This repository contains an implementation for the Decentralized Claims Protocol (DCP) specification. In short, IdentityHub contains multiple VerifiableCredentials and makes them available to authorized parties as VerifiablePresentations. It also receives VerifiableCredentials issued by an issuer and stores them. Convenience features like automatic credential renewal and re-issuance are also included. This functionality is sometimes referred to as "wallet".
IdentityHub makes heavy use of EDC components for core functionality, specifically those of the connector for extension loading, runtime bootstrap, configuration, API handling etc., while adding specific functionality using the EDC extensibility mechanism.
Here, developers find everything necessary to build and run a basic "vanilla" version of IdentityHub.
Base documentation can be found on the documentation website.
Developer documentation can be found under docs/developer,
where the main concepts and decisions are captured as decision records.
Older versions of IdentityHub (in particular <= 0.3.1 ) must not be used anymore, as they were intended for proof-of-concept purposes only and may contain significant security vulnerabilities (for example missing authn/authz on the API) and possibly others. Please always use the latest version of IdentityHub.
A basic launcher configured with in-memory stores (i.e. no persistent storage) can be found here. There are two ways of running IdentityHub:
- As native Java process
- Inside a Docker image
./gradlew :launcher:identityhub:shadowJar
Once the jar file is built, IdentityHub can be launched using this shell command:
java -Dweb.http.presentation.port=10001 \
-Dweb.http.presentation.path="/api/presentation" \
-Dweb.http.port=8181 \
-Dweb.http.path="/api" \
-Dweb.http.identity.port=8182 \
-Dweb.http.identity.path="/api/identity" \
-Dedc.ih.api.superuser.key="c3VwZXItdXNlcgo=c3VwZXItc2VjcmV0Cg==" \
-jar launcher/identityhub/build/libs/identity-hub.jar
this will expose the Presentation API at http://localhost:10001/api/presentation
and the Identity API
at http://localhost:8191/api/identity
. More information about IdentityHub's APIs can be
found here
docker build -t identity-hub ./launcher/identityhub
docker run --rm --name identity-hub \
-e "WEB_HTTP_PRESENTATION_PORT=10001" \
-e "WEB_HTTP_PRESENTATION_PATH=/api/presentation/" \
-e "WEB_HTTP_PATH=/api" \
-e "WEB_HTTP_PORT=8181" \
-e "WEB_HTTP_IDENTITY_PORT=8182" \
-e "WEB_HTTP_IDENTITY_PATH=/api/identity" \
-e "EDC_IH_API_SUPERUSER_KEY=c3VwZXItdXNlcgo=c3VwZXItc2VjcmV0Cg==" \
identity-hub:latest
Key architectural concepts are outlined here.
IdentityHub's module structure and key SPIs is described here.
Please note that some classes or functionalities mentioned there may not yet have been implemented, for example automatic credential renewal.
IdentityHub exposes several APIs that are described in more detail here.
- Implementation of the Credential Issuance Protocol
- Support for VC Presentation Definition
- Support for VC Data Model 2.0
- Decentralized Claims Protocol (DCP): https://projects.eclipse.org/projects/technology.dataspace-dcp
- VerifiableCredentials Data Model: https://www.w3.org/TR/vc-data-model/ (currently supported) and https://www.w3.org/TR/vc-data-model-2.0/ (planned)
- EDC Connector: https://github.com/eclipse-edc/Connector
See how to contribute.