Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IATP: extend configuration for multiple trusted issuers #814

Closed
paullatzelsperger opened this issue Oct 6, 2023 · 4 comments
Closed

IATP: extend configuration for multiple trusted issuers #814

paullatzelsperger opened this issue Oct 6, 2023 · 4 comments
Assignees
@wolf4ood
Labels
enhancement New feature or request iatp

Comments

@paullatzelsperger
Copy link
Contributor

paullatzelsperger commented Oct 6, 2023
edited
Loading

WHAT

Currently, a connector can only have one "allowed issuer", i.e. it can only accept credentials created by one entity. In preparation for adopting the Identity And Trust Protocols (IATP), we need to extend this to allow multiple issuers.

WHY

Ultimately, we will have multiple issuers (~operating companies), so we need to prepare for that.

HOW

There are two general ways to approach this:

  1. add the allowed issuers via configuration: this is how we do it currently (with one issuer), and it's by far the easiest way.
  2. download a list of allowed issuers: this raises the difficult question of how the authenticity and integrity of such a list can be verified, and as of now, there is no agreed-upon way of doing that. It may come at a later point in time.

We will go with approach 1 for now.

Specifically, this means that the SsiCredentialIssuerValidationRule now has to be able to deal with a List<String> instead of a String. Configuration-wise, it should just be a comma-separated list.

FURTHER NOTES

  • issuer-IDs are in practice DID's

Please be sure to take a look at
our contribution guidelines and
our PR etiquette.
@paullatzelsperger paullatzelsperger added enhancement New feature or request iatp labels Oct 6, 2023
@github-project-automation github-project-automation bot moved this to Open in EDC Board Oct 6, 2023
@paullatzelsperger
Copy link
Contributor Author

@matgnt FYI

@paullatzelsperger paullatzelsperger self-assigned this Oct 11, 2023
@paullatzelsperger paullatzelsperger mentioned this issue Oct 11, 2023
Closed
@paullatzelsperger
Copy link
Contributor Author

related upstream EDC: eclipse-edc/Connector#3531

@paullatzelsperger paullatzelsperger changed the title SSI: extend configuration for multiple allowed issuers IATP: extend configuration for multiple allowed issuers Oct 11, 2023
@matgnt
Copy link

matgnt commented Oct 11, 2023

Thanks!
I guess you know, but just in case, it seems we need to do this for both settings:

tx.ssi.miw.authority.id=BPNLissuer
tx.ssi.miw.authority.issuer=did:web:dev%3A9000:BPNLissuer

@paullatzelsperger paullatzelsperger changed the title IATP: extend configuration for multiple allowed issuers IATP: extend configuration for multiple trusted issuers Oct 12, 2023
@wolf4ood wolf4ood mentioned this issue Nov 13, 2023
Closed
@wolf4ood
Copy link
Contributor

This will be moved into the upstream implementation

eclipse-edc/Connector#3602

@wolf4ood wolf4ood closed this as not planned Won't fix, can't repro, duplicate, stale Nov 13, 2023
@github-project-automation github-project-automation bot moved this from Open to Done in EDC Board Nov 13, 2023
@matgnt matgnt mentioned this issue Nov 21, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wolf4ood wolf4ood

Labels
enhancement New feature or request iatp
Projects
EDC Board
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: adds support for multiple trusted issuers wolf4ood/tractusx-edc
3 participants
@wolf4ood @matgnt @paullatzelsperger