Update README.md

Clarification on roles for pilots and minor edits
This commit is contained in:
leandro 2024-01-24 13:21:38 +00:00
parent e044dadfcc
commit 0562194d93
1 changed files with 12 additions and 12 deletions

View File

@ -4,15 +4,15 @@
- **XO9B**: - **XO9B**:
- Motivation: The aim is to support an accreditation program for vulnerable people, exploring the value of using verifiable credentials to get services/benefits. - Motivation: The aim is to support an accreditation program for vulnerable people, exploring the value of using verifiable credentials to get services/benefits.
- Scenario: A vulnerable family obtains a benefit (internet connection fee discount) presenting a verifiable credential to an connectivity provider entity. - Scenario: A vulnerable family obtains a benefit (internet connection fee discount) by presenting a verifiable credential to a connectivity provider entity.
Actors-> **XO9B**: IdHub (acting as a user wallet), **Connectivity provider entity**: Demo portal (acting as Verifier Portal). The verifier portal incorporates verification capabalities and support to establish an OIDC4VP dialog with the user wallet. Actors-> **XO9B**: IdHub (acting as a user wallet for families holding credentials issued by a social support organisation), **Connectivity provider entity**: Demo portal (acting as Verifier Portal). The verifier portal incorporates verification capabalities and support to establish an OIDC4VP dialog with the user wallet for credential presentation (accreditation).
- **Setem**: - **Setem**:
- Motivation: Since SETEM is a federation, members of one of the federated entities (Setem BCN) can accredit their membership to other federation members (Setem Madrid) with a verifiable credential to obtain a discount. - Motivation: Since SETEM is a federation, members of one of the federated entities (Setem BCN) can accredit their membership to other federation members (Setem Madrid) presenting a verifiable credential to obtain a discount.
Actors-> **Setem BCN**: IdHub (acting as a user wallet), **Setem Madrid**: Demo portal (acting as Verifier Portal). The verifier portal incorporates verification capabalities and support to establish an OIDC4VP dialog with the user wallet. Actors-> **Setem BCN**: IdHub (acting as a user wallet for their members holding credentials issued by Setem BCN), **Setem Madrid**: Demo portal (acting as Verifier Portal). The verifier portal incorporates verification capabilities and support to establish an OIDC4VP dialog with the user wallet for credential presentation (accreditation).
- **Lafede**: - **Lafede**:
- Motivation: Implementation of the dual model of EIDAS1-compliant signed PDFS that embed public verifiable credentials exported as QR codes embedded in these documents. Member organisations of the Lafede federation request membership and training certificates. - Motivation: Implementation of dual EIDAS1 and EIDAS2 compliant attestations as signed PDFS with public verifiable credentials exported as QR codes embedded in these documents. Member organisations and related persons of the Lafede federation request membership and training certificates.
Actors-> **Lafede**: idHub Actors-> **Lafede**: idHub
@ -21,19 +21,19 @@
- Scenarios: - Scenarios:
- Scenario 1-> 'Login with Organisation A (Idp)'. The staff members of organisation A, with the appropiate role, can authenticate themselves by providing their organisation credentials (username and password) to access a service in Pangea (Musician). - Scenario 1-> 'Login with Organisation A (Idp)'. The staff members of organisation A, with the appropiate role, can authenticate themselves by providing their organisation credentials (username and password) to access a service in Pangea (Musician).
Actors-> **Pangea**: Idp (goauthentik), Musician, Orchestra. **Organisation A**: Idp, IdHub Actors-> **Pangea**: IdP (goauthentik), Musician, Orchestra. **Organisation A**: IdP, IdHub
Pangea delegates authentication to the idP of organisation B using OpenID Connect. In this case, the Pangea's IdP (goauthentik) delegates the authentication to Organisation A's IdP, which get the user's role information from the Organisation A's IdHub. Pangea delegates authentication to the IdP of organisation B using OpenID Connect. In this case, the Pangea's IdP (goauthentik) delegates the authentication to Organisation A's IdP, which get the user's role information from the Organisation A's IdHub.
- Scenario 2-> 'Present a verifiable credential'. The staff members of organisation A, with the appropiate credentials, present them to Pangea in order to access the Musician service. - Scenario 2-> 'Present a verifiable credential'. The staff members of organisation A, with the appropiate credentials, present them to Pangea in order to access the Musician service.
Actors-> **Pangea**: Idp (goauthentik), IdHub (as verifier), Musician, Orchestra (with also nginx api rproxy). **Organisation A**: IdHub (as user wallet) Actors-> **Pangea**: IdP (goauthentik), IdHub (as verifier), Musician, Orchestra (with also nginx API rproxy). **Organisation A**: IdHub (as user wallet)
- **test**: intended for software quality such as testing, CI/CD, etc. - **test**: intended for software quality such as testing, CI/CD, etc.
## Installation ## Installation
Considering debian stable distribution (Debian 12 bookworm) Considering debian stable distribution (Debian 12 bookworm).
- docker: [install using the convenience script](https://docs.docker.com/engine/install/debian/#install-using-the-convenience-script) - docker: [install using the convenience script](https://docs.docker.com/engine/install/debian/#install-using-the-convenience-script)
- make: some of the actions are declared in `Makefile`, you will need `sudo apt install make`. - make: some of the actions are declared in `Makefile`, you will need `sudo apt install make`.
@ -49,16 +49,16 @@ All the scripts are written in POSIX Shell. I hope they are easy enough and stru
## Development ## Development
You can use these docker images for developing the software. This repo is targeted on integrating, deploying and testing the IdHub tools. You can do the same with the other tools, the trick used is to override the docker's directory with a local directory. Example found on all pilots instances You can use these docker images for developing the software. This repo is targeted on integrating, deploying and testing the IdHub tools. You can do the same with the other tools, the trick used is to override the docker's directory with a local directory. Example found on all pilots instances.
```yaml ```yaml
volumes: volumes:
- ./idhub1__pilot-example:/opt/idhub - ./idhub1__pilot-example:/opt/idhub
``` ```
If you are developing IdHub, all the instances generate a copy of the target repository such as `idhub1__pilot-example`, which you can modify there, and the changes will apply to the deployment If you are developing IdHub, all the instances generate a copy of the target repository such as `idhub1__pilot-example`, which you can modify there, and the changes will apply to the deployment.
In the `.env` there are some variables intended to be used for debugging purposes In the `.env` there are some variables intended to be used for debugging purposes.
### Commands that you might like ### Commands that you might like