You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We want a shared code base for implementing the vc-api , using libraries in this repo.
We want this code base to expose a docker and bare metal api that can be configured to expose cryptographic capabilities in an extensible manner, such that a standard build process can deploy a secured instance of the api that is unique per vendor (no key or auth-reuse, no bundling of keys for demo purposes).
Requirements
API Documentation
The documentation for the API SHALL be OAS3.0 and shall include security configuration associated with authentication and authorization.
API Features
The API SHALL support all defined http endpoints and schemas associated with the vc-api.
This includes stateful operations such as revocation and presentation exchange.
This implies database integrations and associated security considerations.
The API SHALL support did:key and did:web.
The API SHALL support well known did configuration.
The API SHALL support extensibility mechanisms for securely exposing key based capabilities, such as signing.
Testing
The API SHALL be testable in CI using github actions.
Conformance tests shall cover all exposed endpoints and all supported did methods.
The API SHALL cover all "credentials of interests" as defined in the traceability use cases and requirements section here:
The API SHALL expose digital bazaar libraries for testing in CI as part of conformance testing, using a facade pattern. This is to ensure that all test vectors associated with API conformance have been evaluated by at least 2 independent implementations.
Abstract
We want a shared code base for implementing the vc-api , using libraries in this repo.
We want this code base to expose a docker and bare metal api that can be configured to expose cryptographic capabilities in an extensible manner, such that a standard build process can deploy a secured instance of the api that is unique per vendor (no key or auth-reuse, no bundling of keys for demo purposes).
Requirements
API Documentation
The documentation for the API SHALL be OAS3.0 and shall include security configuration associated with authentication and authorization.
API Features
The API SHALL support all defined http endpoints and schemas associated with the vc-api.
This includes stateful operations such as revocation and presentation exchange.
This implies database integrations and associated security considerations.
The API SHALL support
did:keyanddid:web.The API SHALL support well known did configuration.
The API SHALL support extensibility mechanisms for securely exposing key based capabilities, such as signing.
Testing
The API SHALL be testable in CI using github actions.
Conformance tests shall cover all exposed endpoints and all supported did methods.
The API SHALL cover all "credentials of interests" as defined in the traceability use cases and requirements section here:
https://w3c-ccg.github.io/traceability-vocab/#use-cases-and-requirements
The API SHALL expose digital bazaar libraries for testing in CI as part of conformance testing, using a facade pattern. This is to ensure that all test vectors associated with API conformance have been evaluated by at least 2 independent implementations.
Existing implementations:
The text was updated successfully, but these errors were encountered: