Merge pull request #4 from Sphereon-Opensource/main

Merge main to develop to make develop the default branch

.fleet/receipt.json

@@ -0,0 +1,33 @@
+{
+    "spec": {
+        "template_id": "kmt",
+        "targets": {
+            "android": {
+                "ui": [
+                    "compose"
+                ]
+            },
+            "ios": {
+                "ui": [
+                    "compose"
+                ]
+            },
+            "desktop": {
+                "ui": [
+                    "compose"
+                ]
+            },
+            "web": {
+                "ui": [
+                    "compose"
+                ]
+            },
+            "server": {
+                "engine": [
+                    "ktor"
+                ]
+            }
+        }
+    },
+    "timestamp": "2024-05-31T15:12:19.991061605Z"
+}

.github/workflows/ci.yml

@@ -0,0 +1,27 @@
+name: Run CI
+on:
+  push:
+  workflow_dispatch:
+
+jobs:
+  gradle:
+    strategy:
+      matrix:
+        os: [ ubuntu-latest, windows-latest ]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-java@v4
+        with:
+          distribution: adopt-hotspot
+          java-version: 17
+
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v3
+
+      - name: Grant execute permission for Gradlew (Linux/Mac)
+        if: runner.os != 'Windows'
+        run: chmod +x ./gradlew
+
+      - name: Execute Gradle build
+        run: ./gradlew build

.gitignore

@@ -0,0 +1,22 @@
+*.iml
+.kotlin
+.gradle
+**/build/
+xcuserdata
+!src/**/build/
+local.properties
+.idea
+.DS_Store
+captures
+.externalNativeBuild
+.cxx
+*.xcodeproj/*
+!*.xcodeproj/project.pbxproj
+!*.xcodeproj/xcshareddata/
+!*.xcodeproj/project.xcworkspace/
+!*.xcworkspace/contents.xcworkspacedata
+**/xcshareddata/WorkspaceSettings.xcsettings
+/build-tools/
+/platforms/
+/platform-tools/
+/.temp/

.knownPackages

@@ -0,0 +1 @@
+r��F�#�ܖ�<E���

README.md

@@ -0,0 +1,71 @@
+<h1 align="center">
+  <br>
+  <a href="https://www.sphereon.com"><img src="https://sphereon.com/content/themes/sphereon/assets/img/logo.svg" alt="Sphereon" width="400"></a>
+  <br>OpenID Federation Monorepo
+  <br>
+</h1>
+
+# Background
+
+OpenID Federation is a framework designed to facilitate the secure and interoperable interaction of entities within a federation. This involves the use of JSON Web Tokens (JWTs) to represent and convey necessary information for entities to participate in federations, ensuring trust and security across different organizations and systems.
+
+In the context of OpenID Federation, Entity Statements play a crucial role. These are signed JWTs that contain details about the entity, such as its public keys and metadata. This framework allows entities to assert their identity and capabilities in a standardized manner, enabling seamless integration and interoperability within federations.
+
+## Key Concepts
+
+- **Federation**: A group of organizations that agree to interoperate under a set of common rules defined in a federation policy.
+- **Entity Statements**: JSON objects that contain metadata about entities (IdPs, RPs) and their federation relationships.
+- **Trust Chains**: Mechanisms by which parties in a federation verify each other’s trustworthiness through a chain of entity statements, leading back to a trusted authority.
+- **Federation API**: Interfaces defined for entities to exchange information and perform operations necessary for federation management.
+
+## Core Components
+
+- **Federation Operator**: The central authority in a federation that manages policy and trust chain verification.
+- **Identity Providers (IdPs)**: Entities that authenticate users and provide identity assertions to relying parties.
+- **Relying Parties (RPs)**: Entities that rely on identity assertions provided by IdPs to offer services to users.
+
+## Technical Features
+
+- **JSON Web Tokens (JWT)**: Used for creating verifiable entity statements and security assertions.
+- **JSON Object Signing and Encryption (JOSE)**: Standards for signing and encrypting JSON-based objects to ensure their integrity and confidentiality.
+
+## Operational Model
+
+- **Dynamic Federation**: Allows entities to join or adjust their federation relationships dynamically, based on real-time verification of entity statements.
+- **Trust Model**: Establishes a model where trust is derived from known and verifiable sources and can be dynamically adjusted according to real-time interactions and policy evaluations.
+- **Conflict Resolution**: Defines how disputes or mismatches in federation policies among entities are resolved.
+
+# Data Structure
+
+## Entity Statement Overview
+
+### 1. Definition
+- An Entity Statement is a signed JWT containing information necessary for the Entity to participate in federations.
+- **Entity Configuration**: An Entity Statement about itself.
+- **Subordinate Statement**: An Entity Statement about an Immediate Subordinate Entity by a Superior Entity.
+
+### 2. Requirements and Structure
+- **Type**: JWT must be explicitly typed as `entity-statement+jwt`.
+- **Signature**: Signed using the issuer’s private key, preferably using ECDSA using P-256 and SHA-256 (ES256).
+- **Key ID (kid)**: The header must include the Key ID of the signing key.
+
+### 3. Claims in an Entity Statement
+- **iss (Issuer)**: Entity Identifier of the issuer.
+- **sub (Subject)**: Entity Identifier of the subject.
+- **iat (Issued At)**: Time the statement was issued.
+- **exp (Expiration Time)**: Time after which the statement is no longer valid.
+- **jwks (JSON Web Key Set)**: Public keys for verifying signatures. Required except in specific cases like Explicit Registration.
+- **authority_hints** (Optional): Identifiers of Intermediate Entities or Trust Anchors that may issue Subordinate Statements.
+- **metadata** (Optional): Represents the Entity’s Types and metadata.
+- **metadata_policy** (Optional): Defines a metadata policy, applicable to the subject and its Subordinates.
+- **constraints** (Optional): Defines Trust Chain constraints.
+- **crit** (Optional): Specifies critical claims that must be understood and processed.
+- **metadata_policy_crit** (Optional): Specifies critical metadata policy operators that must be understood and processed.
+- **trust_marks** (Optional): Array of JSON objects, each representing a Trust Mark.
+- **trust_mark_issuers** (Optional): Specifies trusted issuers of Trust Marks.
+- **trust_mark_owners** (Optional): Specifies ownership of Trust Marks by different Entities.
+- **source_endpoint** (Optional): URL to fetch the Entity Statement from the issuer.
+
+### 4. Usage and Flexibility
+- Entity Statements can include additional claims as required by applications and protocols.
+- Metadata in Subordinate Statements overrides that in the Entity’s own configuration.

build.gradle.kts

@@ -0,0 +1,10 @@
+plugins {
+    // this is necessary to avoid the plugins to be loaded multiple times
+    // in each subproject's classloader
+    alias(libs.plugins.androidApplication) apply false
+    alias(libs.plugins.androidLibrary) apply false
+    alias(libs.plugins.jetbrainsCompose) apply false
+    alias(libs.plugins.compose.compiler) apply false
+    alias(libs.plugins.kotlinJvm) apply false
+    alias(libs.plugins.kotlinMultiplatform) apply false
+}

gradle.properties

@@ -0,0 +1,15 @@
+kotlin.code.style=official
+
+#Gradle
+org.gradle.jvmargs=-Xmx2048M -Dfile.encoding=UTF-8 -Dkotlin.daemon.jvm.options\="-Xmx2048M"
+
+#Android
+android.nonTransitiveRClass=true
+android.useAndroidX=true
+
+#Ktor
+io.ktor.development=true
+
+#MPP
+kotlin.mpp.androidSourceSetLayoutVersion=2
+kotlin.mpp.enableCInteropCommonization=true

gradle/libs.versions.toml

@@ -0,0 +1,44 @@
+[versions]
+agp = "8.2.0"
+android-compileSdk = "34"
+android-minSdk = "24"
+android-targetSdk = "34"
+androidx-activityCompose = "1.9.0"
+androidx-appcompat = "1.6.1"
+androidx-constraintlayout = "2.1.4"
+androidx-core-ktx = "1.13.1"
+androidx-espresso-core = "3.5.1"
+androidx-material = "1.12.0"
+androidx-test-junit = "1.1.5"
+compose-plugin = "1.6.10"
+junit = "4.13.2"
+kotlin = "2.0.0"
+kotlinxSerializationJson = "1.7.0-RC"
+ktor = "2.3.11"
+logback = "1.5.6"
+
+[libraries]
+kotlin-test = { module = "org.jetbrains.kotlin:kotlin-test", version.ref = "kotlin" }
+kotlin-test-junit = { module = "org.jetbrains.kotlin:kotlin-test-junit", version.ref = "kotlin" }
+junit = { group = "junit", name = "junit", version.ref = "junit" }
+androidx-core-ktx = { group = "androidx.core", name = "core-ktx", version.ref = "androidx-core-ktx" }
+androidx-test-junit = { group = "androidx.test.ext", name = "junit", version.ref = "androidx-test-junit" }
+androidx-espresso-core = { group = "androidx.test.espresso", name = "espresso-core", version.ref = "androidx-espresso-core" }
+androidx-appcompat = { group = "androidx.appcompat", name = "appcompat", version.ref = "androidx-appcompat" }
+androidx-material = { group = "com.google.android.material", name = "material", version.ref = "androidx-material" }
+androidx-constraintlayout = { group = "androidx.constraintlayout", name = "constraintlayout", version.ref = "androidx-constraintlayout" }
+androidx-activity-compose = { module = "androidx.activity:activity-compose", version.ref = "androidx-activityCompose" }
+kotlinx-serialization-json = { module = "org.jetbrains.kotlinx:kotlinx-serialization-json", version.ref = "kotlinxSerializationJson" }
+logback = { module = "ch.qos.logback:logback-classic", version.ref = "logback" }
+ktor-server-core = { module = "io.ktor:ktor-server-core-jvm", version.ref = "ktor" }
+ktor-server-netty = { module = "io.ktor:ktor-server-netty-jvm", version.ref = "ktor" }
+ktor-server-tests = { module = "io.ktor:ktor-server-tests-jvm", version.ref = "ktor" }
+
+[plugins]
+androidApplication = { id = "com.android.application", version.ref = "agp" }
+androidLibrary = { id = "com.android.library", version.ref = "agp" }
+jetbrainsCompose = { id = "org.jetbrains.compose", version.ref = "compose-plugin" }
+compose-compiler = { id = "org.jetbrains.kotlin.plugin.compose", version.ref = "kotlin" }
+kotlinJvm = { id = "org.jetbrains.kotlin.jvm", version.ref = "kotlin" }
+ktor = { id = "io.ktor.plugin", version.ref = "ktor" }
+kotlinMultiplatform = { id = "org.jetbrains.kotlin.multiplatform", version.ref = "kotlin" }

gradle/wrapper/gradle-wrapper.properties

@@ -0,0 +1,7 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
+networkTimeout=10000
+validateDistributionUrl=true
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists