Skip to content

IDM - Identity Manager

Powered by

DS2 IDM IceLogo

Project Links
Software GitHub Repository https://github.com/ds2-eu/identity
Progress GitHub Project https://github.com/orgs/ds2-eu/projects/8

General Description

The DS2 Identity Module (IDM) is a Foundation module that provides a practical framework for creating, managing, and validating participant and module identities for inter-Dataspace activities. It leverages Verifiable Credentials (VCs) and integrates with technologies like the EDC IdentityHub to ensure secure and trustworthy identity management. The IDM aims to reuse existing identities from different companies and provide robust mechanisms to verify their membership and participation in various dataspaces.

The IDM facilitates the secure interaction between dataspaces by managing identities and access rights. Key development efforts have focused on:

  • Verifiable Credentials (VCs): Core to the IDM, VCs allow companies to prove their identity and attributes in a secure and verifiable manner.
  • Wallet Visualisation: Functionality enabling companies to view and manage their VCs.
  • Credential Issuer: DS2 has developed its own credential issuer capable of generating signed VCs for companies, based on dataspace agreements.
  • IDM Portal: A comprehensive web interface (backend and frontend) for managing dataspaces, collaboration agreements, and company registrations within DS2.
  • EDC IdentityHub Integration: Successful integration allows for the hosting and management of VCs.

The module supports the registration of dataspaces, the establishment and management of collaboration agreements between them, and the registration of companies as DS2 members, all underpinned by a system of verifiable digital credentials.

Architecture

The figure below represents the module fit into the DS-DS environment. DS2 IDM Architecturefits

The figure below represents the actors, internal structure, primary sub-components, primary DS2 module interfaces, and primary other interfaces of the module. DS2 IDM Architecture

Component Definition

The IDM comprises the following key components:

IDM Portal:

  • Backend: Manages the business logic for dataspace registration, agreement workflows, company registration, and interactions with the credential issuer and wallet functionalities.
  • Frontend (UIs): Provides user interfaces for:
    • Registration of dataspaces in DS2.
    • Requesting collaboration and forming agreements between dataspaces.
    • Searching for registered dataspaces.
    • Accepting or rejecting collaboration agreements.
    • Visualizing dataspace policies.
    • Registering companies as members of DS2.
  • DS2 Credentials Issuer: An implemented service capable of generating cryptographically signed Verifiable Credentials.
    • Issues credentials to companies based on established dataspace agreements and their DS2 membership.
  • Wallet Visualisation Functionality: A user-facing component allowing companies to view and manage their issued Verifiable Credentials.
    • Integrated with the EDC IdentityHub for hosting credentials.
  • EDC IdentityHub Integration Layer: Manages the interaction with the EDC IdentityHub, enabling the storage and retrieval of Verifiable Credentials.
  • Core Identity Logic: Underlying mechanisms for verifying membership of companies in their respective dataspaces and managing the lifecycle of identities and credentials within the DS2 ecosystem.

Screenshots

DS2 IDT Screenshots

Commercial Information

Table with the organisation, license nature (Open Source, Commercial ... ) and the license. Replace with the values of your module.

Organisation (s) License Nature License
ICE Open Source Apache 2.0

Top Features

  • Verifiable Credential Management: Core functionality for issuing, hosting (via EDC IdentityHub), and visualizing VCs for companies.
  • DS2 Native Credential Issuer: Custom-built service to generate signed credentials based on dataspace agreements.
  • Comprehensive IDM Portal:
    • Dataspace registration and discovery.
    • Inter-dataspace collaboration agreement management (requests, acceptance/rejection).
    • Visualization of dataspace policies.
    • Company registration for DS2 membership.
  • EDC IdentityHub Integration: Successfully achieved for robust VC hosting.
  • Wallet Functionality: Allows companies to manage and present their digital credentials.
  • Decentralized Identity Principles: Aligns with modern approaches to identity management, enhancing security and user control.
  • Membership Verification: Mechanisms to verify company membership within specific dataspaces.
  • Secure Inter-Dataspace Communication: Facilitates trust by ensuring participants are authenticated and authorized.

How To Install

The module is installed as part of the IDT.

Requirements

Provision a Linux VM (Ubuntu 24.10) Docker installed

Resources: Recommended: 4 cpu cores, 8 GB RAM and 50 GB disk capacity.

Summary of installation steps

Steps consider the download, compilation and deployment of the different parts of the software.

Detailed steps

Clone the code 

git clone https://git.icelab.cloud/ds2/idm.git
The module is composed of three parts:

  • IDM Portal: Fronend of the app providing functionality for creating dataspaces, establishing collaboration agreements, and requesting verifiable credentials.
  • IDM Backend: A REST API for the IDM Portal to interact with the EDC IdentityHub and the Verifiable Credentials Issuer.
  • IDM database: A database for storing the IDM data.

Run the command 

./dev-rebuild.sh

How To Use

The IDM is primarily interacted with via the global portal. After the user logs in it provides two main functionality: Management of Dataspaces and Company Verifiable Credentials:

  • Dataspace Authorities:
    • Use the IDM Portal to register their dataspace within the DS2 ecosystem. DS2 IDT Screenshots
    • Search for other registered dataspaces to explore potential collaborations.
    • Initiate collaboration requests with other dataspaces. DS2 IDT Screenshots
    • Review and accept/reject incoming collaboration requests.
    • View policies associated with registered dataspaces. DS2 IDT Screenshots
  • Companies:
    • Register their organization as a member of DS2 via the IDM Portal. DS2 IDT Screenshots
    • Once approved and relevant dataspace agreements are in place, the DS2 Credentials Issuer will generate Verifiable Credentials for the company.
    • Access the Wallet Visualisation Functionality to view and manage their issued VCs. These VCs can then be used to prove their identity and membership in inter-dataspace interactions.
  • System Administrators:
    • Manage the overall configuration and operation of the IDM components.

Other Information

No other information at the moment for IDM

OpenAPI Specification

TBC

TBC