alkemio.yml

# Configuration file for Alkemio.
#
# This is a YAML file: see [1] for a quick introduction. Note in particular
# that *indentation is important*: all the elements of a list or dictionary
# should have the same indentation.
#
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
#
# For most of the configuration values there is a default supplied, this is after the ":".
# To overwrite the default value, set environment variable with the name as is shown before the ":".

## hosting ##
# The hosting configuration for the Alkemio Server
hosting:
  environment: ${ENVIRONMENT}:local
  # The port that the Alkemio server will be listening on.
  # For clusters (e.g. docker-compose, kubernetes) this should also be the port that is used  in the ingress configuration (e.g. traefik).
  # This is then used for routing the requests from the public-facing endpoint (e.g. https://dev.alkem.io/graphql)
  # to the alkemio-server service, orchestrated with the orchestration engine of your choice, e.g. kubernetes or docker-compose.
  # The graphql port is also used for internal communication between the services inside the e.g. kubernetes cluster.
  #
  port: ${GRAPHQL_PORT}:4000

  # The entry point for the cluster
  endpoint_cluster: ${ENDPOINT_CLUSTER}:http://localhost:3000

  # The path from the end point for all public api rest requests.
  # It is combined with the `endpoint` above to provide the full path for incoming requests targeting the public Rest api.
  #
  path_api_public_rest: ${PATH_API_PUBLIC_REST}:/api/public/rest

  # The path from the end point for all private api rest requests.
  # It is combined with the `endpoint` above to provide the full path for incoming requests targeting the public Rest api.
  #
  path_api_private_rest: ${PATH_API_PRIVATE_REST}:/api/private/rest

  # Support for subscriptions enabled or not. These require a WebSocket connection
  subscriptions:
    enabled: ${SUBSCRIPTIONS_ENABLED}:false

  # Support for subscriptions enabled or not. These require a WebSocket connection
  whiteboard_rt:
    port: ${WHITEBOARD_RT_PORT}:4001

  max_json_payload_size: ${HOSTING_MAX_JSON_PAYLOAD_SIZE}:64mb
# Settings related to the authorization framework
authorization:
  # amount of authorization policies saved in a single chunk
  chunk: ${AUTHORIZATION_CHUNK_SIZE}:1000

## security ##
# The various means by which the security of the Alkemio platform can be configured.
security:
  # cors settings for the application
  cors:
    # Need to be able to disable cors checks on the server when running behind another reverse proxy that is setting
    # a cors origin header e.g. oathkeeper
    enabled: ${CORS_ENABLED}:true

    # Origin of the graphql requests to the Alkemio Server.
    # Defaults to * (insecure, not recommended for production usage).
    # Change to a value that whitelists your request origin.
    origin: ${CORS_ORIGIN}:*

    # Cors methods allowed in the Alkemio Server.
    # Defaults to GET,HEAD,PUT,PATCH,POST,DELETE.
    # Graphql uses mostly POST - the rest of the methods are left for utility REST endpoints.
    # If no REST endpoints are used (they are kept for ease of development) the list of allowed methods can be reduced.
    methods: ${CORS_METHODS}:GET,HEAD,PUT,PATCH,POST,DELETE

    # Cors allowed headers.
    allowed_headers: ${CORS_ALLOWED_HEADERS}:Origin,X-Requested-With,Content-Type,Accept,Authorization

  encryption_key: ${ENCRYPTION_KEY}:ktO2wPinKwidG8cgjhfKTHGqU6D5lxP0NkCVAJglnfw=

innovation_hub:
  header: ${INNOVATION_HUB_HEADER}:origin

search:
  # use the new search implementation; alternatively it will use the original mysql search implementation
  use_new: ${SEARCH_USE_NEW}:true
  # max results per search
  max_results: ${SEARCH_MAX_RESULTS}:40
  # the index pattern used when ingesting data in Elasticsearch, e.g. alkemio-data-[organization];
  # The dash at the end is MANDATORY
  index_pattern: ${ELASTIC_SEARCH_INDEX_PATTERN}:alkemio-data-

licensing:
  wingback:
    enabled: ${LICENSING_WINGBACK_ENABLED}:false
    key: ${LICENSING_WINGBACK_API_KEY}
    endpoint: ${LICENSING_WINGBACK_API_ENDPOINT}
    retries: ${LICENSING_WINGBACK_RETRY}:3
    timeout: ${LICENSING_WINGBACK_TIMEOUT}:30000
    webhook_secret:
      name: ${LICENSING_WINGBACK_WEBHOOK_SECRET_NAME}:wb-secret
      value: ${LICENSING_WINGBACK_WEBHOOK_SECRET_VALUE}

## identity ##

# Defines all authentication and authorization configuration.
# Authentication is pluggable, using the notion of "Authentication Providers", which have the responsibility to authenticate users.
# Authorization is handled within the platform.
#
# Note: the term Authentication Provider is based on the more widely understood concept of Identity Providers (Servers, Services),
# but it is in Alkemio restricted to Authentication. Configuration is unique per provider.
#
# The only functionality used from an Authentication Provider is acquiring an access token (in other words, authentication) and
# extracting the users email .
# The email is used for matching the user account (provided from the Identity Server, e.g. Ory Kratos) to the user profile in Alkemio.
# Traditional Identity Provider functionality like federation, account management etc. are out-of-scope in Alkemio.
#
# Authorization is Credential-based, validating whether the user has valid credentials for the requested resource.
identity:
  ## authentication ##
  # Defines both the configuration required for the server to process authentication requests (via passportJS strategies) and the
  # client-side configuration required to authenticate to the Identity Servers (e.g. Ory Kratos) and generate
  # valid Authorization Header (Bearer access token).
  authentication:
    # A flag setting whether Authentication based on non-interactive login is enabled.
    api_access_enabled: ${AUTH_API_ENABLED}:true

    # Time-to-live of the cache for user authentication info (credentials, verified credentials) in seconds. Defaults to 60.
    cache_ttl: ${AUTH_CACHE_TTL}:60

    # A list of Identity Providers that can be used for authenticating the user.
    # The claims in the access token that are used in Alkemio are the user email and the token expiration time.
    providers:
      # Ory Kratos Next Gen Identity Provider (https://github.com/ory/kratos).
      ory:
        # Issuer of the kratos cookie. The cookie can be used as is or mutated by
        # Ory Oathkeeper into an ID token. The session can be found at (default)
        # http://localhost:4433/sessions/whoami
        # A session looks like:
        #
        # {
        #   "id": "b237fd33-cb69-4670-a154-7c70f7d8db52",
        #   "active": true,
        #   "expires_at": "2021-05-20T13:29:55Z",
        #   "authenticated_at": "2021-05-19T13:29:55Z",
        #   "issued_at": "2021-05-19T13:29:55Z",
        #   "identity": {
        #     "id": "972164de-efdd-4a4c-bfcb-382a9ba9b6f4",
        #     "schema_id": "default",
        #     "schema_url": "http://localhost:4455/.ory/kratos/public/schemas/default",
        #     "traits": {
        #       "name": { "last": "Admin", "first": "Admin" },
        #       "email": "admin@alkem.io"
        #     },
        #     "verifiable_addresses": [
        #       {
        #         "id": "f271a114-ef14-4f07-9899-5c1dbfeebee1",
        #         "value": "admin@alkem.io",
        #         "verified": false,
        #         "via": "email",
        #         "status": "sent",
        #         "verified_at": null
        #       }
        #     ],
        #     "recovery_addresses": [
        #       {
        #         "id": "796b183e-49b0-493f-acbc-c821dd4eb177",
        #         "value": "admin@alkem.io",
        #         "via": "email"
        #       }
        #     ]
        #   }
        # }
        issuer: ${AUTH_ORY_KRATOS_ISSUER}:http://alkemio-server-dev/

        # JSON Web Key Sets endpoint. Used for validating the JWT token signed
        # by Ory Oathkeeper. A set of keys looks like:
        # {
        #   "keys": [
        #     {
        #       "use": "sig",
        #       "kty": "RSA",
        #       "kid": "a2aa9739-d753-4a0d-87ee-61f101050277",
        #       "alg": "RS256",
        #       "n": "zpjSl0ySsdk_YC4ZJYYV-cSznWkzndTo0lyvkYmeBkW60YHuHzXaviHqonY_DjFBdnZC0Vs_QTWmBlZvPzTp4Oni-eOetP-Ce3-B8jkGWpKFOjTLw7uwR3b3jm_mFNiz1dV_utWiweqx62Se0SyYaAXrgStU8-3P2Us7_kz5NnBVL1E7aEP40aB7nytLvPhXau-YhFmUfgykAcov0QrnNY0DH0eTcwL19UysvlKx6Uiu6mnbaFE1qx8X2m2xuLpErfiqj6wLCdCYMWdRTHiVsQMtTzSwuPuXfH7J06GTo3I1cEWN8Mb-RJxlosJA_q7hEd43yYisCO-8szX0lgCasw",
        #       "e": "AQAB"
        #     }
        #   ]
        # }
        jwks_uri: ${AUTH_ORY_KRATOS_JWKS_URI}:http://localhost:3000/jwks/.well-known/jwks.json

        # Ory Kratos Base Public URL. It is used as prefix for all Kratos flows.
        # Locally, Kratos Public API works on http://localhost:3000/ory/kratos/public and by default in k8s it works on https://[HOST]/ory/kratos/public
        # NB: The default kratos.yml config defines the selfservice endpoints with base address http://localhost:3000/identity.
        # That is used as there is a reverse proxy in front of the Alkemio Web Client that forwards the calls to the Kratos Public URL.
        # You can check the currently logged in user at http://localhost:3000/ory/kratos/public/sessions/whoami.
        kratos_public_base_url: ${AUTH_ORY_KRATOS_PUBLIC_BASE_URL}:http://localhost:3000/ory/kratos/public

        # Ory Kratos URL for usage by the Alkemio server when inside a cluster.
        kratos_public_base_url_server: ${AUTH_ORY_KRATOS_PUBLIC_BASE_URL_SERVER}:http://localhost:3000/ory/kratos/public
        kratos_admin_base_url_server: ${AUTH_ORY_KRATOS_ADMIN_BASE_URL_SERVER}:http://localhost:3000/ory/kratos

        # Session can't be extended until *earliest_possible_extend* before it expires.
        # The format is 1d12h59m30s, 1d2h, 1h30m, 1m30s, 1s etc.
        #
        # If you need high flexibility when extending sessions, you can set earliest_possible_extend to lifespan,
        # which allows sessions to be refreshed during their entire lifespan, even right after they are created.
        # Source https://www.ory.sh/docs/kratos/session-management/refresh-extend-sessions
        earliest_possible_extend: ${AUTH_EARLIEST_POSSIBLE_SESSION_EXTEND}:24h

        # credentials used for kratos related work flows
        admin_service_account:
          username: ${KRATOS_ADMIN_USERNAME}:kratos@alkem.io
          password: ${KRATOS_ADMIN_PASSWORD}:kr@t0$!!

        session_cookie_name: ${KRATOS_SESSION_COOKIE_NAME}:ory_kratos_session
        session_extend_enabled: ${KRATOS_SESSION_EXTEND_ENABLED}:true

## monitoring ##
# This section defines settings used for DevOps - monitoring providers, endpoints, logging configuration.
monitoring:
  # logging & profiling section.
  logging:
    # A flag setting whether Winston Console transport will be enabled.
    # If the flag is set to true logs of the appropriate level (see below) will be outputted to the console
    # after the application has been bootstrapped.
    # The NestJS bootstrap process is handled by the internal NestJS logging.
    console_logging_enabled: ${LOGGING_CONSOLE_ENABLED}:true

    # Logging level for outputs to console.
    # Valid values are log|error|warn|debug|verbose.
    level: ${LOGGING_LEVEL_CONSOLE}:verbose

    # A flag enabling / disabling performance logging.
    profiling_enabled: ${LOGGING_PROFILING_ENABLED}:true

    # The logging format will be in json - useful for parsing
    # if disabled - will be in a human readable form
    json: ${LOGGING_FORMAT_JSON}:false

    # Logging of the incoming requests to the server
    requests:
      # Log the full request object. NOT Recommended, because the object is huge.
      full_logging_enabled: ${LOGGING_REQ_FULL_ENABLED}:false

      # Log request headers. Requires Logging Level at least verbose.
      headers_logging_enabled: ${LOGGING_REQ_HEADERS_ENABLED}:false

    # Logging of the responses from the server
    responses:
      # Log response headers. Requires Logging Level at least verbose.
      headers_logging_enabled: ${LOGGING_RES_HEADERS_ENABLED}:false

    # To allow logging of a particular context to a file
    context_to_file:
      enabled: ${LOGGING_CONTEXT_ENABLED}:false
      # The file name to use
      filename: ${LOGGING_CONTEXT_FILENAME}:communication-events.log
      # The context to actually log
      context: ${LOGGING_CONTEXT_ID}:communication_events

  # Sentry (client) logging configuration
  sentry:
    # A flag setting whether Sentry monitoring will be used on the client.
    enabled: ${LOGGING_SENTRY_ENABLED}:false

    # Logging end point for sentry
    endpoint: ${LOGGING_SENTRY_ENDPOINT}

    # Flag to control whether PII should be included on monitoring
    submit_pii: ${LOGGING_SENTRY_PII_ENABLED}:false

    # Set the Sentry environment variable to be used
    environment: ${LOGGING_SENTRY_ENVIRONMENT}:development

  # Elastic APM configuration
  apm:
    # Is real user monitoring enabled
    rumEnabled: ${APM_RUM_ENABLED}:false
    # Endpoint to the APM logging service where events are sent
    endpoint: ${APM_ENDPOINT}

## communications ##
# Section defining all configuration parameters / endpoints required for communication between different actors (user-user, community-user etc) in Alkemio.
communications:
  enabled: ${COMMUNICATIONS_ENABLED}:true
  matrix:
    connection_retries: ${COMMUNICATIONS_MATRIX_CONNECTION_RETRIES}:5
    connection_timeout: ${COMMUNICATIONS_MATRIX_CONNECTION_TIMEOUT}:30
  discussions:
    enabled: ${COMMUNICATIONS_DISCUSSIONS_ENABLED}:true

## storage ##
# Alkemio uses multiple types of persistent storage, including SQL database, postgres database, file storage, redis.
storage:
  #
  enabled: ${STORAGE_ENABLED}:true
  #
  file:
    # 20MB
    max_file_size: ${STORAGE_MAX_FILE_SIZE}:20971520
  # MySQL database configuration for usage by the Alkemio Server.
  # The authentication method used by Alkemio Server is MySQL Native Password.
  # Note: both schema / database name are used for configuration and they need to have the same value.
  database:
    # Database host.
    host: ${DATABASE_HOST}:localhost

    # MySQL daemon port.
    port: 3306

    # MySQL username.
    username: 'root'

    # The timezone in which typeorm will interpret the dates. Default is Z for UTC
    timezone: ${TYPEORM_TIMEZONE}:Z

    # MySQL password.
    password: ${MYSQL_ROOT_PASSWORD}:toor

    # MySQL schema / database name.
    schema: ${MYSQL_DATABASE}:alkemio

    # MySQL schema / database name.
    database: ${MYSQL_DATABASE}:alkemio

    # MySQL character set
    charset: ${MYSQL_CHARSET}:utf8mb4

    # Flag setting whether MySQL operations should be logged to the console.
    logging: ${ENABLE_ORM_LOGGING}:false

  local_storage:
    # Absolute path
    path: ${LOCAL_STORAGE_PATH}:.storage

  # Redis configuration
  redis:
    # Redis host
    host: ${REDIS_HOST}:localhost
    # Redis port
    port: ${REDIS_PORT}:6379
    # Redis timeout, in seconds
    timeout: ${REDIS_TIMEOUT}:60

microservices:
  rabbitmq:
    # Connection in the form of 'amqp://[user]:[password]@[host]:[port]?heartbeat=30'
    connection:
      # RabbitMQ host
      host: ${RABBITMQ_HOST}:localhost

      # RabbitMQ AMQP port. Used by AMQP 0-9-1 and 1.0 clients without and with TLS
      port: ${RABBITMQ_PORT}:5672

      # RabbitMQ user
      user: ${RABBITMQ_USER}:alkemio-admin

      # RabbitMQ password
      password: ${RABBITMQ_PASSWORD}:alkemio!

    # configuration for the event bus used by the AiServer
    event_bus:
      exchange: ${RABBITMQ_EVENT_BUS_EXCHANGE}:event-bus
      ingest_space_queue: ${RABBITMQ_INGEST_SPACE_QUEUE}:virtual-contributor-ingest-space
      ingest_space_result_queue: ${RABBITMQ_INGEST_SPACE_RESULT_QUEUE}:virtual-contributor-ingest-space-result

# integrations with 3rd party services
integrations:
  # Different types of geo information like lat, lan, city, country, etc...
  geo:
    rest_endpoint: ${GEO_REST_ENDPOINT}:http://localhost:3000/api/public/rest/geo
    # https://www.geoplugin.com/faq#i_stopped_getting_responses_from_geoplugin.net
    service_endpoint: ${GEO_SERVICE_ENDPOINT}:http://www.geoplugin.net/json.gp?ip=
    # How long (in seconds) the cache entry for a certain ip's geo will be held
    cache_entry_ttl: ${GEO_CACHE_TTL}:14400
    # Allowed amount of calls per time window
    allowed_calls_to_service: ${GEO_SERVICE_CALL_LIMIT}:120
    # Time window (in seconds) in which a certain amount of calls are allowed
    allowed_calls_to_service_window: ${GEO_SERVICE_CALL_WINDOW}:60
  elasticsearch:
    host: ${ELASTICSEARCH_URL}
    api_key: ${ELASTICSEARCH_API_KEY}
    retries: ${ELASTICSEARCH_RETRIES}:3
    timeout: ${ELASTICSEARCH_TIMEOUT}:30000
    indices:
      contribution: ${ELASTIC_INDEX_ACTIVITY_NAME}:contribution-events
      namings: ${ELASTIC_INDEX_NAMINGS_NAME}:namings
      guidance_usage: ${ELASTIC_INDEX_GUIDANCE_USAGE_NAME}:guidance-usage
    tls:
      ca_cert_path: ${ELASTIC_TLS_CA_CERT_PATH}:none
      rejectUnauthorized: ${ELASTIC_TLS_REJECT_UNAUTHORIZED}:false
    policies:
      space_name_enrich_policy: ${ELASTIC_POLICY_SPACE_NAME_ENRICH}:space_name_enrich_policy

notifications:
  enabled: ${NOTIFICATIONS_ENABLED}:true

collaboration:
  whiteboards:
    enabled: ${WHITEBOARDS_ENABLED}:true
    # the window in which contributions are accepted to be counted towards a single contribution event;
    # time is in SECONDS
    contribution_window: ${CONTRIBUTION_RT_WINDOW}:600
    # SECONDS between saves
    save_interval: ${WHITEBOARD_AUTOSAVE_INTERVAL}:15
    # SECONDS to wait after the request is saved, before it fails
    save_timeout: ${WHITEBOARD_AUTOSAVE_TIMEOUT}:10
    # SECONDS to wait after the request is saved, before it fails
    collaborator_mode_timeout: ${WHITEBOARD_COLLABORATOR_MODE_TIMEOUT}:1800
    # number of simultaneous collaborators
    max_collaborators_in_room: ${WHITEBOARD_MAX_COLLABORATORS_IN_ROOM}:20

## Configuration of the legal / usability aspects of the platform
platform:
  # Terms of usage that all users comply with
  terms: ${PLATFORM_TERMS}:https://welcome.alkem.io/legal/#tc

  # Privacy policy for the platform
  privacy: ${PLATFORM_PRIVACY}:https://alkemio.org/privacy/

  # Security policy for the platform
  security: ${PLATFORM_SECURITY}:https://alkemio.org/security/

  # Link for support requests
  support: ${PLATFORM_SUPPORT}:https://welcome.alkem.io/contact/

  # Link for latest platform release notification
  forumreleases: ${PLATFORM_FORUM_RELEASES}:https://alkem.io/forum/releases/latest

  # Feedback form for the platform
  feedback: ${PLATFORM_FEEDBACK}:https://alkemio.org/contact/

  # About the platform
  about: ${PLATFORM_ABOUT}:https://alkemio.org/about/

  # landing
  landing: ${PLATFORM_LANDING}:https://welcome.alkem.io/

  # Blog
  blog: ${PLATFORM_BLOG}:https://welcome.alkem.io/blog/

  # Home page - Impact
  impact: ${PLATFORM_IMPACT}:https://alkemio.org/manifesto

  # Collaboration tools
  inspiration: ${PLATFORM_INSPIRATION}:https://alkemio.org/help/collaboration-tools/

  # Innovation library
  innovationLibrary: ${PLATFORM_INNOVATIONLIBRARY}:https://www.alkemio.org/help/innovation-library

  # Home page - Foundation
  foundation: ${PLATFORM_FOUNDATION}:https://alkemio.org/

  # Home page - Contact Support
  contactsupport: ${PLATFORM_CONTACTSUPPORT}:https://welcome.alkem.io/contact/

  # Home page - Switch Plan
  switchplan: ${PLATFORM_SWITCHPLAN}:https://welcome.alkem.io/pricing-own-space/

  # Home page - Opensource
  opensource: ${PLATFORM_OPENSOURCE}:https://github.com/alkem-io

  # Home page - Opensource
  releases: ${PLATFORM_RELEASES}:https://alkemio.org/releases

  # Help Dialog - Help
  help: ${PLATFORM_HELP}:https://alkemio.org/help/

  # Help Dialog - Community Forum
  community: ${PLATFORM_COMMUNITY}:https://alkemio.org/support/

  # Help Dialog - blog
  newuser: ${PLATFORM_NEWUSER}:https://alkemio.org/help/

  # Help Dialog - tips
  tips: ${PLATFORM_TIPS}:https://alkemio.org/post/

  # Acceptable Usage Policy
  aup: ${PLATFORM_AUP}:https://www.alkemio.org/legal/hub/#aup

   # Documentation site path, endpoint is endpoint_cluster + documentation_path
  documentation_path: ${PLATFORM_DOCUMENTATION_PATH}:/documentation

  # Client can optionally work with a landing page, to give additional information
  landing_page:
    enabled: ${LANDING_PAGE_ENABLED}:false

  # Configure usage of the guidance engine
  guidance_engine:
    enabled: ${GUIDANCE_ENGINE_ENABLED}:true

  vector_db:
    host: ${VECTOR_DB_HOST}:localhost
    port: ${VECTOR_DB_PORT}:8765

  virtual_contributors:
    history_length: ${VC_HISTORY_LENGTH}:10

ssi:
  # Jolocom SDK is used for providing SSI capabilities on the platform.
  # Note: NOT FOR PRODUCTION USAGE, experimental functionality,
  # In particular, the migrations of the Jolocom database are still not setup, so any DID's created are not
  # guaranteed to be migrated properly.
  enabled: ${SSI_ENABLED}:false

  issuer_validation_enabled: ${SSI_ISSUER_VALIDATION_ENABLED}:false

  issuers:
    alkemio:
      enabled: true
    sovrhd:
      enabled: true
      endpoint: https://wallet-api.ovrhd.nl/api/v1
      credential_types:
        - name: EmailAddress
          identifier: blob:dock:5DEGLCGsuWLkVrfiCqXTPQQEekt2kibSeyWTdUt35mmsmimn
        - name: dutchAddress
          identifier: blob:dock:5EoxGBnZ7JVg9kHonEYtz6tfHV5FufL86VEsZ34Ae8ge478n
        - name: hoplrCode
          identifier: blob:dock:5CgrXvgVaUAgzmqW2uUhuonewKmAY8VgVDfyQzziUV2ntGWz
        - name: TheHagueAddress
          identifier: blob:dock:5D2nkGSBs56D2ndc2LCMYysTGk61Mb7VLPNMGhF8GsECU2SQ

  credentials:
    the_hague_proof_of_postal_address:
      name: The Hague Postal Address [Sovrhd]
      issuer: sovrhd
      description: The holder's dutch address (type 'ThehagueAddress') as issued by Gemeente Den Haag
      schema: https://schema.org/EducationalOccupationalCredential
      types:
        - Credential
        - TheHagueAddress
      uniqueType: TheHagueAddress
      context:
        addressLine1: 'schema:streetAddress'
        addressLine2: 'schema:streetAddress'
        postalCode: 'schema:postalCode'
        city: 'schema:addressLocality'
        country: 'schema:addressLocality'
    the_hague_hoplr:
      name: The Hague Hoplr Code [Sovrhd]
      issuer: sovrhd
      description: The holder's code to participate in Hoplr on behalf of The Hague (type 'HoplrCode')
      schema: https://schema.org/EducationalOccupationalCredential
      types:
        - Credential
        - hoplrCode
      uniqueType: hoplrCode
      context:
        the_hague_hoplr: 'schema:description'
    proof_of_email_address:
      name: Email Address [Sovrhd]
      issuer: sovrhd
      description: The holder's email address (type 'EmailAdress') as issued by Sovrhd
      schema: https://schema.org/EducationalOccupationalCredential
      types:
        - Credential
        - EmailAddress
      uniqueType: EmailAddress
      context:
        emailAddress: 'schema:emailAddress'
    proof_of_community_membership:
      name: Alkemio Community Member [Test]
      issuer: jolocom
      description: The holder is a member of an Alkemio Space, challenge or opportunity community. (Issued by Alkemio, so for testing purposes)
      schema: https://schema.org/EducationalOccupationalCredential
      types:
        - Credential
        - CommunityMemberCredential
      uniqueType: CommunityMemberCredential
      context:
        alkemioUser_userID: 'schema:uuid'
        alkemioUser_email: 'schema:email'
        communityMember_communityID: 'schema:uuid'
        communityMember_displayName: 'schema:description'
      trusted_issuers:
        - jolocom
    proof_of_alkemio_membership:
      name: Alkemio User [Test]
      description: The holder is a verified Alkemio user. (Issued by Alkemio, so for testing purposes)
      issuer: jolocom
      schema: https://schema.org/EducationalOccupationalCredential
      types:
        - Credential
        - AlkemioMemberCredential
      uniqueType: AlkemioMemberCredential
      context:
        alkemioUser_userID: 'schema:uuid'
        alkemioUser_email: 'schema:email'