Skip to content

Latest commit

 

History

History
466 lines (340 loc) · 15.2 KB

README.md

File metadata and controls

466 lines (340 loc) · 15.2 KB
Shows a Procivis One Core black logo in light color mode and a white one in dark color mode.

Table of Contents

The Procivis One Core is a robust solution capable of powering every element of the digital identity credential lifecycle, flexibly handling a broad array of different protocols and trust models, ensuring compatibility with different digital identity regulations, and can be installed and operated almost anywhere, ensuring seamless integration through a powerful API.

Procivis One is built to connect your organization to the SSI ecosystem, become compatible with regulations such as eIDAS 2.0, and be extensible as new regulations and requirements emerge.

See the key features and complete solution architecture.

Getting started

Trial

The fastest way to get started with Procivis One is to join our Trial Environment. Here you are given control of an organization on our server solution, the Procivis One Desk, and can quickly begin issuing and verifying credentials.

Documentation

See our documentation:

Build

You can build the project with cargo build as well as build certain target using cargo-make. Cargo-make will include dev.env file in the runtime. This makes env config convenient and create an opportunity to document used variables in one place.

Install cargo-make

cargo install cargo-make

Build REST server

makers build

Run REST server

makers run

We can use Makefile.toml to add and fine tune build/run targets later in the project.

Tests

To run only the unit tests

cargo test --lib
# or
makers unit-tests

To run integration-tests

cargo test --test integration_tests
# or
makers integration-tests

To run integration-tests with MariaDB

makers dbstart
ONE_app__databaseUrl="mysql://root:Qpq5nDb5MKD6v9bt8dPD@localhost/core" makers integration-tests

Run Wallet

You can start a separate instance of a service that will play wallet role. This instance is accessible on port 3001.

makers runwallet

Live Reload

Using cargo-watch, the code can be automatically recompiled when changes are made.

Setup

cargo install cargo-watch

Run the REST server

makers runw

Run compiled application (Local env)

./target/debug/core-server --config config/config-procivis-base.yml --config config/config-local.yml

Docker

  • Run MariaDB for local developing
docker compose -f docker/db.yml up -d
or
makers dbstart
  • Stop MariaDB for local developing
docker compose -f docker/db.yml down
or
makers dbstop
  • Drop MariaDB for local developing - removes everything
makers dbdrop
  • Print MariaDB logs
docker compose -f docker/db.yml logs -f
  • Build project
docker build -t one-core -f docker/Dockerfile .
  • Run project on Windows or Mac
docker run --init -p 3000:3000 -it --rm \
  -e RUST_BACKTRACE=full \
  -e ONE_app__databaseUrl=mysql://core:[email protected]/core \
  one-core --config config/config-procivis-base.yml --config config/config-local.yml
  • Run project on Linux
docker run --init -p 3000:3000 -it --rm \
  -e RUST_BACKTRACE=full \
  -e ONE_app__databaseUrl=mysql://core:[email protected]/core \
  one-core --config config/config-procivis-base.yml --config config/config-local.yml
  • Run shell in the container
docker run -it --rm --entrypoint="" one-core bash

SBOM

Source:

sudo curl -L https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.25.0/cyclonedx-linux-x64 -o /usr/local/bin/cyclonedx-cli
sudo chmod +x /usr/local/bin/cyclonedx-cli
  • Install cyclonedx
cargo install cargo-cyclonedx
  • Generate JSON format
cargo cyclonedx -f json
  • Prepare env
export DEPENDENCY_TRACK_BASE_URL=https://dtrack.dev.one-trust-solution.com
export DEPENDENCY_TRACK_API_KEY="<api_key>"
export DEPENDENCY_TRACK_PROJECT_NAME="ONE-Core"

export D_TRACK_PATH=${DEPENDENCY_TRACK_BASE_URL}/api/v1/bom
export SBOM_FILE_PATH="apps/core-server/bom.json"
export APP_VERSION="local-test-1"
  • Upload JSON BOM file
file_content=$(base64 -i merged_sbom.json)

curl -v -X PUT \
  -H "Content-Type: application/json" \
  -H "X-API-Key: ${DEPENDENCY_TRACK_API_KEY}" \
  --data @- ${D_TRACK_PATH} <<EOF
{
  "projectName": "${DEPENDENCY_TRACK_PROJECT_NAME}",
  "projectVersion": "${APP_VERSION}",
  "autoCreate": true,
  "bom": "${file_content}"
}
EOF
  • Merge all SBOM files to one
FILES="apps/core-server/bom.json apps/migration/bom.json lib/one-core/bom.json lib/shared-types/bom.json lib/sql-data-provider/bom.json platforms/uniffi/bom.json platforms/uniffi-bindgen/bom.json"
cyclonedx-cli merge --input-files ${FILES} --input-format=json --output-format=json > merged_sbom.json

Testing

Run tests
cargo llvm-cov --no-clean --workspace --release --ignore-filename-regex=".*test.*\.rs$|tests/.*\.rs$"
Generate report
  • Cobertura
cargo llvm-cov report --release --cobertura --output-path cobertura.xml
  • Lcov
cargo llvm-cov report --release --lcov --output-path lcov.info

Migration

Generate new migration
  • Using Sea-ORM CLI
makers generate_migration description_of_new_migration

Background

Decentralized digital identities and credentials is an approach to identity that relocates digital credentials from the possession and control of centralized authorities to the digital wallet of the credentials holder. This architecture eliminates the need for the user to "phone home" to use their credentials as well as the verifier to communicate to the issuer via back-channels, keeping the wallet holder's interactions private between only those parties directly involved in each interaction. This model of digital identity is often referred to as Self-Sovereign Identity, or SSI.

eIDAS 2.0

Whether you want to:

  • issue into an EUDI Wallet
  • provide an EUDI Wallet
  • offer services to an EUDI Wallet holder

Procivis One provides production grade open source components to get certified and connect your organization to the eIDAS 2.0 ecosystem.

Procivis One in the eIDAS ARF

Use the Procivis One Core for Issuer or Verifier solutions. For an EUDI Wallet, use the One Core React Native SDK for embedding into an existing app, or use the Procivis One Wallet with adaptations to fit your needs.

Interoperability and conformance

Procivis One is built using open standards and tested to ensure interoperability with different software vendors and across different international regulatory ecosystems.

  • W3C standards
    • The W3C offers several test suites for standards conformance. See the latest test results for Procivis One at canivc.com.
  • ISO/IEC 18013-5 mDL
    • Procivis One's implementation of the ISO mDL standard is compatible with the OpenWallet Foundation's verifier: Procivis One can successfully issue mDL credentials to a Procivis One Wallet, and these credentials can successfully be verified by the OpenWallet Foundation's verifier. See the OpenWallet Foundation libraries.
  • eIDAS 2.0; EUDI Wallet
    • The EU Digital Wallet is developing issuer and verifier testing for interoperability in mdoc and SD-JWT formats using OID4VC protocols. We follow the ongoing development of the testing platform and regularly test against it.

We continue to look for more opportunities for interoperability testing as the standards and regulations mature and harden.

Supported standards

Credential models

W3C VC

Securing mechanism Supported representations Supported proof/signature types
W3C Data Integrity Proofs (embedded) JSON-LD in Compacted Document Form
W3C VC-JOSE-COSE (enveloping)

* CRYSTALS-DILITHIUM is a post-quantum resistant signature scheme, selected by NIST for Post-Quantum Cryptography Standardization. Support for the recently published FIPS-204 is planned for the near future.

  • Backwards compatibility: Procivis One supports verification of proofs which use VCDM 1.1.

  • Additional VC formats: Procivis One supports verification of VCs embedded in optical barcodes. See Verifiable Credentials Barcode v0.7.

ISO mdoc

  • [ISO/IEC 18013-5:2021][iso] standard for mdoc credentials.

IETF SD-JWT VC

Standard Supported representations Supported proof/signature types
IETF SD-JWT VC SD-JWT

* CRYSTALS-DILITHIUM is a post-quantum resistant signature scheme, selected by NIST for Post-Quantum Cryptography Standardization. Support for the recently published FIPS-204 is planned for the near future.

Exchange and transport

  • OpenID for Verifiable Credentials
    • OID4VCI; ID-1
    • OID4VP; ID-2
      • OID4VP over BLE; optimized version of Draft 00
      • OID4VP over MQTT; proprietary adaptation of "OID4VP over BLE" via MQTT channel
  • ISO/IEC 18013
    • 18013-5: QR code engagement and offline device retrieval over BLE
    • 18013-7: Online data retrieval via OID4VP

Key storage

  • Secure Enclave (iOS) and Android Keystore (TEE or Strongbox)
  • Azure Key Vault (HSM)
  • Internal encrypted database

Revocation methods

DID methods

See our supported technology page for more details.

Support

Need support or have feedback? Contact us.

License

Some rights reserved. This library is published under the Apache License Version 2.0.

Shows a Procivis black logo in light color mode and a white one in dark color mode.

© Procivis AG, https://www.procivis.ch.