerifier.svg) +| :octocat: [Git Repository](https://github.com/FIWARE/VCVerifier) | [quay.io](https://quay.io/repository/fiware/vcverifier) | :books: [Documentation](https://github.com/FIWARE/VCVerifier/blob/main/README.md) | +| --- | --- | --- | + ### What is VCVerifier ? VCVerifier provides the necessary endpoints(see API) to offer SIOP-2/OIDC4VP compliant authentication flows. @@ -336,6 +345,9 @@ access to services. ![](https://img.shields.io/github/last-commit/FIWARE/keycloak-vc-issuer) ![](https://img.shields.io/github/tag/FIWARE/keycloak-vc-issuer.svg) +| :octocat: [Git Repository](https://github.com/FIWARE/keycloak-vc-issuer) | [quay.io](https://quay.io/repository/fiware/keycloak-vc-issuer) | :books: [Documentation](https://github.com/FIWARE/keycloak-vc-issuer/blob/main/README.md) | +| --- | --- | --- | + ### What is the Keycloak VC-Issuer ? The Keycloak-VC-Issuer is plugin for [Keycloak](https://www.keycloak.org/) to support SIOP-2/ OIDC4VP clients and @@ -356,6 +368,9 @@ is able to issue a credential. ![](https://img.shields.io/github/last-commit/FIWARE/credentials-config-service) ![](https://img.shields.io/github/tag/FIWARE/credentials-config-service.svg) +| :octocat: [Git Repository](https://github.com/FIWARE/credentials-config-service) | [quay.io](https://quay.io/repository/fiware/credentials-config-service) | :books: [Documentation](https://github.com/FIWARE/credentials-config-service/blob/main/README.md) | +| --- | --- | --- | + ### What is the Credentials Config Service ? The Credentials Config Service manages and provides information about services and the credentials they are using. It returns @@ -367,8 +382,8 @@ certain service. In an DSBA-compliant framework, a Verifier is responsible to communicate with wallets and verify the credentials they provide. To get this done, it needs information about: -- the credentials to be requested from a wallet -- the credentials and claims an issuer is allowed to issue +- the credentials to be requested from a wallet +- the credentials and claims an issuer is allowed to issue To do so, it requires a service that provides such information @@ -381,6 +396,9 @@ To do so, it requires a service that provides such information ![](https://img.shields.io/github/last-commit/FIWARE/trusted-issuers-registry) ![](https://img.shields.io/github/tag/FIWARE/trusted-issuers-registry.svg) +| :octocat: [Git Repository](https://github.com/FIWARE/trusted-issuers-registry) | [quay.io](https://quay.io/repository/fiware/trusted-issuers-registry) | :books: [Documentation](https://github.com/FIWARE/trusted-issuers-registry/blob/main/README.md) | +| --- | --- | --- | + ### What is the Trusted Issuers Registry ? The Trusted Issuers Registry provides both an EBSI Trusted Issuers Registry implementation and an iShare implementation. From 6148fdb977ea1c16e6707e3d4e095471f85f6595 Mon Sep 17 00:00:00 2001 From: Jason Fox Date: Mon, 3 Jul 2023 19:04:37 +0200 Subject: [PATCH 6/7] Add Data Spaces Security Components --- README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/README.md b/README.md index 5b8c46cf4..7f8580cf8 100644 --- a/README.md +++ b/README.md @@ -323,6 +323,19 @@ The following is a list of Generic Enablers under incubation within the area of [SCIM v1.1](https://developer.okta.com/docs/reference/scim/scim-11/) standard - [Keystone SPASSWORD](https://github.com/telefonicaid/fiware-keystone-spassword) is an OpenStack Keystone extension that enables extra security checks over user passwords +- [Trusted Issuers List Service](https://github.com/FIWARE/trusted-issuers-list) provides an EBSI Trusted Issuers Registry + implementation to act as the Trusted-List-Service in the DSBA Trust and IAM Framework. +- [DSBA PDP](https://github.com/FIWARE/dsba-pdp) is a Policy-Desicion Point, evaluating Json-Web-Tokens + containing VerifiableCredentials in an DSBA-compliant way. It also supports the evaluation in the context of i4Trust. +- [VC-Verifier](https://github.com/FIWARE/VCVerifier) provides the necessary endpoints to offer SIOP-2/OIDC4VP + compliant authentication flows. It exchanges VerfiableCredentials for JWT, that can be used for authorization and authentication +- [Keycloak VC-Issuer](https://github.com/FIWARE/keycloak-vc-issuer) is a plugin for Keycloak to support SIOP-2/ OIDC4VP + clients and issue VerifiableCredentials through the OIDC4VCI-Protocol to compliant wallets. +- [Credentials Config Service](https://github.com/FIWARE/credentials-config-service) manages and provides information about + services and the credentials they are using. It returns the scope to be requested from the wallet per service and the credentials + and issuers that are considered to be trusted for a certain service. +- [Trusted Issuers Registry](https://github.com/FIWARE/trusted-issuers-registry) provides both an EBSI Trusted Issuers + Registry implementation and an iShare implementation. Further information can be found on dedicated pages linked to [Context Data/API Management](./api-management/README.md), [Publication and Monetization](./data-publication/README.md) and [Security](./security/README.md) From 81c9661b98229050a6b89e976ba70a87e87893d0 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Mon, 3 Jul 2023 17:14:28 +0000 Subject: [PATCH 7/7] Update Submodules --- core/stellio | 2 +- iot-agents/iotagent-node-lib | 2 +- iot-agents/open-vidu | 2 +- security/dsba-pdp | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/core/stellio b/core/stellio index bb9617bad..3f70c9101 160000 --- a/core/stellio +++ b/core/stellio @@ -1 +1 @@ -Subproject commit bb9617bad6cf1059802635492327f27594413b65 +Subproject commit 3f70c9101e590dc1f6b19606c9b452aeede40f6d diff --git a/iot-agents/iotagent-node-lib b/iot-agents/iotagent-node-lib index 0ab531d30..fdccc9eb0 160000 --- a/iot-agents/iotagent-node-lib +++ b/iot-agents/iotagent-node-lib @@ -1 +1 @@ -Subproject commit 0ab531d30587d6d7415b770e0f9072fce3f910d0 +Subproject commit fdccc9eb054c80638b03ab46832ca391de092868 diff --git a/iot-agents/open-vidu b/iot-agents/open-vidu index 6bf48078a..ddc4bdfda 160000 --- a/iot-agents/open-vidu +++ b/iot-agents/open-vidu @@ -1 +1 @@ -Subproject commit 6bf48078a58efb388c5ffaad6c718f7ec9ee4f1e +Subproject commit ddc4bdfdacffe1db2afeaf21f0b0a9a82a9bff9b diff --git a/security/dsba-pdp b/security/dsba-pdp index b03fb3fb7..04e8d3166 160000 --- a/security/dsba-pdp +++ b/security/dsba-pdp @@ -1 +1 @@ -Subproject commit b03fb3fb70e9fc25dd031c43dcd4c5b77382aecf +Subproject commit 04e8d3166c94b27b8f4b818de0eca77797d5bef9