parent
78a79e69e9
commit
e044dadfcc
43
README.md
43
README.md
|
@ -2,21 +2,34 @@
|
|||
|
||||
## About the pilots that this repository deploys
|
||||
|
||||
- xo9b:
|
||||
- motivation: one idhub connects to the other using OIDC4VP flow
|
||||
- components: idhub1, idhub2
|
||||
- setem:
|
||||
- motivation: a user from org 1 connects to org 2 to get a discount code
|
||||
- components: idhub1, idhub2
|
||||
- lafede:
|
||||
- motivatiion: a user gets a verifiable credential presentation from idhub, optionally could be signed also using EIDAS1
|
||||
- components: idhub1
|
||||
- pangea:
|
||||
- motivation:
|
||||
- a user from org 1 connects to org 1 services
|
||||
- a user from org 1 connects to org 2 services
|
||||
- components: idhub1, idhub2, goauthentik services, orchestra (with also nginx api rproxy), musician
|
||||
- test: intended for software quality such as testing, CI/CD, etc.
|
||||
- **XO9B**:
|
||||
- Motivation: The aim is to support an accreditation program for vulnerable people, exploring the value of using verifiable credentials to get services/benefits.
|
||||
- Scenario: A vulnerable family obtains a benefit (internet connection fee discount) presenting a verifiable credential to an connectivity provider entity.
|
||||
|
||||
Actors-> **XO9B**: IdHub (acting as a user wallet), **Connectivity provider entity**: Demo portal (acting as Verifier Portal). The verifier portal incorporates verification capabalities and support to establish an OIDC4VP dialog with the user wallet.
|
||||
- **Setem**:
|
||||
- Motivation: Since SETEM is a federation, members of one of the federated entities (Setem BCN) can accredit their membership to other federation members (Setem Madrid) with a verifiable credential to obtain a discount.
|
||||
|
||||
Actors-> **Setem BCN**: IdHub (acting as a user wallet), **Setem Madrid**: Demo portal (acting as Verifier Portal). The verifier portal incorporates verification capabalities and support to establish an OIDC4VP dialog with the user wallet.
|
||||
- **Lafede**:
|
||||
- Motivation: Implementation of the dual model of EIDAS1-compliant signed PDFS that embed public verifiable credentials exported as QR codes embedded in these documents. Member organisations of the Lafede federation request membership and training certificates.
|
||||
|
||||
Actors-> **Lafede**: idHub
|
||||
|
||||
- **Pangea**:
|
||||
- Motivation: The case of Pangea as a web/internet service provider, with member organisations that receive services. These organisations have allocated several resources units (mail accounts, blogs, etc.). Only authorised users with a specific role should be able to access the Musician (Administration Control Panel of resources).
|
||||
- Scenarios:
|
||||
- Scenario 1-> 'Login with Organisation A (Idp)'. The staff members of organisation A, with the appropiate role, can authenticate themselves by providing their organisation credentials (username and password) to access a service in Pangea (Musician).
|
||||
|
||||
Actors-> **Pangea**: Idp (goauthentik), Musician, Orchestra. **Organisation A**: Idp, IdHub
|
||||
|
||||
Pangea delegates authentication to the idP of organisation B using OpenID Connect. In this case, the Pangea's IdP (goauthentik) delegates the authentication to Organisation A's IdP, which get the user's role information from the Organisation A's IdHub.
|
||||
|
||||
- Scenario 2-> 'Present a verifiable credential'. The staff members of organisation A, with the appropiate credentials, present them to Pangea in order to access the Musician service.
|
||||
|
||||
Actors-> **Pangea**: Idp (goauthentik), IdHub (as verifier), Musician, Orchestra (with also nginx api rproxy). **Organisation A**: IdHub (as user wallet)
|
||||
|
||||
- **test**: intended for software quality such as testing, CI/CD, etc.
|
||||
|
||||
## Installation
|
||||
|
||||
|
|
Reference in New Issue