Check provides the following 4 core services:
- ☑️ Verification Service: Verifies the authenticity of a web shop or any other web site by discovering the Decentralized Identifier and retrieving publicly linked Verifiable Credentials. Verifiable credentials allow any third party to determine the authenticity of the personal or legal identity that stands behind the visited web site.
- 🔍 Verification Service Interface: Visualizes the data from the Verification Service and provides an interactive query interface.
- ✨ Embedded Verification Inferace: Visualizes the data from the Verification Service as an trust mark that is embedded inside a web shop.
- 🔁 Verifiable Data Service: Verifies the authenticity of ecommerce customers by receiving Verifiable Credentials from customer wallets and providing the verified data to the web shop.
- 🔍 Verification Service Interface
- ✨🔁 Demo Shop: A demo web shop with a verifiable identity.
- ✨🔁 Evil Demo Shop: An evil demo
web shop tries to claim the identity of Demo Shop by referencing its identity.
- Technical explanation: Shop has it's own DID but the Well-Known DID Configuration has been copied straight from the Demo Shop.
- ✨🔁 Evil2 Demo Shop: A second
evil demo web shop tries to claim the identity of Demo Shop by copying its the
credentials.
- Technical explanation: Shop has it's own DID and the Well-Known DID Configuration has been self-issued by that DID. Also the Linked Verifiable Presentation has been self-issued by that DID, however the included credentials have been copied from the Demo Shop.
- ✨🔁 Evil3 Demo Shop: A third
evil demo web shop tries to claim the identity of Demo Shop by referencing its
identity in a similar but different way than the first Evil Demo Shop.
- Technical explanation: Shop has it's own
DID and
the
Well-Known DID Configuration
has been self-issued. However, the
credentialSubject.idpoints to the Demo Shop's DID.
- Technical explanation: Shop has it's own
DID and
the
Well-Known DID Configuration
has been self-issued. However, the
- ☑️ Verification Service
- 🔁 Verifiable Data Service - Demo Shop
- 🔁 Verifiable Data Service - Evil Demo Shop
- 🔁 Verifiable Data Service - Evil2 Demo Shop
- 🔁 Verifiable Data Service - Evil3 Demo Shop
- Ensure services that bind IPv6 addresses are also bound to IPv4 addresses.
sysctl net.ipv6.bindv6onlymust returnnet.ipv6.bindv6only = 0.- Add
net.ipv6.bindv6only = 0to/etc/sysctl.confif a different value is returned.
- Add
- Clone this repository, including submodules:
git clone --recurse-submodules https://github.com/identinet/check.git - Install all depedencies
- On Nix/NixOS: direnv installs all dependencies
automatically via:
direnv allowdirectory and the service directories viewdirenv allow
- On Nix/NixOS: direnv installs all dependencies
automatically via:
- Integrate direnv with your shell and grant it access
to the root directory of the repository and all
serivce directories
- INFO: If you don't use Nix/NixOS, you'll receive get an error that
use flakedoesn't work. Direnv will still load the necessary environment variables. To silence the error, you can safely remove the line starting withuse flakein the.envrcfiles.
- INFO: If you don't use Nix/NixOS, you'll receive get an error that
- Install a develpoment CA and register it in your browser via mkcert
- (Optional) Request a cloudflare tunnel
configuration so that services like the
Verifiable Data Service can be
developed locally while being accessible from the Internet and communicate
with mobile wallets.
- Store the configuration in the root of the repository at
.cloudflared/tunnel.json. - Set the tunnel user in file
.env.local:
- Store the configuration in the root of the repository at
TUNNEL_USER=<your_username>- (CI) Nix
- (CI) Skopeo
- (CI) git-cliff
- (CI) Github CLI
- Caddy reverse proxy
- Deno
- Docker
- Just task runnner
- Nodejs 22
- Nushell
- Rust toolchain
- direnv environment loader
- mkcert development CA
- Start caddy reverse proxy:
just dev - (Optional) Start cloudflare tunnel:
just tunnel - Start services, e.g.
cd ./services/demo-shop; just dev - Access services (At the start, caddy prints all available URLs)
This project has received funding from the European Union's Horizon 2020 research and innovation program within the framework of the TRUSTCHAIN Project funded under grant agreement 101093274.