Backend for the EHIC project: Issue, store and verify a custom European Health Insurance Card(EHIC) in the form of a verifiable credential
This is the backend for the EHIC project, a prototype created to demonstrate Self-Sovereign Identity (SSI) and the lifecycle of custom Verifiable Credentials (VC) in the field. The prototype simulates an EU citizen's experience with a digital form of the European Health Insurance Card, from requesting such a certificate from the insurance company to storing it in the user's wallet and finally presenting it at a health clinic.
The project aims to create, issue and verify the European Health Insurance Card (EHIC) in the form of a Verifiable Credential. The project consists of two web portals: the issuer (Insurance company) and the verifier (Health clinic), a web wallet (User) and this backend server.
The backend server is an extension of Walt.ids WalletKit, adapted to issue a customized European health insurance card in the form of a Verifiable Credential and other minor adjustments.
The application can be run locally or on docker. If the whole application is running on docker, make sure that all ports are properly adjusted.
- Verifiable Credential and Presentation exchange
- Support for credential presentation exchange based on OIDC-SIOPv2 spec
- Presentation exchange
- Support for presentation exchange based on OIDC-SIOPv2 spec
- Verifiable credential issuance
- Support for issuing verifiable credentials to the web wallet, based on OIDC-SIOPv2 spec
Configuration and data are kept in sub folders of the data root:
config/
data/
Data root is by default the current working directory.
It can be overridden by specifying the environment variable:
WALTID_DATA_ROOT
config/verifier-config.json
{
"verifierUiUrl": "http://localhost:4000", # URL of verifier portal UI
"verifierApiUrl": "http://localhost:8080/verifier-api", # URL of verifier portal API
"wallets": { # wallet configuration
"walt.id": { # wallet configuration key
"id": "walt.id", # wallet ID
"url": "http://localhost:3000", # URL of wallet UI
"presentPath": "CredentialRequest", # URL subpath for a credential presentation request
"receivePath" : "ReceiveCredential/", # URL subpath for a credential issuance request
"description": "walt.id web wallet" # Wallet description
}
}
}
config/issuer-config.json
{
"issuerUiUrl": "http://localhost:5000", # URL of issuer portal UI
"issuerApiUrl": "http://localhost:8080/issuer-api", # URL of issuer portal API (needs to be accessible from the walletkit)
"wallets": { # wallet configuration
"walt.id": { # wallet configuration key
"id": "walt.id", # wallet ID
"url": "http://localhost:3000", # URL of wallet UI
"presentPath": "CredentialRequest", # URL subpath for a credential presentation request
"receivePath" : "ReceiveCredential/", # URL subpath for a credential issuance request
"description": "walt.id web wallet" # Wallet description
}
}
}
User data (dids, keys, credentials) are currently stored under
data/<user@email.com>
Gradle or Docker can be used to build this project independently. Once running, one can access the Swagger API at http://localhost:8080/api/swagger
gradle build
unzip package under build/distributions and switch into the new folder. Copy config-files service-matrix.properties and signatory.conf from the root folder and run the bash-script:
./bin/waltid-walletkit
To run the backend you will execute:
waltid-walletkit run
To have issuers, you will have to execute:
waltid-walletkit --init-issuer
docker build -t waltid/walletkit .
docker run -it -p 8080:8080 waltid/walletkit
To spawn the backend together with the wallet frontend, the issuer- and the verifier-portal, one can make use of the docker-compose configuration located in folder:
./docker/
In order to simply run everything, enter:
docker-compose up
This configuration will publish the following endpoints by default:
- web wallet on [HOSTNAME]:8080
- wallet frontend: http://[HOSTNAME]:8080/
- wallet API: http://[HOSTNAME]:8080/api/
- verifier portal on [HOSTNAME]:8081
- verifier frontend: http://[HOSTNAME]:8081/
- verifier API: http://[HOSTNAME]:8081/verifier-api/
- issuer portal on [HOSTNAME]:8082
- issuer frontend: http://[HOSTNAME]:8082/
- issuer API: http://[HOSTNAME]:8082/issuer-api/
Note
[HOSTNAME] is your local computer name. Using localhost, not all features will work correctly.
Visit the ./docker
. folder for adjusting the system config in the following files
- docker-compose.yaml - Docker config for launching containers, volumes & networking
- ingress.conf - Routing config
- config/verifier-config.json - verifier portal configuration
- config/issuer-config.json - issuer portal configuration
Licensed under the Apache License, Version 2.0