-
Notifications
You must be signed in to change notification settings - Fork 2
/
vc_create_offer.puml
111 lines (90 loc) · 4.27 KB
/
vc_create_offer.puml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
@startuml vc_create_offer
title Packet Delivery - Offer creation
autonumber 1
skinparam SequenceBoxBorderColor transparent
box User #MistyRose
actor "Packet Delivery Co\nEmployee" as user #f7a6a6
participant "Employee\nSIOP" as siop #f7a6a6
endbox
box Marketplace #ebfcef
participant "Marketplace" as market #DarkSeaGreen
endbox
database "Universal\nResolver" as DIDR
'Select the login with credentials method
user->market ++ #DarkSeaGreen:Access portal
market-->user --: Select identity provider
' #######################################
' #######################################
note over user, market
One of the login options is "Verifiable Credential", and
the Marketplace displays a QR
end note
user->siop ++: Scan QR
note right: The employee uses its wallet to scan the QR in Packet Delivery Portal
note over siop: The wallet uses the URL inside the QR to start the process
siop -> market--++ #DarkSeaGreen: POST \n/authentication-requests
note over market: Now we start the standard SIOP process
market -> market :Create Authenticaton Request
siop<--market--++ :URI + <Authentication Request>
siop -> DIDR--++: Resolve DID of\nMarketplace
note over DIDR
This is a Universal Resolver blockchain node, and there may be as many as needed
Its mission is to resolve DIDs using the blockchain and return the associated DID Document
The DID Document (as per W3C) contains relevant information about the entity owner of the DID
It contains its Public Key, used to verify the digital signature of the entity
It also contains the status of the entity in the Data Space ecosystem
It is extensible, and can contain any public information which may be relevant for the use case
The Universal Resolver server has to be operated by a trusted entity for the customer
There may be as many nodes as needed operated by different entities
At least one of those trusted entities has to be configured in the wallet of the user
end note
siop<--DIDR--++: DID Document of\Marketplace
siop -> siop: Verify Authentication Request
note right siop
The wallet checks the digital signature of the Authentication Request
Checks that the DID inside the request matches the DID inside the DID Document from Universal Resolver
It also checks additional info inside the request against the DID Document
Now the wallet knows that Marketplace is a trusted entity and that it signed the request
end note
siop -> siop: Create Authentication Response\nURI + <id_token>
note right siop
The wallet creates a SIOP Authentication Response
It includes a Verifiable Credential as an additional claim
The Verifiable Credential was issued by Packet Delivery Co as an employee badge
end note
siop -> market--++ #DarkSeaGreen: POST <id_token>\n/siop-sessions
market->DIDR--++: Resolve DID of\nPacket Delivery Co
note over DIDR
This can be a blockchain node of Packet Delivery Co or of any entity trusted by it
For maximum level of trust, the node is operated by Marketplace
The Verifiable Credential received from the user was signed by Packet Delivery Co and includes its DID
Marketplace retrieves from blockchain the DID Document for that DID
Checks the digital signature and other info (eg., status in Data Space)
end note
market<--DIDR--++ #DarkSeaGreen: DID Document with public key
market->market: Verify Authentication Response
note over market
The VC issued by Packet Delivery Co to its employee includes the Public Key of the SIOP used to sign
The Public Key of the SIOP was verified when the employee was onboarded by Happy Pets
end note
market->market: Create Access Token\n<Access Token>
note over market
Marketplace creates an access token to send to the wallet for
further access to services
end note
siop<--market++: HTTP 200: <Access Token>
user<--siop-- : Display OK
market->market: Refresh the Portal
note over market
The webpage of the Portal is refreshed to
present the services to the employee
end note
market -> user-- : show services
' #######################################
' #######################################
market-->user--:show services
user->market++ #DarkSeaGreen:request Offer Creation service
market-->user--:Provide details of offer
user->market++ #DarkSeaGreen:Offer details\n1. Standard\n2. Gold
market-->user--:200 OK
@enduml