.
+The schema defines the following credential types:
+
+**Note**: all examples highlight the important parts in yellow. The value types are enclosed in brackets for brevity. Some
+examples:
+
+- `[bpn]` represents a BPN number such as `"BPN00000000XS2X"`
+- `[did]` represents a DID, e.g. `"did:example:123"`
+- `[iso8601-timestamp]` is an ISO8601 formatted timestamp, e.g. `"2023-02-28T10:21:31Z"`
+- `[uuid]` is a UUIDv4 type of UUID, e.g. `f01d7219-d1aa-48c6-beaa-9e433e80ac79`
+- `[IRI]` is a URL-type of ID, but with extended characters, e.g. `"https://example.com/credentials/123"
+
+#### BPN Credential
+
+
+{
+ "@context": [
+ "https://www.w3.org/2018/credentials/v1",
+ "https://w3id.org/security/suites/jws-2020/v1",
+ "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/businessPartnerData"
+ ],
+ "id": "[uuid]",
+ "type": [
+ "VerifiableCredential",
+ "BpnCredential"
+ ],
+ "issuer": "[did]",
+ "issuanceDate": "[iso8601-timestamp]",
+ "credentialSubject": {
+ "id": "[did]"
+ "type": "BpnCredential",
+ "bpn": "[bpn]"
+ }
+}
+
+
+#### Behavior Twin Use Case Credential
+
+
+{
+ "@context": [
+ "https://www.w3.org/2018/credentials/v1",
+ "https://w3id.org/security/suites/jws-2020/v1",
+ "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/UseCaseVC"
+ ],
+ "id": "[IRI]",
+ "issuer": "[did]",
+ "type": [
+ "VerifiableCredential",
+ "UseCaseFrameworkCondition"
+ ],
+ "issuanceDate": "[iso8601-timestamp]",
+ "expirationDate": "[iso8601-timestamp]",
+ "credentialSubject": {
+ "id": "[did]",
+ "holderIdentifier": "[bpn]",
+ "usecase-agreement": {
+ "value": "Behavior Twin",
+ "type": "cx-behavior-twin",
+ "contract-template": "https://public.catena-x.org/contracts/behavior_twin.v1.pdf",
+ "contract-version": "1.0.0"
+ }
+ },
+ "proof": {
+ "type": "JsonWebSignature2020",
+ "created": "[iso8601-timestamp]",
+ "jws": "[jws]",
+ "proofPurpose": "assertionMethod",
+ "verificationMethod": "[did#key-id]"
+ }
+}
+
+
+#### Membership Credential
+
+Attestation of membership, currently used for Catena-X membership
+
+
+{
+ "@context": [
+ "https://www.w3.org/2018/credentials/v1",
+ "https://w3id.org/security/suites/jws-2020/v1",
+ "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/businessPartnerData"
+ ],
+ "id": "[uuid]",
+ "type": [
+ "VerifiableCredential",
+ "MembershipCredential"
+ ],
+ "issuanceDate": "[iso8601-timestamp]",
+ "expirationDate": "[iso8601-timestamp]",
+ "issuer": "[did]",
+ "credentialSubject": {
+ "id": "[did]"
+ "type": "MembershipCredential",
+ "holderIdentifier": "[bpn]",
+ "memberOf": "Catena-X",
+ "status": "Active",
+ "startTime": "[iso8601-timestamp]",
+ }
+}
+
+
+#### Dismantler Credential
+
+
+{
+ "@context": [
+ "https://www.w3.org/2018/credentials/v1",
+ "https://w3id.org/security/suites/jws-2020/v1",
+ "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/businessPartnerData"
+ ],
+ "id": "[uuid]",
+ "issuer": "[did]",
+ "type": [
+ "VerifiableCredential",
+ "DismantlerCredential"
+ ],
+ "issuanceDate": "[iso8601-timestamp]",
+ "expirationDate": "[iso8601-timestamp]",
+ "credentialSubject": {
+ "id": "[did]",
+ "holderIdentifier": "[bpn]",
+ "allowedVehicleBrands": [
+ "[brand 1]",
+ "[brand 2]",
+ "[brand 3]"
+ ]
+ },
+ "proof": {
+ "type": "JsonWebSignature2020",
+ "created": "[iso8601-timestamp]",
+ "jws": "[jws]",
+ "proofPurpose": "assertionMethod",
+ "verificationMethod": "[did#key-id]"
+ }
+}
+
+
+#### PCF Use Case Credential
+
+
+{
+ "@context": [
+ "https://www.w3.org/2018/credentials/v1",
+ "https://www.w3.org/2018/credentials/examples/v1",
+ "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/UseCaseVC"
+ ],
+ "id": "[uuid]",
+ "issuer": "[did]",
+ "type": [
+ "VerifiableCredential",
+ "UseCaseFrameworkCondition"
+ ],
+ "issuanceDate": "[iso8601-timestamp]",
+ "expirationDate": "[iso8601-timestamp]", //Optional field
+ "credentialSubject": {
+ "id": "[did]",
+ "holderIdentifier": "[bpn]",
+ "usecaseAgreement": {
+ "value": "PCF",
+ "type": "cx-pcf",
+ "contract-template": "https://public.catena-x.org/contracts/pcf.v1.pdf",
+ "contract-version": "1.0.0"
+ }
+ },
+ "proof": {
+ "type": "JsonWebSignature2020",
+ "created": "[iso8601-timestamp]",
+ "jws": "[jws]",
+ "proofPurpose": "assertionMethod",
+ "verificationMethod": "[did#key-id]"
+ }
+}
+
+
+#### Quality Use Case Credential
+
+
+{
+ "@context": [
+ "https://www.w3.org/2018/credentials/v1",
+ "https://w3id.org/security/suites/jws-2020/v1",
+ "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/UseCaseVC"
+ ],
+ "id": "[uuid]",
+ "issuer": "[did]",
+ "type": [
+ "VerifiableCredential",
+ "UseCaseFrameworkCondition"
+ ],
+ "issuanceDate": "[iso8601-timestamp]",
+ "expirationDate": "[iso8601-timestamp]",
+ "credentialSubject": {
+ "id": "[did]",
+ "holderIdentifier": "[bpn]",
+ "usecase-agreement": {
+ "value": "Quality",
+ "type": "cx-quality",
+ "contract-template": "https://public.catena-x.org/contracts/quality.v1.pdf",
+ "contract-version": "1.0.0"
+ }
+ },
+ "proof": {
+ "type": "JsonWebSignature2020",
+ "created": "[iso8601-timestamp]",
+ "jws": "[jws]",
+ "proofPurpose": "assertionMethod",
+ "verificationMethod": "[did#key-id]"
+ }
+}
+
+
+#### Resiliency Use Case Credential
+
+
+{
+ "@context": [
+ "https://www.w3.org/2018/credentials/v1",
+ "https://w3id.org/security/suites/jws-2020/v1",
+ "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/UseCaseVC"
+ ],
+ "id": "[uuid]",
+ "issuer": "[did]",
+ "type": [
+ "VerifiableCredential",
+ "UseCaseFrameworkCondition"
+ ],
+ "issuanceDate": "[iso8601-timestamp]",
+ "expirationDate": "[iso8601-timestamp]",
+ "credentialSubject": {
+ "id": "[did]",
+ "holderIdentifier": "[bpn]",
+ "usecase-agreement": {
+ "value": "Resiliency",
+ "type": "cx-resiliency",
+ "contract-template": "https://public.catena-x.org/contracts/resiliency.v1.pdf",
+ "contract-version": "1.0.0"
+ }
+ },
+ "proof": {
+ "type": "JsonWebSignature2020",
+ "created": "[iso8601-timestamp]",
+ "jws": "[jws]",
+ "proofPurpose": "assertionMethod",
+ "verificationMethod": "[did#key-id]"
+ }
+}
+
+
+#### Sustainability Use Case Credential
+
+
+{
+ "@context": [
+ "https://www.w3.org/2018/credentials/v1",
+ "https://w3id.org/security/suites/jws-2020/v1",
+ "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/UseCaseVC"
+ ],
+ "id": "[uuid]",
+ "issuer": "[did]",
+ "type": [
+ "VerifiableCredential",
+ "UseCaseFrameworkCondition"
+ ],
+ "issuanceDate": "[iso8601-timestamp]",
+ "expirationDate": "[iso8601-timestamp]",
+ "credentialSubject": {
+ "id": "[did]",
+ "holderIdentifier": "[bpn]",
+ "usecase-agreement": {
+ "value": "Sustainability",
+ "type": "cx-sustainability",
+ "contract-template": "https://public.catena-x.org/contracts/sustainability.v1.pdf",
+ "contract-version": "1.0.0"
+ }
+ },
+ "proof": {
+ "type": "JsonWebSignature2020",
+ "created": "[iso8601-timestamp]",
+ "jws": "[jws]",
+ "proofPurpose": "assertionMethod",
+ "verificationMethod": "[did#key-id]"
+ }
+}
+
+
+#### Trace Use Case Credential
+
+
+{
+ "@context": [
+ "https://www.w3.org/2018/credentials/v1",
+ "https://w3id.org/security/suites/jws-2020/v1",
+ "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/UseCaseVC"
+ ],
+ "id": "[uuid]",
+ "issuer": "[did]",
+ "type": [
+ "VerifiableCredential",
+ "UseCaseFrameworkCondition"
+ ],
+ "issuanceDate": "[iso8601-timestamp]",
+ "expirationDate": "[iso8601-timestamp]", //Optional field
+ "credentialSubject": {
+ "id": "[did]",
+ "holderIdentifier": "[bpn]",
+ "usecaseAgreement": {
+ "value": "ID_3.0_Trace",
+ "type": "cx-traceability",
+ "contract-template": "https://public.catena-x.org/contracts/traceabilty.v1.pdf",
+ "contract-version": "1.0.0",
+ }
+ },
+ "proof": {
+ "type": "JsonWebSignature2020",
+ "created": "[iso8601-timestamp]",
+ "jws": "[jws]",
+ "proofPurpose": "assertionMethod",
+ "verificationMethod": "[did#key-id]"
+ }
+}
+
+
+#### Summary Credential (scheduled for deprecation)
+
+The flow of creating a summary credential
+
+```plantuml
+```
+
+
+{
+ "@context": [
+ "https://www.w3.org/2018/credentials/v1",
+ "https://w3id.org/security/suites/jws-2020/v1",
+ "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/UseCaseVC"
+ ],
+ "id": "[uuid]",
+ "issuer": "[did]",
+ "type": [
+ "VerifiableCredential",
+ "SummaryCredential"
+ ],
+ "issuanceDate": "[iso8601-timestamp]",
+ "expirationDate": "[iso8601-timestamp]", //Optional field
+ "credentialSubject": {
+ "id": "[did]",
+ "holderIdentifier": "[bpn]",
+ },
+ "proof": {
+ "type": "JsonWebSignature2020",
+ "created": "[iso8601-timestamp]",
+ "jws": "[jws]",
+ "proofPurpose": "assertionMethod",
+ "verificationMethod": "[did#key-id]"
+ }
+}
+
+
+
+# Deployment
+
+A description of the overall structure of components including how to
+run and test it locally as well as on Kubernetes in the cloud is
+available in the GitHub repository:
+
+
+The INT/DEV deployment is done using Helm charts. The charts are located in the
+`charts/` sub-directory of the repository. The charts are picked up by
+[ArgoCD](https://argo-cd.readthedocs.io/en/stable/) and executed, resulting in
+a INT/DEV deployment into the respective Kubernetes cluster. ArgoCD polls the
+GitHub status continuously and executes the Helm charts when a new commit is
+detected on one of the target branches, e.g. "main". A benefit of ArgoCD is that it
+automatically detects variables from the Helm charts and displays them in the
+ArgoCD UI.
+
+[ArgoCD INT](https://argo.int.demo.catena-x.net/)
+[ArgoCD DEV](https://argo.dev.demo.catena-x.net/)
+
+[Taskfile](https://taskfile.dev) aids the local development setup, the README
+of the main repository includes detailed usage instructions.
+
+# Guiding Concepts
+
+The main driver behind the Managed Identity Wallet Service was the compliance
+and compatibility with W3C SSI standards in relation to GAIA-X principles. The
+solution references, and uses a couple of standards and re-usable open-source
+components:
+
+- W3C Decentralized Identifiers (DIDs)
+- W3C Verifiable Credentials Core Data Model
+- W3C JSON-LD Basic Concepts
+- W3C Securing Verifiable Credentials using JOSE and COSE
+ , **NOTE**: the JsonWebSignature2020 is
+ discontinued .
+
+# Design Decisions
+
+The working group made several decisions during the sprint work and further
+development of the Managed Identity Wallet Service.
+
+## Selection of DID method
+
+For simplicity-sake we've chosen the `did:web` method, as it is easy to
+implement and reason about. We are fully aware that this method is not 100%
+distributed as there is still a centralized body issuing the DNS records, but
+it will accelerate the development and adoption of SSI and MIW technologies,
+which will lead to the implementation of more complex did methods.
+
+# Quality Requirements
+
+The work being done on the project has been focused on creating a base
+implementation of the Managed Identity Wallet Service. The current state has
+compromised on some aspects to further progress the development. The [Risks and
+Technical Depts](#technical-debts) section addresses those points in greater
+detail. Nevertheless we've focused on Security and Deployability.
+
+The Managed Identity Wallet sticks to the following Quality Gate
+requirements where relevant and applicable:
+
+- Documentation: Architecture
+- Documentation: Administrator\'s Guide
+- Documentation: Interfaces
+- Documentation: Source Code
+- Documentation: Development Process
+- Documentation: Standardization - Interoperability and Data Sovereignty
+- Compliance: GDPR
+- Test Results: Deployment/Installation
+- Test Results: Code Quality Analysis
+- Test Results: System Integration Tests
+- Security & Compliance: Penetration Tests
+- Security & Compliance: Threat Modeling
+- Security & Compliance: Static Application Security Testing
+- Security & Compliance: Dynamic Application Security Testing
+- Security & Compliance: Secret scanning
+- Security & Compliance: Software Composition Analysis
+- Security & Compliance: Container Scan
+- Security & Compliance: Infrastructure as Code
+
+# Technical Debts
+
+## DID Technical Debts
+
+- DID document only covers varification method. No service endpoints
+
+## MIW Technical Debts
+
+- No real tenant system
+- Private Keys are AES encrypted and stored in the MIW Postgres database
+- No revocation service available
+- Summary Credential used as a token.
+- Only 1 verifiable credential (VC) in a verifiable presentation (VP) possible
+- Summary VC (S-VC) created with the private key of the auhtority
+- DID documents are stored in the MIW
+- Summary VC always get deleted when new CX-Credential is added to the
+ MIW
+- The creation of CX-Credential is located in the MIW, should be a dedicated
+ service outside of the wallet service
+- Only managed wallet available. No self-mangaged wallet
+- No Issuer Registry. Only one trusted issuer available
+- Download of VC to own wallet not possible
+- No varifiable data registry in place
+- No key rotation
+- No update possibility for credentials, they need to be deleted and new ones generated
+
+## Verifiable Credential
+
+- CX-Credentials are not consistent
+- Only Summary Credential will be used because of the http header limition of 8KB
+
+## SSI Library
+
+- No validation for JsonWebSignature2020 with RSA key
+- No Security valdition only Sercurity Assessment done, no attack vectors are tested
+
+# Glossary
+
+| **Term** | **Description** |
+|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| JWT | A "JWT" (JSON Web Token) is a compact and self-contained token format used for securely transmitting information between parties as a JSON object. |
+| Gaia-X | Gaia-X is a European initiative aimed at creating a secure and federated data infrastructure that promotes data sovereignty, interoperability, and transparency, fostering a collaborative and trustworthy ecosystem for data sharing and utilization across various sectors and industries. |
+| Portal | The portal is used for the registration/onboarding process of companies and includes the login, user management and the initial registration and verification. |
+| Decentralized Identifier (DID) | Decentralized Identifiers are a type of identifiers that are published on decentralized infrastructure making them tamper-proof and highly secure. ([more](https://www.w3.org/TR/did-core/)) |
+| Claim | A Claim is a statement or piece of information made by an entity, often included in tokens like JWTs or Verifiable Credentials, providing specific details about an individual, object, or attribute, which can be used for authentication, authorization, or verification purposes. |
+| Verifiable Credential | A Verifiable Credential is a digitally signed attestation of a specific fact or attribute about an entity, enabling secure and tamper-proof sharing of information. |
+| Holder | A Holder is an individual or entity that possesses and controls a digital credential or Verifiable Presentation, enabling them to present authenticated information about themselves or their attributes to verifiers in a secure and tamper-proof manner. |
+| Issuer | An Issuer is an entity or system responsible for creating and issuing digital credentials or Verifiable Credentials, providing authenticated information about individuals, objects, or attributes, which can be reliably presented and verified by others in various applications and contexts. |
+| Verifiable Presentation | A Verifiable Presentation is a digitally signed collection of Verifiable Credentials that provides a secure and tamper-proof way to present and share authenticated information about an entity's attributes or qualifications. |
+| Verifier | A Verifier is an entity or system responsible for validating and verifying the authenticity and integrity of digital signatures and claims presented in Verifiable Credentials or presentations. |
+| Managed Identity Wallet | A Managed Identity Wallet is a secure digital repository that centrally manages and stores various forms of digital identity information, such as credentials, Verifiable Credentials, and keys, providing convenient access and controlled sharing while ensuring privacy and security. |
+
+# NOTICE
+
+This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0).
+
+- SPDX-License-Identifier: Apache-2.0
+- SPDX-FileCopyrightText: 2021,2023 Contributors to the Eclipse Foundation
+- Source URL: https://github.com/eclipse-tractusx/managed-identity-wallet