EUDIW pilot setup

Description

This page describes a Digital Identity wallet interoperability lab setup. Including the components used in the lab and APIs that needs to be followed to connect to the lab.

Interoperability lab

Overview of the wallet ecosystem
DC4EU issuer and verifier architecture
DC4EU interoperability lab

Supporting documentation

DC4EU Open Source Architecture

Interoperabilitylab guide

Component setup documentation

Lab components 

Wallets

• wwWallet - https://demo.wwwallet.org/login
• DC4EU instance of wwWallet - https://wallet.dc4eu.eu/login
• EUDIW Reference Implementation - https://github.com/eu-digital-identity-wallet/.github/blob/main/profile/reference-implementation.md

Issuers

• DC4EU generic issuer
  • Credential constructor and datastore
    • Development https://github.com/dc4eu/vc
    • Testing and piloting https://github.com/dc4eu/vc_up_and_running

Verifiers

• Under development

Trust frameworks

• OpenID federation - https://github.com/rohe/fedservice

APIs

• Authentic source <-> Issuer/Datastore Rest API - https://github.com/dc4eu/vc/tree/main/standards
  • Live setup https://vc-test-1.sunet.se/datastore/swagger/index.html#/

Setup steps

Openid federation

 https://github.com/rohe/fedservice

• Copy https://github.com/mikaelfrykholm/fedservice/blob/master/dc4eu_federation/bootstrap-dockers.sh
• If you don't want to build your own container we have one at docker.sunet.se/fedservice
• Copy https://github.com/mikaelfrykholm/fedservice/blob/master/docker/docker-compose.yml
• Generate or acquire the local certificates.
• Start all the dockers with docker compose up
• Configure the services with ./bootstrap-dockers.sh

Credential Issuer

• Connecting a wallet to Sunets Satosa
• Configure SaToSa with a backend for user verification
  • Docker image used is : docker.sunet.se/satosa:wallet
• Configure a frontend according to info in https://github.com/rohe/satosa-openid4vci/tree/main/openid4vci_oidc
  
  • Get trust_anchor.json from the bootstrap-dockers.sh run. And add to satosa config. 
  • docker run --rm -i -v .:/workdir -v ./trust_mark_issuer:/trust_mark_issuer --entrypoint python3 docker.sunet.se/fedservice:latest fedservice/dc4eu_federation/create_trust_mark.py -d /trust_mark_issuer -m http://dc4eu.example.com/EHICCredential/se -e https://satosa-test-1.sunet.se to create Trust Mark 1
  • docker run --rm -i -v .:/workdir -v ./trust_mark_issuer:/trust_mark_issuer --entrypoint python3 docker.sunet.se/fedservice:latest fedservice/dc4eu_federation/create_trust_mark.py -d /trust_mark_issuer -m http://dc4eu.example.com/PDA1Credential/se -e https://satosa-test-1.sunet.se to create Trust Mark 2
  • docker run --rm -i -v .:/workdir -v ./trust_anchor:/trust_anchor --entrypoint python3 docker.sunet.se/fedservice:latest fedservice/dc4eu_federation/add_info.py -s /trust_anchor/ci.json -t  workdir/trust_anchor/subordinates" to import the satosa credential issuer into federation that was constructed in here

Endpoints

Note: There is also a system up and running with the name openidfed-dev-1.sunet.se and satosa-dev-1.sunet.se. Those are meant for testing out new non-verified configurations.

Trust Anchor Keys

{"https://openidfed-test-1.sunet.se:7001": {"keys": [{"kty": "RSA", "use": "sig", "kid": "UFpoajluZU42dTNUUXo5RnhBVEJnRk9JY2N
tU1JKdlVYUk1RUFRyVkFFRQ", "n": "p9S2whcSjmBdxerp80tIJreUUmZiGNGXIocJlNjx9pgD5_WD2l6mBNuEZMpP-QUB_TSV3VesNiqmOdydGp1wkfQ-NmVdo
so29FjEdgrckLIwirAVmVQ6bGQQnXJrR56mRz0QqENi11vVpbDj6hsprxK1EZBQL-sQ2kem289B_BCNT-NvwVHrYJlaQA32z7cs1a7W8wt9eLxA10PeiYMgDVU_69
wKBw4YrjjozOHKMRGchUQEjQhfSZfk49bip_5TNz4dmBmSCIbdE2yilFrfRSNrh7q2myuyDE3k2QZbSOXXGGT1LtHO74WIY58v-M3A7_zxp0f2Eo9ZD3N4h-InIw"
, "e": "AQAB"}, {"kty": "EC", "use": "sig", "kid": "Nm82cTJKMDkydXhxOUMtTm0teFpMWlZiR0ZVa2U3YVVtbkJTV3hBd3FqOA", "crv": "P-25
6", "x": "69XlQkKYfWJDXAv_Vbrqyfz9gfAhu1qQ4mtLde18-Cg", "y": "ntBwdhy4_cS2PRBS-xdKkNwcO1yQP8TdoOHbHN9Yjv8"}]}}