Skip to content
This repository has been archived by the owner on Sep 12, 2024. It is now read-only.

Latest commit

 

History

History
130 lines (107 loc) · 10.6 KB

README.md

File metadata and controls

130 lines (107 loc) · 10.6 KB

Lifecycle:Retired License

LCRB Digital Age Verification Service (lcrb-dav)

A verifier application to enable the Digital Age Verification process involving the BC Person credential. This application is designed so that it can also be used for other use cases involving different presentation request template.

See here for more background and architectural info.

Running lcrb-dav will standup an aca-py service with it's associated storage, controller service with it's FastAPI backend, vanilla JavaScript frontend relying on Jinja2 template and polling GET endpoints, and Mongo database.

Retirement Notice

The Digital Age Verification service was built as a usable prototype to validate the age verification use-case and provide implementers with an example to be used as reference when implementing age verification. The project has been retired as it is not going to be actively maintained, but still serves its purpose of demonstrating the technical stack and potential integration patterns.

Pre-requisites

  • A bash-compatible shell such as Git Bash
  • Docker
  • Ngrok token (required for local development)

Configuring Ngrok

Each developer must apply for an Ngrok token here. Then place the token into the .env-dev file within the docker directory.

NGROK_AUTHTOKEN=<your token here>

Running lcrb-dav

If you want to run the project in production mode, follow the instructions here.

To run the project in local development mode, open a shell in the docker folder and run the following commands:

  • ./manage build: this command will build the controller image. This step is required the first time the project is run, and when dependencies in change in the requirements file(s).
  • ./manage start: this will start the project.
  • To reset everything (including removing container data and selected options in the env file) execute ./manage rm.

A list of all available commands is visible by executing ./manage -h.

The project is set-up to run without needing any external dependencies by default, using a standalone agent in read-only that will target the ledgers specified in ledgers.yaml.

Using lcrb-dav

Before starting up lcrv-dav, a couple of things need to be considered:

  • A proof configuration yaml proof_config.yaml is located at /docker/dav-controller/proof_config.yaml. This specifies the proof request template which will be used to generate the actual requests and corresponding QR codes. As seen with example yaml config below, it is possible to specify multiple proof request templates:
    • age-verification-bc-person-credential and age-verification-bc-person-credential-more-info are the proof config identifiers.
    • proof-request specifies the template for the proof request generation.
      • Certain values related to datetime need to calculated in realtime and dynmaically updated before proof request is created. $now [current datetime as integer] and $threshold_date_19 [19 yr back birthdate as integer] are currently supported for this.
      • Labels for request_attributes and request_predicates are autogenerated and updated.
    • ui-revealed-attribs specifies which attribs need to be revealed in the UI
    • display-text specifies the header text to shown in the UI
    age-verification-bc-person-credential:
      proof-request:
        name: age-verification
        version: "1.0"
        requested_attributes:
          - names:
              - picture
            restrictions:
              - schema_name: Person
            non_revoked:
              from: $now
              to: $now
        requested_predicates:
          - name: birthdate_dateint
            p_type: <=
            p_value: $threshold_date_19
            restrictions:
              - schema_name: Person
            non_revoked:
              from: $now
              to: $now
      ui-revealed-attribs:
        - picture
      display-text: Scanning this QR code will verify age and identity.
    age-verification-bc-person-credential-more-info:
      proof-request:
        name: age-verification-more-info
        version: "1.0"
        requested_attributes:
          - names:
              - picture
              - given_names
              - family_name
              - country
            restrictions:
              - schema_name: Person
            non_revoked:
              from: $now
              to: $now
        requested_predicates:
          - name: birthdate_dateint
            p_type: <=
            p_value: $threshold_date_19
            restrictions:
              - schema_name: Person
            non_revoked:
              from: $now
              to: $now
      ui-revealed-attribs:
        - picture
        - given_names
        - family_name
        - country
      display-text: Scanning this QR code will verify age and reveal name, country and picture.
    
  • lcrb-dav verifier application currently only supports one proof type at runtime. This is specified by updating the following in /docker/manage L145-146
    ## proof configuration selection
    export DAV_PROOF_CONFIG_ID="age-verification-bc-person-credential"
    
  • When running locally the application will be accessible at http://localhost:5000/.
    Scan the QR code with BC Wallet application and proceed with the on screen instruction to complete the present-proof exchange and verify yourself.
    If needed, you can obtain a Person Credential from the BC Wallet Showcase by completing the lawyer demo.

Environment Variables

Several functions in lcrb-dav can be tweaked by using the following environment variables.

Variable Type What it does NOTES
USE_OOB_PRESENT_PROOF bool if True, the present-proof request will be provided as a an out of band invitation with a present-proof request inside. If False, the present-proof request will be use the service-decorator TRUE: BC Wallet supports our OOB Message with a minor glitch, BiFold, Lissi, Trinsic, and Estatus all read the QR code as 'Invalid' FALSE: Works with
LOG_WITH_JSON bool If True, logging output should printed as JSON if False it will be pretty printed. Default behavior will print as JSON.
LOG_TIMESTAMP_FORMAT string determines the timestamp formatting used in logs Default is "iso"
LOG_LEVEL "DEBUG", "INFO", "WARNING", or "ERROR" sets the minimum log level that will be printed to standard out Defaults to DEBUG
DAV_PROOF_CONFIG_ID "age-verification-bc-person-credential" sets the proof template config to be used Defaults to "age-verification-bc-person-credential"