# Rules Engine ## Goals: * Support multiple types of rules * Each rule needs to operate by itself * Rules can also link together * Rules should be linked to roles ## A Real Workflow: ### Holder connects to health_issuer ```json! { name: "connect-holder-health-issuer", role: ["holder"], // Do we need this role or is it mapped in privileges? Array initial: "true", type: "action", data: { protocol: "https://didcomm.org/connections/1.0/", startmessage: "invitation" }, next: { success: "validate-identity-information", error: "some-kind-of-error-handler..." } } ``` ### health_issuer requests id proof from holder ```json! { name: "validate-identity-information", role: "issuer", initial: "true", type: "action", data: { protocol: "https://didcomm.org/present-proof/1.0/", startmessage: "request-presentation", presentation_definition: "http://localhost:3100/api/presentation-exchange-for-identity-proof" }, next: "decision-country-of-origin" } ``` ### health_issuer make descision based on an input ```json! { name: "decision-country-of-origin", role: ["travel-issuer"], type: "decision", data: { input_name: "country_of_origin", options: [ { values: ["US","Canada"], next: "reject-country" }, { values: ["Germany","Belgium"], next: "select-health-credentials" } ] }, next: { success: "select-health-credentials", error: "some-kind-of-error-handler..." } } ``` ### health_issuer issues health credentials ```json! { name: "select-health-credentials", role: "issuer", type: "decision", data: { input_name: "requested_health_credential", options: [ { value: "lab_result", next: "issue-lab-result" }, { value: "exemption", next: "issue-exemption" }, { value: "vaccination", next: "issue-vaccination" } ] } } ``` ### health_issuer issues lab result ```json! { name: "issue-lab-result", role: "issuer", type: "action", data: { schema: "RuuJwd3JMffNwZ43DcJKN1:2:Lab_Result:1.4", protocol: "https://didcomm.org/issue-credential/1.0/", startmessage: "offer-credential", presentation_definition: "http://localhost:3100/api/presentation-exchange-for-identity-proof", }, next: "request-health-proof" } ``` ### Holder responds with id presentation to health_issuer ```json! { name: "present-identity-information", role: "holder", type: "action", data: { //protocol: "https://didcomm.org/issue-credential/1.0/", //startmessage: "offer-credential", schema: "RuuJwd3JMffNwZ43DcJKN1:2:Trusted_Traveler:1.4", presentation_definition: "http://localhost:3100/api/presentation-exchange-for-identity-proof" }, next: "request-health-proof" } ``` ### health_issuer requests health proof from holder ```json! { name: "request-health-proof", role: "holder", initial: "true", type: "action", data: { //protocol: "https://didcomm.org/issue-credential/1.0/", //startmessage: "offer-credential", schema: "RuuJwd3JMffNwZ43DcJKN1:2:Trusted_Traveler:1.4", presentation_definition: "http://localhost:3100/api/presentation-exchange-for-identity-proof", }, next: "present-health-proof" } ``` ### Holder responds with health presentation to health issuer + additional data ```json! { name: "present-health-proof", role: "holder", type: "action", data: { //protocol: "https://didcomm.org/issue-credential/1.0/", //startmessage: "offer-credential", schema: "RuuJwd3JMffNwZ43DcJKN1:2:Trusted_Traveler:1.4", presentation_definition: "http://localhost:3100/api/presentation-exchange-for-identity-proof", }, next: "decision-country-of-origin" } ``` ### Helath issuer handle country rejection ```json! { name: "reject-country", role: "holder", type: "action", data: { //protocol: "https://didcomm.org/issue-credential/1.0/", //startmessage: "offer-credential", schema: "RuuJwd3JMffNwZ43DcJKN1:2:Trusted_Traveler:1.4", presentation_definition: "http://localhost:3100/api/presentation-exchange" }, next: "what_is_next?" } ``` ### health_issuer verifies health proof presentation ```json! { name: "verify-health-credential", role: "traveler-issuer", type: "action", data: { protocol: "https://didcomm.org/present-proof/1.0/", startmessage: "request-presentation", presentation_definition: "http://localhost:3100/api/presentation-exchange" }, next: { success: "validate-health-credential", error: "some-kind-of-error-handler..." } } ``` ### health_issuer validates health credential data ```json! { name: "validate-health-credential", role: "traveler-issuer", type: "action", data: { presentation_definition: "http://localhost:3100/api/presentation-exchange" }, next: { success: "issue-trusted-traveler-credential", error: "some-kind-of-error-handler..." } } ``` ### health_issuer issues trusted traveler ```json! { name: "issue-trusted-traveler", role: "traveler-issuer", initial: "true", type: "action", data: { protocol: "https://didcomm.org/issue-credential/1.0/", startmessage: "offer-credential", schema: "RuuJwd3JMffNwZ43DcJKN1:2:Trusted_Traveler:1.4", }, } ``` ```json! //{ //name: "verify-identity", //role: "holder", //type: "action", //data: { //protocol: "https://didcomm.org/issue-credential/1.0/", //startmessage: "offer-credential", //schema: "RuuJwd3JMffNwZ43DcJKN1:2:Trusted_Traveler:1.4", //presentation_definition: "http://localhost:3100/api/presentation-exchange" //}, //next: "issue_trusted_traveler" //} ``` ```json! { "next": [ { "issuer-validate-proof": { // Happy path "when": [ "connection_success" ] } }, { "reject-connection": { // Unhappy path "when": "connection_error" } } ] } } ``` health-issuer request identity information holder provide identity information ```json! { name: "verify-identity-information", role: "health-issuer", type: "decision", data: { "content": [ "passport", "demographics" ] }, next: "collect-credential-information" } ``` health-issuer approves identity information health-issuer collects credential information health-issuer issues credential holder accepts credential holder connects to travel issuer ## Updated and Beautified ```json! { "rules-engine": [ // Holder connects to health_issuer { "name": "connect-holder-health-issuer", "role": [ "holder" ], "initial": true, "type": "protocol", "details": { "protocol": "https://didcomm.org/connections/1.0/", "startmessage": "invitation" }, "next": { "success": "validate-identity-information", "error": "some-kind-of-error-handler..." } }, // health_issuer requests id proof from holder { "name": "validate-identity-information", "role": [ "issuer" ], "initial": true, "type": "protocol", "data": { "protocol": "https://didcomm.org/present-proof/1.0/", "startmessage": "request-presentation", "presentation_definition": "http://localhost:3100/api/presentation-exchange-for-identity-proof" }, "next": { "success": "decision-country-of-origin", "error": "some-kind-of-error-handler..." } }, // health_issuer make descision based on an input { "name": "decision-country-of-origin", "role": [ "issuer" ], "type": "decision", "data": { "input_name": "country_of_origin", "options": [ { "values": [ "US", "Canada" ], "next": "reject-country" }, { "values": [ "Germany", "Belgium" ], "next": "select-health-credentials" } ] }, "next": { "success": "select-health-credentials", "error": "some-kind-of-error-handler..." } }, // health_issuer issues health credentials { "name": "select-health-credentials", "role": [ "issuer" ], "type": "decision", "data": { "input_name": "requested_health_credential", "options": [ { "values": ["lab_result"], "next": "validate-lab-result" }, { "values": ["exemption"], "next": "validate-exemption" }, { "values": ["vaccination"], "next": "validate-vaccination" } ] }, // Do we need a default here? Would/could that be only an error? "next": { "success": "lab_result", "error": "some-kind-of-error-handler..." } }, // health_issuer issues lab result { "name": "issue-lab-result", "role": [ "issuer" ], "type": "protocol", "data": { "schema": "RuuJwd3JMffNwZ43DcJKN1:2:Lab_Result:1.4", "protocol": "https://didcomm.org/issue-credential/1.0/", "startmessage": "offer-credential" }, "next": { "success": "request-health-proof", "error": "some-kind-of-error-handler..." } }, // health_issuer issues issue_exemption { "name": "issue-exemption", "role": [ "issuer" ], "type": "protocol", "data": { "schema": "RuuJwd3JMffNwZ43DcJKN1:2:Exemption:1.4", "protocol": "https://didcomm.org/issue-credential/1.0/", "startmessage": "offer-credential" }, "next": { "success": "request-health-proof", "error": "some-kind-of-error-handler..." } }, // health_issuer issues lab result { "name": "issue-vaccination", "role": [ "issuer" ], "type": "protocol", "data": { "schema": "RuuJwd3JMffNwZ43DcJKN1:2:Vaccination:1.4", "protocol": "https://didcomm.org/issue-credential/1.0/", "startmessage": "offer-credential" }, "next": { "success": "request-health-proof", "error": "some-kind-of-error-handler..." } }, // health_issuer requests lab health proof { "name": "request-health-proof", "role": [ "issuer" ], "initial": "true", "type": "protocol", "data": { "protocol": "https://didcomm.org/issue-credential/1.0/", "startmessage": "request-presentation", "presentation_definition": "http://localhost:3100/api/presentation-exchange" }, "next": { "success": "verify-health-credential", "error": "some-kind-of-error-handler..." } }, // health_issuer verifies health credential { "name": "verify-health-credential", "role": [ "issuer" ], "type": "protocol", "data": { "protocol": "https://didcomm.org/present-proof/1.0/", "startmessage": "request-presentation", "presentation_definition": "http://localhost:3100/api/presentation-exchange" }, "next": { "success": "validate-health-credential", "error": "some-kind-of-error-handler..." } }, // health_issuer validates health credential { "name": "validate-health-credential", "role": [ "issuer" ], "type": "protocol", "data": { "presentation_definition": "http://localhost:3100/api/presentation-exchange" }, "next": { "success": "issue-trusted-traveler", "error": "some-kind-of-error-handler..." } }, // health_issuer issues trusted traveler { "name": "issue-trusted-traveler", "role": [ "issuer" ], "initial": "true", "type": "protocol", "data": { "protocol": "https://didcomm.org/issue-credential/1.0/", "startmessage": "offer-credential", "schema": "RuuJwd3JMffNwZ43DcJKN1:2:Trusted_Traveler:1.4" } }, // health_issuer rejects country of origin // Should we reject country with an error or something else? { "name": "reject-country", "role": [ "travel-issuer" ], "type": "protocol", "data": { "protocol": "https://didcomm.org/basic-message/1.0/", "startmessage": "send-message", "content": "We're sorry, your country is not approved for entry by the government of Aruba" } }, { "name": "submit-payment", "role": [ "point-of-sale" ], "type": "api", "data": { "api": "https://paymentmagic.com", "method": "POST", "attributes": [ "customer_name", "customer_date_of_birth", "customer_billing_address", "customer_shipping_address", "credit_card_number", "credit_card_expiration", "credit_card_security_code" ] } }, ] } ```