Scope of Sphereon collaboration in NGI Sargasso, DPP-CRC -- this document is public! ## Verifiable Credentials / Presentations * **create signature for a given payload with private key in wallet (used in creating VCs / VPs)** * *background:* a webservice needs to generate a complex verifiable credential (e.g., a data agreement to be signed by multiple parties); right now we do this on the commandline with a local available prviate key - [example](https://chats.go-data.at/presentations/zQmbAJWhqBTb32xqnotUyGcTuMuXNxFjaeCapBT7RHVMqfV), [full process](https://hackmd.io/Z8iuJGeYRLynxWPS7JpLwg?view) * *requirement:* connect to mobile wallet (through QR code) or online wallet (API endpoint), send a payload (`credentialSubject` or `verifiableCredential`) and receive back the signature (`proofValue`) using `type: Ed25519Signature2020` ## Online Wallet with DPP Functionality * **managing entities in the online wallet** * *scope:* the following entities are relevant for our project * Assets: public of private records in a Semantic Container (an asset will be basically a DID with a service enpoint to the actual record but might include additional data: provenance trail); Assets might also be the Digital Product Passports, i.e., a list of DIDs * Contacts: see below "integrate user management" * Credentials: a list of all Verifiable Credentials and Verifiable Presentations for the logged in user (right now we store VCs and VPs in out Semantic Containers) * Documents: PDFs that are used in the process and can be linked to Assets through a URI (and optionally their hash value) * *requirement:* API for CRUD operations on entities * the list of assets/contacts/credentials/documents is maintained in the online wallet but data can be stored in Semantic Containers * support in providing "hooks" in those entities: I can imagine that this is a button that triggers a REST endpoint to perform some operation (to be discussed!) * *note:* we currently don't foresee to use Workflows * **integrate user management** * *background:* we are building a Data Intermediary based on the [Gateway component](https://www.ownyourdata.eu/en/babelfish/) developed in NGI ONTOCHAIN * *requirement:* provide API endpoints in Online Wallet for CRUD operations to sync the organisations and users available in the Data Intermediary with Contacts * **delegate functionality** * *background:* for our use case we want to demonstrate that a representative of an organisation (e.g. truck driver) can sign on behalf of the organisation (e.g., concrete producer) * *note:* the `did:oyd` method already supports natively DID Delegation: https://www.ownyourdata.eu/en/did-delegation/ but it does so through requiring the recipient to verify the delegation - it would be nice to move this to issuing step (in the online wallet) so that the receiver only gets a signature of the company * *requirement:* support delegation for issuing VCs within the hierarchy of contacts ## Administrative * setup bi-weekly meetings (every 2 weeks) in sync with Sphereon's sprint schedule where we discuss the current status and ask for support or implementations in the upcoming sprint * provide docker images to run online wallet local (developer setup) * no online service shall be necessary to run the setup (i.e., it must work on a local network with no internet access) * Data Intermediary authenticates via OAuth 2.0 using the Client Credentials Grant * we plan to use only `did:oyd` as DID method - https://ownyourdata.github.io/oydid/ * in the course of the project we want to get `did:oyd` integrated into the official Veramo package (nice-to-have) * in the scope of this collaboration for the NGI Sargasso project: everything that OwnYourData implements is open source under the MIT License; all implementations from Sphereon that are used (already existing or developed in the course of this collaboration) are also open source and don't require any additional license fees ## Additional Information #### Links: * DPP Demo: https://www.youtube.com/watch?v=zK0cDcn0Nag