D6.2 Identity Wallet Service

Contributing Partners 

AIT, ATOS, OTE, GUF, TUG, FOKUS, ICERT, LISPA, KGH

Executive Summary
On a high level, the central goal of the CREDENTIAL project is to develop a privacy-preserving data sharing platform (wallet) with an integrated identity provider (IdP), which can be used to share authenticated data without the wallet learning any of the user’s personal information. The functionality and added value of these services will be showcased by concrete pilots from the domains of e-Government, e-Health, and e-Business.
However, before the actual deployment of the CREDENTIAL wallet platform, a number of design, implementation and planning actions were taken, imposing certain requirements either to the next steps or to the deployment phase. An important decision which impacts deployment was the decision to follow a Continuous Integration (CI) approach, which more tightly couples the development and deployment environments and the use of docker containers, at least for the first phase, which imposes to the deployment environment to provide this hosting feature.
This document therefore, initially presents the various requirements coming from different aspects such as security, privacy, development etc. and shortly analyses their impact to the instantiation and deployment of the CREDENTIAL wallet platform. Then an overview is given, starting from the development phase and moving towards deployment, discussing how this transition is performed, leading to the deployment in the cloud, taking into consideration scalability aspects.
A more detailed description of how the hosting platform and its networking environment are setup, also presenting how the individual components constituting the CREDENTIAL wallet platform are setup as well. Apart from the setup of the CREDENTIAL wallet components, outlines are given on how the three separate pilots are connected to the CREDENTIAL wallet and their flows; what additional services and protocols they use and how these and the CREDENTIAL wallet are setup to support the operation of these additional flows and services.
An appendix is also provided giving more specific examples and excerpts, in an anonymized form to avoid possible security exploitation, on the configurations of the hosting environment and the CREDENTIAL wallet components.