From 3ccdd523f4ece23dc666f98760a241f591aaece4 Mon Sep 17 00:00:00 2001 From: Berend Sliedrecht <61358536+berendsliedrecht@users.noreply.github.com> Date: Fri, 22 Nov 2024 12:25:04 +0100 Subject: [PATCH 1/3] feat: default to cloud hsm (#224) Signed-off-by: Berend Sliedrecht --- .../features/onboarding/onboardingContext.tsx | 2 +- package.json | 2 +- pnpm-lock.yaml | 26 +++++++++---------- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/apps/easypid/src/features/onboarding/onboardingContext.tsx b/apps/easypid/src/features/onboarding/onboardingContext.tsx index 768238d9..0b42f979 100644 --- a/apps/easypid/src/features/onboarding/onboardingContext.tsx +++ b/apps/easypid/src/features/onboarding/onboardingContext.tsx @@ -632,7 +632,7 @@ export function OnboardingContextProvider({ { // TODO: make configurable - // setShouldUseCloudHsm(true) + setShouldUseCloudHsm(true) goToNextStep() }} /> diff --git a/package.json b/package.json index cde3e317..e59a447c 100644 --- a/package.json +++ b/package.json @@ -41,7 +41,7 @@ "@animo-id/oid4vci": "0.1.4-alpha-20241120145259", "@animo-id/oauth2": "0.1.4-alpha-20241120145259", "@animo-id/oauth2-utils": "0.1.4-alpha-20241120145259", - "@animo-id/expo-secure-environment": "0.1.0-alpha.10", + "@animo-id/expo-secure-environment": "0.1.0-alpha.11", "@animo-id/expo-mdoc-data-transfer": "0.0.3-alpha.7", "@types/react": "~18.2.79", "react-docgen-typescript": "2.2.2", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 6b5772fb..ccf6d1a0 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -24,7 +24,7 @@ overrides: '@animo-id/oid4vci': 0.1.4-alpha-20241120145259 '@animo-id/oauth2': 0.1.4-alpha-20241120145259 '@animo-id/oauth2-utils': 0.1.4-alpha-20241120145259 - '@animo-id/expo-secure-environment': 0.1.0-alpha.10 + '@animo-id/expo-secure-environment': 0.1.0-alpha.11 '@animo-id/expo-mdoc-data-transfer': 0.0.3-alpha.7 '@types/react': ~18.2.79 react-docgen-typescript: 2.2.2 @@ -65,8 +65,8 @@ importers: specifier: 0.0.3-alpha.7 version: 0.0.3-alpha.7(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@types/react@18.2.79)(expo@51.0.39(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0)))(react@18.3.1) '@animo-id/expo-secure-environment': - specifier: 0.1.0-alpha.10 - version: 0.1.0-alpha.10(expo@51.0.39(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0)))(react-native@0.74.6(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@types/react@18.2.79)(react@18.3.1))(react@18.3.1) + specifier: 0.1.0-alpha.11 + version: 0.1.0-alpha.11(expo@51.0.39(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0)))(react-native@0.74.6(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@types/react@18.2.79)(react@18.3.1))(react@18.3.1) '@credo-ts/core': specifier: 0.6.0-alpha-20241120153226 version: 0.6.0-alpha-20241120153226(expo@51.0.39(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0)))(react-native@0.74.6(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@types/react@18.2.79)(react@18.3.1))(web-streams-polyfill@3.3.3) @@ -234,8 +234,8 @@ importers: apps/paradym: dependencies: '@animo-id/expo-secure-environment': - specifier: 0.1.0-alpha.10 - version: 0.1.0-alpha.10(expo@51.0.39(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0)))(react-native@0.74.6(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@types/react@18.2.79)(react@18.3.1))(react@18.3.1) + specifier: 0.1.0-alpha.11 + version: 0.1.0-alpha.11(expo@51.0.39(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0)))(react-native@0.74.6(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@types/react@18.2.79)(react@18.3.1))(react@18.3.1) '@hyperledger/anoncreds-react-native': specifier: ^0.2.4 version: 0.2.4(react-native@0.74.6(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@types/react@18.2.79)(react@18.3.1))(react@18.3.1) @@ -543,7 +543,7 @@ importers: version: 0.6.0-alpha-20241120153226(@hyperledger/anoncreds-shared@0.2.4)(expo@51.0.38(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0)))(react-native@0.76.1(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@react-native-community/cli-server-api@15.1.0)(@types/react@18.2.79)(react@18.3.1))(web-streams-polyfill@3.3.3) '@credo-ts/askar': specifier: 0.6.0-alpha-20241120153226 - version: 0.6.0-alpha-20241120153226(patch_hash=zbu2rcss5evxukkhh5w5venkba)(@animo-id/expo-secure-environment@0.1.0-alpha.10(expo@51.0.38(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0)))(react-native@0.76.1(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@react-native-community/cli-server-api@15.1.0)(@types/react@18.2.79)(react@18.3.1))(react@18.3.1))(@hyperledger/aries-askar-shared@0.2.3)(expo@51.0.38(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0)))(react-native@0.76.1(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@react-native-community/cli-server-api@15.1.0)(@types/react@18.2.79)(react@18.3.1))(web-streams-polyfill@3.3.3) + version: 0.6.0-alpha-20241120153226(patch_hash=zbu2rcss5evxukkhh5w5venkba)(@animo-id/expo-secure-environment@0.1.0-alpha.11(expo@51.0.38(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0)))(react-native@0.76.1(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@react-native-community/cli-server-api@15.1.0)(@types/react@18.2.79)(react@18.3.1))(react@18.3.1))(@hyperledger/aries-askar-shared@0.2.3)(expo@51.0.38(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0)))(react-native@0.76.1(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@react-native-community/cli-server-api@15.1.0)(@types/react@18.2.79)(react@18.3.1))(web-streams-polyfill@3.3.3) '@credo-ts/cheqd': specifier: 0.6.0-alpha-20241120153226 version: 0.6.0-alpha-20241120153226(@hyperledger/anoncreds-shared@0.2.4)(expo@51.0.38(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0)))(react-native@0.76.1(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@react-native-community/cli-server-api@15.1.0)(@types/react@18.2.79)(react@18.3.1))(web-streams-polyfill@3.3.3) @@ -784,8 +784,8 @@ packages: expo: '>= 51' react: 18.3.1 - '@animo-id/expo-secure-environment@0.1.0-alpha.10': - resolution: {integrity: sha512-ZnEnayIbjDarLizdT1FDhx1N00kObEs8uT+X60zattWXufrhaetlHZwMI2mK8eqK1bdiyVE/g0Gd+BcfinU4Jw==} + '@animo-id/expo-secure-environment@0.1.0-alpha.11': + resolution: {integrity: sha512-cAwsK8QWZc4ywxH6r0sqrH5yGdp5bKkw3fUr41CSs/TDZ42FIMeIK+tEdc78Bp+szykEywnnZpaAKdoTAd3ebw==} peerDependencies: expo: '*' react: 18.3.1 @@ -1699,7 +1699,7 @@ packages: '@credo-ts/askar@0.6.0-alpha-20241120153226': resolution: {integrity: sha512-oTIjsSON8uWHnFQueOMTVuv8uXbOo+xJ/QxIs8znmbMRiCTsDPDxHTlMOAmpXPv62yknSKPjRPkjzgeUg8X6JQ==} peerDependencies: - '@animo-id/expo-secure-environment': 0.1.0-alpha.10 + '@animo-id/expo-secure-environment': 0.1.0-alpha.11 '@hyperledger/aries-askar-shared': ^0.2.3 peerDependenciesMeta: '@animo-id/expo-secure-environment': @@ -10463,7 +10463,7 @@ snapshots: - supports-color - utf-8-validate - '@animo-id/expo-secure-environment@0.1.0-alpha.10(expo@51.0.38(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0)))(react-native@0.76.1(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@react-native-community/cli-server-api@15.1.0)(@types/react@18.2.79)(react@18.3.1))(react@18.3.1)': + '@animo-id/expo-secure-environment@0.1.0-alpha.11(expo@51.0.38(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0)))(react-native@0.76.1(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@react-native-community/cli-server-api@15.1.0)(@types/react@18.2.79)(react@18.3.1))(react@18.3.1)': dependencies: '@peculiar/asn1-ecc': 2.3.14 '@peculiar/asn1-schema': 2.3.13 @@ -10473,7 +10473,7 @@ snapshots: react-native: 0.76.1(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@react-native-community/cli-server-api@15.1.0)(@types/react@18.2.79)(react@18.3.1) optional: true - '@animo-id/expo-secure-environment@0.1.0-alpha.10(expo@51.0.39(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0)))(react-native@0.74.6(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@types/react@18.2.79)(react@18.3.1))(react@18.3.1)': + '@animo-id/expo-secure-environment@0.1.0-alpha.11(expo@51.0.39(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0)))(react-native@0.74.6(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@types/react@18.2.79)(react@18.3.1))(react@18.3.1)': dependencies: '@peculiar/asn1-ecc': 2.3.14 '@peculiar/asn1-schema': 2.3.13 @@ -11679,7 +11679,7 @@ snapshots: - supports-color - web-streams-polyfill - '@credo-ts/askar@0.6.0-alpha-20241120153226(patch_hash=zbu2rcss5evxukkhh5w5venkba)(@animo-id/expo-secure-environment@0.1.0-alpha.10(expo@51.0.38(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0)))(react-native@0.76.1(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@react-native-community/cli-server-api@15.1.0)(@types/react@18.2.79)(react@18.3.1))(react@18.3.1))(@hyperledger/aries-askar-shared@0.2.3)(expo@51.0.38(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0)))(react-native@0.76.1(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@react-native-community/cli-server-api@15.1.0)(@types/react@18.2.79)(react@18.3.1))(web-streams-polyfill@3.3.3)': + '@credo-ts/askar@0.6.0-alpha-20241120153226(patch_hash=zbu2rcss5evxukkhh5w5venkba)(@animo-id/expo-secure-environment@0.1.0-alpha.11(expo@51.0.38(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0)))(react-native@0.76.1(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@react-native-community/cli-server-api@15.1.0)(@types/react@18.2.79)(react@18.3.1))(react@18.3.1))(@hyperledger/aries-askar-shared@0.2.3)(expo@51.0.38(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0)))(react-native@0.76.1(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@react-native-community/cli-server-api@15.1.0)(@types/react@18.2.79)(react@18.3.1))(web-streams-polyfill@3.3.3)': dependencies: '@credo-ts/core': 0.6.0-alpha-20241120153226(expo@51.0.38(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0)))(react-native@0.76.1(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@react-native-community/cli-server-api@15.1.0)(@types/react@18.2.79)(react@18.3.1))(web-streams-polyfill@3.3.3) '@hyperledger/aries-askar-shared': 0.2.3 @@ -11689,7 +11689,7 @@ snapshots: rxjs: 7.8.1 tsyringe: 4.8.0 optionalDependencies: - '@animo-id/expo-secure-environment': 0.1.0-alpha.10(expo@51.0.38(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0)))(react-native@0.76.1(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@react-native-community/cli-server-api@15.1.0)(@types/react@18.2.79)(react@18.3.1))(react@18.3.1) + '@animo-id/expo-secure-environment': 0.1.0-alpha.11(expo@51.0.38(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0)))(react-native@0.76.1(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@react-native-community/cli-server-api@15.1.0)(@types/react@18.2.79)(react@18.3.1))(react@18.3.1) transitivePeerDependencies: - domexception - encoding From 244fefb9341c4324a82f21cd2017e7bc5f75f353 Mon Sep 17 00:00:00 2001 From: Ana Goessens Date: Fri, 22 Nov 2024 14:32:21 +0100 Subject: [PATCH 2/3] Update README.md (#225) --- apps/easypid/README.md | 54 ++++++++++++++++++++++++++---------------- 1 file changed, 34 insertions(+), 20 deletions(-) diff --git a/apps/easypid/README.md b/apps/easypid/README.md index 00740d7e..fa37b52f 100644 --- a/apps/easypid/README.md +++ b/apps/easypid/README.md @@ -15,63 +15,78 @@ The identity wallet contains the following features, you can see the full flow w **General App** - 🟢 Onboard user -- 🟢 Set up PIN -- 🟢 Set up biometrics -- 🟢 History + - 🟢 Set up PIN + - 🟢 Set up biometrics + - 🟠 Accept privacy policy + - 🟢 Onboarding instruction + - 🔴 Skippable identity instruction +- 🟠 Home screen +- 🟠 Activity - 🟠 About the app -- 🟢 Authentication using biometrics or PIN +- 🔴 Credential overview +- 🔴 German language option **Credential Management** - 🟢 Credential detail - 🟢 Delete QEAA -- 🟢 Transaction history -- 🔴 SD-JWT VC Type Metadata +- 🟠 SD-JWT VC Type Metadata + - Resolved and base is used, but not claim metadata or SVG template yet - 🟠 Revocation SD-JWT VC - 🔴 Revocation Mdoc +- 🔴 Re-receive the PID **Obtain PID from PID provider** - 🟢 SD JWT VC using OpenID4VCI - 🟢 Mdoc using OpenID4VCI - 🟢 [C option](https://gitlab.opencode.de/bmi/eudi-wallet/eidas-2.0-architekturkonzept/-/blob/main/architecture-proposal.md#preliminary-assessment-and-comparison-of-pid-design-options) -- 🔴 [C' option](https://gitlab.opencode.de/bmi/eudi-wallet/eidas-2.0-architekturkonzept/-/blob/main/architecture-proposal.md#preliminary-assessment-and-comparison-of-pid-design-options) +- 🟠 [C' option](https://gitlab.opencode.de/bmi/eudi-wallet/eidas-2.0-architekturkonzept/-/blob/main/architecture-proposal.md#preliminary-assessment-and-comparison-of-pid-design-options) - 🟢 [B' option](https://gitlab.opencode.de/bmi/eudi-wallet/eidas-2.0-architekturkonzept/-/blob/main/architecture-proposal.md#preliminary-assessment-and-comparison-of-pid-design-options) *temporarily disabled* +- 🟢 Receive the PID from inside of the wallet **Obtain (Q)EAAs from issuer** - 🟢 SD-JWT VC using OpenID4VCI - 🟢 mDOC using OpenID4VCI -- 🔴 PID presentation during (Q)EAA issuance -- 🔴 Batch issuance and single use credentials -- 🔴 Authorization code flow +- 🟢 PID presentation during (Q)EAA issuance +- 🟠 Batch issuance and single use credentials +- 🟢 Authorization code flow - 🔴 Client attestations **Present attestations remotely** - 🟢 PID SD-JWT VC using OpenID4VP - 🟢 PID mDOC using OpenID4VP - 🟢 QEAA SD JWT VC using OpenID4VP -- 🔴 QEAA Mdoc using OpenID4VP -- 🟠 Combined presentations +- 🟢 QEAA Mdoc using OpenID4VP +- 🟢 Combined presentations - 🟢 Cross-device QR flow - 🟢 Same-device flow -- 🔴 New VP query language +- 🟢 SD-JWT OID4VC conformance test suite +- 🟢 mDOC OID4VC conformance test suite +- 🟠 New VP query language **Present attestations in-person** - Android - 🟢 Android-Android over NFC for device engagement - 🔴 SD-JWT VC using OpenID4VP over BLE - - 🔴 mDOC over BLE + - 🟠 mDOC over BLE - iOS - 🔴 SD-JWT VC using OpenID4VP over BLE - 🔴 mDOC over BLE **HSM** - 🟢 On device HSM - - 🔴 Cloud-backed HSM + - 🟠 Cloud-backed HSM + +**Trust Establishment using OpenID Federation Draft 40** +- 🟢 Issuer and verifier entity configuration +- 🟠 Verifier e2e flow with the right keys +- 🟠 Functions for showing everything in the wallet +- 🔴 Issuer e2e flow +- 🔴 Wallet in the OpenID Federation **Other** -- 🔴 Trust establishment using OpenID Federation Draft 34 - 🔴 HAIP compliance -- 🔴 WCAG 2.1 compliance +- 🟠 WCAG 2.1 compliance - 🔴 AI-based oversharing detection **[Test issuer/verifier](https://funke.animo.id/)** @@ -82,7 +97,6 @@ The identity wallet contains the following features, you can see the full flow w The identity wallet contains the following temporary features for development and testing: -- Switch between C and B' PID flow - Using a simulated eID test card - Reset wallet @@ -96,7 +110,7 @@ The identity wallet contains the following temporary features for development an ## Install -The prototype app is currently pusblished privately to select parties. If you're a tester for the SPRIN-D Funke project, you should have received the details on installing the app (either directly or via the guidebook). If not, please reach out to us at ana@animo.id. +The prototype app is currently published privately to select parties. If you're a tester for the SPRIN-D Funke project, you should have received the details on installing the app (either directly or via the guidebook). If not, please reach out to us at ana@animo.id. ## Try it out @@ -204,4 +218,4 @@ The following standards and specifications were implemented. ### 02-09-2024 -- Redeployed test relying party to add a "Open in Wallet" button for same device flow ([commit](https://github.com/animo/openid4vc-playground-funke/commit/9a839521e8d70aaf92b7fa03fa037fc866644ad0)) \ No newline at end of file +- Redeployed test relying party to add a "Open in Wallet" button for same device flow ([commit](https://github.com/animo/openid4vc-playground-funke/commit/9a839521e8d70aaf92b7fa03fa037fc866644ad0)) From 29f01f4257ae1c0991aad20ccebcce3b9aa0624e Mon Sep 17 00:00:00 2001 From: Ana Goessens Date: Fri, 22 Nov 2024 14:43:03 +0100 Subject: [PATCH 3/3] Update README.md (#226) --- apps/easypid/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/easypid/README.md b/apps/easypid/README.md index fa37b52f..d7b41150 100644 --- a/apps/easypid/README.md +++ b/apps/easypid/README.md @@ -39,7 +39,7 @@ The identity wallet contains the following features, you can see the full flow w - 🟢 SD JWT VC using OpenID4VCI - 🟢 Mdoc using OpenID4VCI - 🟢 [C option](https://gitlab.opencode.de/bmi/eudi-wallet/eidas-2.0-architekturkonzept/-/blob/main/architecture-proposal.md#preliminary-assessment-and-comparison-of-pid-design-options) -- 🟠 [C' option](https://gitlab.opencode.de/bmi/eudi-wallet/eidas-2.0-architekturkonzept/-/blob/main/architecture-proposal.md#preliminary-assessment-and-comparison-of-pid-design-options) +- 🟢 [C' option](https://gitlab.opencode.de/bmi/eudi-wallet/eidas-2.0-architekturkonzept/-/blob/main/architecture-proposal.md#preliminary-assessment-and-comparison-of-pid-design-options) - 🟢 [B' option](https://gitlab.opencode.de/bmi/eudi-wallet/eidas-2.0-architekturkonzept/-/blob/main/architecture-proposal.md#preliminary-assessment-and-comparison-of-pid-design-options) *temporarily disabled* - 🟢 Receive the PID from inside of the wallet