NGI Sargasso (Call 2) DPP-CRC project (online: https://hackmd.io/rrpChr57TlWwE3qliuzpwg)
# Use Case #0 - Inital Tech Demo
### Description
This initial use case demonstrates creating a digital representation of an EPD (Environmental Product Declaration) compliant with DPP (Digital Product Passport) platform. It includes the following technical components:
<details><summary><strong>Private Data Store</strong> of a Concrete Producer: stores data to generate an EPD</summary>
URL: https://cp-private.data-container.net
```bash
# Credentials
APP_KEY: 5mdPuiwt-H50Ixl2rWRKVPKQMhfdYw5LngK6RwBwZ5c
APP_SECRET: EFV6OgfmFj73XmAI-4ncU41MLjOACwvIU5jtlWXpFtA
```
Github Repo: https://github.com/OwnYourData/dc-cpprivate
Docker Image: https://hub.docker.com/r/oydeu/cp-private
</details>
<details><summary><strong>Data Intermediary</strong>: stores proof (Verifiable Presentation) for Concrete DPP</summary>
URL: https://concrete.go-data.at
```bash
# Credentials
APP_KEY: nENk5CBuUIQy0e24bewN-WJx8w-FkPUekG9oQtx9N-4
APP_SECRET: 1oiPZTxbnQyQnl48QsRR9LlsAPFUUVTV5o4aaqZdOIg
```
Github Repo: https://github.com/OwnYourData/dc-intermediary
Docker Image: https://hub.docker.com/r/oydeu/dc-intermediary
</details>
<details><summary><strong>EPD Calc Tool</strong>: computes EPD and accompanying Zero-Knowledge Proof</summary>
URL: https://epd.ownyourdata.eu
Github Repo: https://github.com/OwnYourData/zk-epd-calc
Docker Image: https://hub.docker.com/r/oydeu/zk-epd-calc
*Steps for manual testing:*
* Create EPD:
```bash=
echo '{"description":"C 25/30/B1","cement":15,"gravel":20,"water":25,"additives":30,"material":"super starker Eco++","factory":"Eggendorf"}' | \
curl -s -H "Content-Type: application/json" -d @- \
-X POST https://epd.ownyourdata.eu/create
```
* Verify EPD:
```bash=
echo '{"description":"C 25/30/B1","factory":"Eggendorf","A13_gwp":165.4,"zkp":"1234abcd"}' | \
curl -s -H "Content-Type: application/json" -d @- \
-X POST https://epd.ownyourdata.eu/verify
```
</details>
<details><summary><strong>Sphereon Mobile Wallet</strong>: signs Verifiable Credential with private key in wallet</summary>
General information: https://sphereon.com/sphereon-products/sphereon-wallet/
Github: https://github.com/Sphereon-Opensource/mobile-wallet/tree/feat/oyd-01
</details>
**Trust Triangle and Identities**
Description of the Triangle of Trust: [Wikipedia](https://en.wikipedia.org/wiki/Verifiable_credentials#Trust_model)
<details><summary><em>Concrete Producer (CP, holder)</em> enters data and signs DPP</summary>
<ul>
<li>uses Sphereon Mobile Wallet for signing data</li>
<li>DID: <code>did:oyd:zQmaS7yYwARSEw3ZEzi5wyfiz78hiBCS9UFaxWstueXxvNU</code><br>(note: will differ based on DID in wallet)</li>
<li>command: <code>echo '' | oydid create --doc-pwd cppwd --rev-pwd cprev -z 1</code></li>
</ul>
</details>
<details><summary><em>Trusted EPD Authority (TA, issuer)</em> calculates EPD and provides ZKP</summary>
<ul>
<li>DID: <code>did:oyd:zQmT26WrFJhgLGsDj2gmWtimAtgvuxpaLuYv3yM9srLqZyL</code><br>(note: will differ based on DID in wallet)</li>
<li>command: <code>echo '' | oydid create --doc-pwd tapwd --rev-pwd tarev -z 1</code></li>
</ul>
</details>
<details><summary><em>Building Owner (BO, verifier)</em> verifies concrete producer's claims in DPP</summary>
<ul>
<li>DID: <code>did:oyd:zQmYsEgetRcnZiAjdChXZcHnUD4YDgVPquEZpAE14Xq55Hh</code></li>
<li>command: <code>echo '' | oydid create --doc-pwd cspwd --rev-pwd csrev -z 1</code></li>
</ul>
</details>
<details><summary><em>Data Intermediary (DI, public repository)</em> stores data, DIDs, VCs, VPs, DPPs</summary>
<ul>
<li>DID: <code>did:oyd:zQmSAxAeWkGDN1xm9eKWq547DTfdFYkgJGjpBs54Q5BqLx8</code></li>
<li>command: <code>echo '' | oydid create --doc-pwd dipwd --rev-pwd direv -z 1</code></li>
</ul>
</details>
**Data Models**
* [`ConcreteMixture`](https://soya.ownyourdata.eu/ConcreteMixture/yaml) - private record stored locally ([edit](https://soya-form.ownyourdata.eu/?schemaDri=ConcreteMixture&data=%7B%7D) | [example](https://soya-form.ownyourdata.eu/?schemaDri=ConcreteMixture&data=%7B%22description%22%3A%22C+25%2F30%2FB1%22%2C%22cement%22%3A15%2C%22gravel%22%3A20%2C%22water%22%3A25%2C%22additives%22%3A30%2C%22material%22%3A%22super+starker+Eco%2B%2B%22%2C%22factory%22%3A%22Eggendorf%22%7D))
* [`zkEPD`](https://soya.ownyourdata.eu/zkEPD/yaml) - Zero-Knowledge Proof for an EPD ([edit](https://soya-form.ownyourdata.eu/?schemaDri=zkEPD) | [example](https://soya-form.ownyourdata.eu/?schemaDri=zkEPD&data=%7B%22description%22%3A%22C+25%2F30%2FB1%22%2C%22factory%22%3A%22Eggendorf%22%2C%22A13_gwp%22%3A165.4%2C%22zkp%22%3A%221234abcd%22%7D))
* [`ConcreteDPP`](https://soya.ownyourdata.eu/ConcreteDPP/yaml) - record with all data to generate DPP ([edit](https://soya-form.ownyourdata.eu/?schemaDri=ConcreteDPP) | [example](https://soya-form.ownyourdata.eu/?schemaDri=ConcreteDPP&data=%7B%22date%22%3A%222024-05-29%22%2C%22epd%22%3A%7B%22description%22%3A%22C+25%2F30%2FB1%22%2C%22factory%22%3A%22Eggendorf%22%2C%22A13_gwp%22%3A165.4%2C%22zkp%22%3A%221234abcd%22%7D%2C%22volume%22%3A1.5%7D))
## Walk-Through
Video recording: https://www.loom.com/share/2b307008a7d24375a8d8f8aa7ee55faa
### Sequence Diagram
```plantuml
@startuml
actor "Concrete\nProducer" as cp
participant "Mobile\nWallet" as wallet
database "Data\nIntermediary" as disp
database "Private\nStore" as store
collections "EPD\nCalculator" as epd
actor "Building\nOwner" as owner
cp -> store: enter ConcreteMixture
cp --> store: trigger EPD calculation
store -> epd: send ConcreteMixture
epd -> store: store zkEPD
cp --> store: trigger DPP creation
cp o//-- store: show QR code
cp --> wallet: scan QR code
wallet -> store: request ConcreteDPP VC
wallet -> wallet: prepare ConcreteDPP VP
cp --> wallet: confirm signature
wallet -> store: provide signature for ConcreteDPP VP
store -> store: create DPP from EPD\nsigned by CP
store -> disp: publish DPP & VP
store --> cp: make DID for DPP available
cp --> owner: share DID
owner -> disp: request ConcreteDPP from DID
owner -> epd: validate zkEPD\n(from ConcreteDPP)
@enduml
```
### Steps
1) CP logs into private data store
* url: https://cp-private.data-container.net/
App Key: `5mdPuiwt-H50Ixl2rWRKVPKQMhfdYw5LngK6RwBwZ5c`
App Secret: `EFV6OgfmFj73XmAI-4ncU41MLjOACwvIU5jtlWXpFtA`
2) CP creates new record for a `ConcreteMixture`
* **output:** new record
example link: https://cp-private.data-container.net/?itemId=95
3) CP triggers "Generate EPD" for a "ConcreteMixture" record
* **input:** record of structure `ConcreteMixture`<br><br>
* **output:** `zkEPD` record
example link: https://cp-private.data-container.net/?itemId=96
* **output:** `ConcreteDPP` record
example link: https://cp-private.data-container.net/?itemId=97
4) CP triggers "Publish DPP" for an "ConcreteDPP" record
* **input:** record of structure `ConcreteDPP`
* enter date+volume
* click "Publish DPP" to show page with QR Code
* CP scans QR Code (referencing EPD-VC) with wallet
* CP clicks "show Digital Product Passport"
* display page with DID<br><br>
* **outptut:** updated `ConcreteDPP` record with DID and link to VP
example link: https://cp-private.data-container.net/?itemId=97
* DID: [`did:oyd:zQmQht8RJD6vx7nDvqjL8fdYPrTBJvDJui5oQVbW6cYJTw3`](https://dev.uniresolver.io/#did:oyd:zQmQht8RJD6vx7nDvqjL8fdYPrTBJvDJui5oQVbW6cYJTw3)
* Verifiable Presentation: <br><span style="font-size:11px">[`https://concrete.go-data.at/presentations/zQmboVisouVKVfB1PduFgsGq4LCZWAY56x3ScXxMukgFdLs`](https://concrete.go-data.at/presentations/zQmboVisouVKVfB1PduFgsGq4LCZWAY56x3ScXxMukgFdLs)</span>
5) BO verifies DPP
* resolve DID and download data from service endpoint
* perform the following checks:
* integrity of Verifiable Presentation
```bash=
curl -s https://concrete.go-data.at/presentations/zQmboVisouVKVfB1PduFgsGq4LCZWAY56x3ScXxMukgFdLs | \
oydid vp-verify
```
* proof of correct calculation of GWP (global warming potential) using ZKP (Zero-Knowledge Proof)
```bash=
curl -s https://concrete.go-data.at/presentations/zQmboVisouVKVfB1PduFgsGq4LCZWAY56x3ScXxMukgFdLs| \
jq '.verifiableCredential[0].credentialSubject.epd' | \
curl -s -H "Content-Type: application/json" -d @- \
-X POST https://epd.ownyourdata.eu/verify
```
## Learnings & Planned Improvements
**Domain-specific Findings**
* check input data for correct units and format
--> demo to domain experts
* review algorithm to calculate GWP (global warming potential)
--> use demo in upcoming interviews to validate and improve algorithm
* User Interface for data management is a prototype and too technical
--> planned integration with Sphereon's Online Wallet & DPP Platform
**Technical Findings**
* increase number of testers that run use case
--> provide Sphereon Wallet via APK for Android and via TestFlight for iPhone
* building the customized Sphereon Wallet with `did:oyd` support is hard
--> add `did:oyd` support to Veramo ([PR available](https://github.com/decentralized-identity/veramo/pull/1388)) and subsequently to Sphereon Wallet
* ZKP Calculation is slow and needs better integration into the overall process
--> redesign interface to invoke and retrieve result from OYD infrastructure
* access to data stores through key & secret is not user-friendly
--> support OID4VP to login via QR Code and Credential in mobile wallet
* current DPP representation is bare minimum with only reference to VP
--> research more elaborate versions from other existing DPP solutions