Skip to content

Commit

Permalink
docs: add credential definition docs (#748)
Browse files Browse the repository at this point in the history
  • Loading branch information
CryptoKnightIOG authored Oct 9, 2023
1 parent d75a676 commit 6a744e8
Show file tree
Hide file tree
Showing 5 changed files with 331 additions and 2 deletions.
145 changes: 145 additions & 0 deletions docs/docusaurus/credentialdefinition/create.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,145 @@
# Create the Credential Definition

The PRISM platform v2.0 exposes REST API for creation, fetching, and searching the [credential definition](/docs/concepts/glossary#credential-definition) records.

The OpenAPI specification and ReDoc documentation describe the endpoint.

In this document, you can find step-by-step instructions for creating the credential definition.

## Step-by-step guide

The following guide demonstrates how to create a birth certificate credential definition.

### 1. Define the Credential Definition for the Verifiable Credential

Assume you are aiming to define a credential for birth certificates. This credential definition has specific properties and ties to a schema in the PRISM platform.

Here's a sample content of the credential definition:

```json
{
"name": "Birth Certificate location",
"description": "Birth certificate Anoncred Credential Definition",
"version": "1.0.0",
"tag": "Licence",
"author": "{{ISSUER_DID_SHORT}}",
"schemaId": "http://host.docker.internal:8080/prism-agent/schema-registry/schemas/{{SCHEMA_ID}}",
"signatureType": "CL",
"supportRevocation": true
}
```

### 2. Create the Credential Definition Record

1. Use your preferred REST API client, such as Postman or Insomnia, or utilize a client stub that's generated based on the OpenAPI specification.

2. In your API client, initiate a new POST request to the `/credential-definition-registry/definitions/` endpoint.

Please note: The `author` field value should align with the short form of a PRISM DID previously created by the same agent. It's okay if this DID is unpublished. You can refer to the [Create DID](../dids/create.md) documentation for more comprehensive details on crafting a PRISM DID.

3. Construct the request body using the following JSON object:

```json
{
"name": "Birth Certificate location",
"description": "Birth certificate Anoncred Credential Definition",
"version": "1.0.0",
"tag": "Licence",
"author": "{{ISSUER_DID_SHORT}}",
"schemaId": "http://host.docker.internal:8080/prism-agent/schema-registry/schemas/{{SCHEMA_ID}}",
"signatureType": "CL",
"supportRevocation": true
}
```

4. Transmit the POST Request to Create the New Credential Definition

Once you've crafted your POST request, send it. Upon success, the server should respond with a GUID that uniquely identifies the new credential definition.

For ease of reference, here's a `curl` example:

```shell
curl -X 'POST' \
'http://localhost:8080/credential-definition-registry/definitions/' \
-H 'accept: application/json' \
-H "apikey: $API_KEY" \
-H 'Content-Type: application/json' \
-d '{
"name": "Birth Certificate location",
"description": "Birth certificate Anoncred Credential Definition",
"version": "1.0.0",
"tag": "Licence",
"author": "{{ISSUER_DID_SHORT}}",
"schemaId": "http://host.docker.internal:8080/prism-agent/schema-registry/schemas/{{SCHEMA_ID}}",
"signatureType": "CL",
"supportRevocation": true
}
```
A potential response could be:
```json
{
"guid": "3f86a73f-5b78-39c7-af77-0c16123fa9c2",
"id": "f2bfbf78-8bd6-4cc6-8b39-b3a25e01e8ea",
"longId": "did:prism:agent/f2bfbf78-8bd6-4cc6-8b39-b3a25e01e8ea?version=1.0.0",
"name": "Birth Certificate location",
"version": "1.0.0",
"description": "Birth certificate Anoncred Credential Definition",
"tag": "Licence",
"author": "did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff",
"authored": "2023-03-14T14:41:46.713943Z",
"schemaId": "http://host.docker.internal:8080/prism-agent/schema-registry/schemas/{{SCHEMA_ID}}",
"signatureType": "CL",
"supportRevocation": true,
"kind": "CredentialDefinition",
"self": "/credential-definition-registry/definitions/3f86a73f-5b78-39c7-af77-0c16123fa9c2"
}
```
### 3. Retrieve the Created Credential Definition
To obtain details of the newly created credential definition, send a GET request to the `/credential-definition-registry/definitions/{guid}` endpoint. Replace `{guid}` with the unique GUID returned from the previous creation step.
To exemplify this process, use the following `curl` command:
```shell
curl -X 'GET' \
'http://localhost:8080/credential-definition-registry/definitions/3f86a73f-5b78-39c7-af77-0c16123fa9c2' \
-H 'accept: application/json' \
-H "apikey: $API_KEY"
```
You should receive a response containing the JSON object representing the credential definition you've just established:

```json
{
"guid": "3f86a73f-5b78-39c7-af77-0c16123fa9c2",
"id": "f2bfbf78-8bd6-4cc6-8b39-b3a25e01e8ea",
"longId": "did:prism:agent/f2bfbf78-8bd6-4cc6-8b39-b3a25e01e8ea?version=1.0.0",
"name": "Birth Certificate location",
"version": "1.0.0",
"description": "Birth certificate Anoncred Credential Definition",
"tag": "Licence",
"author": "did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff",
"authored": "2023-03-14T14:41:46.713943Z",
"schemaId": "http://host.docker.internal:8080/prism-agent/schema-registry/schemas/{{SCHEMA_ID}}",
"signatureType": "CL",
"supportRevocation": true,
"kind": "CredentialDefinition",
"self": "/credential-definition-registry/definitions/3f86a73f-5b78-39c7-af77-0c16123fa9c2"
}
```

Remember, in the PRISM platform, the combination of author, id, and version uniquely identifies each credential definition. Thus, using the same agent DID as the author, you cannot establish another credential definition with identical id and version values.

### 4. Update the Credential Definition

To update or upgrade an existing credential definition, follow the steps outlined below:

1. Begin with the first step and make necessary modifications to the Credential Definition.
2. Update the `version` value to reflect the changes made. This is important to ensure that each version of the credential definition remains distinct.
3. Create a new credential definition entry with the updated version and schema.

Note: When you make changes to an existing credential definition, it's essential to version the new entry accurately. This ensures clarity and avoids potential conflicts or misunderstandings among different versions of the same definition.
127 changes: 127 additions & 0 deletions docs/docusaurus/credentialdefinition/credential-definition.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,127 @@
# Anoncred Credential Definition Guide

## Abstract

This document details the structure, supported formats, and technical intricacies of Anoncred Credential Definitions within the Atala PRISM Platform.

## 1. Introduction

An Anoncred Credential Definition serves as a standardized format for any given Anoncred Verifiable Credential. By embedding essential attributes unique to each type of credential, it lays the groundwork for diverse categories of verifiable credentials. Integrating this definition on a public blockchain ensures its availability and verifiability for all stakeholders.

The PRISM Platform endorses the Anoncred Credential Definition, conforming to the [Hyperledger AnonCreds specification](https://hyperledger.github.io/anoncreds-spec/#term:schemas).

## 2. Anoncred Credential Definition Attributes

### name (String)

A descriptive and readable name indicating the type or category of the credential.

**Example:**
```json
{
"name": "{{CREDENTIAL_NAME}}"
}
```

---

### description (String)

A succinct descriptor providing an overview of the credential definition's purpose or category.

**Example:**
```json
{
"description": "{{CREDENTIAL_DESCRIPTION}}"
}
```

---

### version (String)

Specifies the version of the credential definition, using the [SemVer](https://semver.org/) protocol.

**Example:**
```json
{
"version": "{{VERSION_NUMBER}}"
}
```

---

### tag (String)

A unique identifier or tag associated with the credential definition.

**Example:**
```json
{
"tag": "{{TAG_IDENTIFIER}}"
}
```

---

### author (DID)

The decentralized identifier (DID) of the entity that created the credential definition.

**Example:**
```json
{
"author": "{{ISSUER_DID_SHORT}}"
}
```

---

### schemaId (URI)

A distinct reference to retrieve the schema from the PRISM Schema Registry.

**Example:**
```json
{
"schemaId": "{{SCHEMA_REGISTRY_URI}}"
}
```

---

### signatureType (String)

Indicates the type of signature applied to the credential definition.

**Example:**
```json
{
"signatureType": "{{SIGNATURE_TYPE}}"
}
```

---

### supportRevocation (Boolean)

Specifies if the credential definition incorporates revocation capabilities.

**Example:**
```json
{
"supportRevocation": "{{BOOLEAN_VALUE}}"
}
```

---

## Conclusion

The Anoncred Credential Definition is a versatile tool that offers a standardized approach for an array of verifiable credentials. By ensuring its correct incorporation within the Atala PRISM Platform, the issuance and validation processes of various credentials can be streamlined and made more efficient.

## References

- [Hyperledger AnonCreds specification](https://hyperledger.github.io/anoncreds-spec/#term:schemas)

**Note:** Throughout the implementation phase within the PRISM platform, it's crucial to replace placeholders (such as `{{CREDENTIAL_NAME}}`, `{{VERSION_NUMBER}}`, and others) with their real, intended values.
14 changes: 14 additions & 0 deletions docs/docusaurus/credentialdefinition/delete.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# Delete the Credential Definition

Unfortunately, once published (especially in the [Verifiable Data Registry (VDR)](/docs/concepts/glossary#verifiable-data-registry), deleting the credential definition becomes unfeasible.

In the PRISM Platform v2.0, credential definitions aren't published to the VDR. This functionality will be incorporated in subsequent versions of the platform. Hence, the platform currently doesn't provide a REST API for deletion.

If you need to `delete` the credential definition, it's advisable to contact the database administrator or directly remove it from the Postgres instance using its `guid`.

For example:

```sql
DELETE
FROM credential_definition
WHERE guid = '3f86a73f-5b78-39c7-af77-0c16123fa9c2'
33 changes: 31 additions & 2 deletions docs/docusaurus/schemas/credential-schema.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ semantic interoperability of the Credential.
The PRISM Platform supports the following specifications of the credential schemas:

- [Verifiable Credentials JSON Schema 2022](https://w3c-ccg.github.io/vc-json-schemas/)
- [AnonCreds Schema](https://hyperledger.github.io/anoncreds-spec/#term:schemas) - planned
- [AnonCreds Schema](https://hyperledger.github.io/anoncreds-spec/#term:schemas)

The signed credential schema allows doing following verifications:

Expand All @@ -27,6 +27,7 @@ The author can use credential schema to issue the following types of verifiable

- JSON Verifiable Credential
- JSON-LD Verifiable Credential
- Anoncred Verifiable Credential
- all types above but encoded as JWT

Limitations and constraints of the PRISM Platform v2.0:
Expand Down Expand Up @@ -74,14 +75,23 @@ Resource identifier of the given credential schema composed from the author's [D

It is a type of the supported JSON Schema of the credential schema.
It describes the JSON Schema of the Credential Schema described in this document.
In the current implementation, this field must always be the value in the following example:

**JWT Credential Schema Example:**

```json
{
"type": "https://w3c-ccg.github.io/vc-json-schemas/schema/2.0/schema.json"
}
```

**AnonCred Credential Schema Example:**

```json
{
"type" : "AnoncredSchemaV1"
}
```

---

### name (String)
Expand Down Expand Up @@ -200,6 +210,25 @@ JSON Schema must be composed according to <https://json-schema.org/draft/2020-12

---

### schema (AnonCred Schema)

A valid [ANONCRED-SCHEMA](https://hyperledger.github.io/anoncreds-spec/#term:schemas) where the credential schema semantic gets defined.
**Example:**

```json
{
"name": "Birth Certificate Schema",
"version": "1.0",
"attrNames": [
"location",
"birthday"
],
"issuerId": "did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff"
}
```

---

### tags (String[])

It is a set of tokens that allow one to look up and filter the credential schema records.
Expand Down
14 changes: 14 additions & 0 deletions docs/docusaurus/sidebars.js
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,20 @@ const sidebars = {
'schemas/delete'
]
},
{
type: 'category',
label: 'Credential Definition',
link: {
type: 'generated-index',
title: 'Credential Definition',
description: 'Credential Definition Tutorials'
},
items: [
'credentialdefinition/credential-definition',
'credentialdefinition/create',
'credentialdefinition/delete'
]
},
{
type: 'category',
label: 'Secret Management',
Expand Down

0 comments on commit 6a744e8

Please sign in to comment.