1 of 4

Technical Overview

This section offers an overview of the architecture and technologies utilized in Inji Certify, ensuring compatibility, security, and efficiency in the management of Verifiable Credentials.

Technology Stack

This section intends to provide an overview of the technologies and frameworks utilized to build Inji Certify.

UI & Rest end points

The table below outlines the frameworks, tools, and technologies employed by Inji Certify

Deployment:

The table below specifies the tools needed to deploy Inji Certify:

Components

Inji Certify leverages the following components (from existing building blocks/products):

eSignet (v1.4.0): VCI microservice and Authentication microservice
a. eSignet service:
- Implements OpenID Connect flows that help the relying party perform quick and easy integrations using pre-existing libraries for user verification.
- Exposes API for VCI Issuance which internally connects with credential service and sends the Verifiable Credential (VC) issued by the service as a response
b. OIDC UI:
- The user interface component of eSignet, Manages user authentication and user consent. Integrates with the REST endpoints provided by esignet-service.
c. Authenticator Plugin:
- provides methods to authenticate the end-user with control of the supported authentication factors. There is a default plugin implemented for Sunbird Registry.
Certify(v0.9.0): VCI microservice
a. VCI:
- Exposes API for VCI Issuance which internally connects with credential service and sends the Verifiable Credential (VC) issued by the service as a response.
b. VC Issuance Plugin:
- Provides support to generate credentials from existing datasouce. There is a default plugin implemented for Sunbird Registry.
Sunbird RC (v2.0.0): Identity microservice, Schema microservice, and Cred microservice.
a. Identity Service :
- The central lynchpin to maintain identities across the system. All identities in Sunbird-RC are DID-compliant and are web-resolvable. The other microservices (Credential Schema Service and Credential Service) depend on this for generating any identity.
- Docker Image: http://ghcr.io/sunbird-rc/sunbird-rc-identity-service:v2.0.0-rc1
- Depends on the vault (healthy), database.
b. Credential Schema service:
- Stores the schema of the Verifiable Credential along with the associated view template.
- Docker Image: http://ghcr.io/sunbird-rc/sunbird-rc-credential-schema:v2.0.0-rc1
- Depends on identity service, and database.

c. Credential service:

Core issuance service. Called with the payload, which is then transformed into a W3C-compliant Verifiable Credential in JSON-LD format. The payload is then signed using the private key which was generated as part of the original Issuer creation.
Docker Image: https://github.com/sunbird-rc/sunbird-rc-core/pkgs/container/sunbird-rc-credentials-service
Depends on identity service, schema service, and database.

d. Vault Service:

To be included as a dependency along with the pg.
Hashi Corp vault is the Keystore which acts as the vault service.
Identity service is dependent on the vault service.
Stores key pairs and secrets for the issuers.

Tested Operating Systems

Inji Certify is currently compatible and certified with the following browsers:

Sl No

Version

Note: We have conducted specific testing on Ubuntu, Mac, and Windows using Google Chrome for the latest release of Inji Certify. It supports and is compatible with other operating systems and browsers, but we have specified the following list to indicate the platforms our team has thoroughly tested.

Components

Inji Certify leverages the following components (from existing building blocks/products):

eSignet (v1.4.0): VCI microservice and Authentication microservice
a. eSignet service:
- Implements OpenID Connect flows that help the relying party perform quick and easy integrations using pre-existing libraries for user verification.
- Exposes API for VCI Issuance which internally connects with credential service and sends the Verifiable Credential (VC) issued by the service as a response
b. OIDC UI:
- The user interface component of eSignet, Manages user authentication and user consent. Integrates with the REST endpoints provided by esignet-service.
c. Authenticator Plugin:
- provides methods to authenticate the end-user with control of the supported authentication factors. There is a default plugin implemented for Sunbird Registry.
Certify(v0.9.0): VCI microservice
a. VCI:
- Exposes API for VCI Issuance which internally connects with credential service and sends the Verifiable Credential (VC) issued by the service as a response.
b. VC Issuance Plugin:
- Provides support to generate credentials from existing datasouce. There is a default plugin implemented for Sunbird Registry.
Sunbird RC (v2.0.0): Identity microservice, Schema microservice, and Cred microservice.
a. Identity Service :
- The central lynchpin to maintain identities across the system. All identities in Sunbird-RC are DID-compliant and are web-resolvable. The other microservices (Credential Schema Service and Credential Service) depend on this for generating any identity.
- Docker Image: http://ghcr.io/sunbird-rc/sunbird-rc-identity-service:v2.0.0-rc1
- Depends on the vault (healthy), database.
b. Credential Schema service:
- Stores the schema of the Verifiable Credential along with the associated view template.
- Docker Image: http://ghcr.io/sunbird-rc/sunbird-rc-credential-schema:v2.0.0-rc1
- Depends on identity service, and database.

c. Credential service:

Core issuance service. Called with the payload, which is then transformed into a W3C-compliant Verifiable Credential in JSON-LD format. The payload is then signed using the private key which was generated as part of the original Issuer creation.
Docker Image: https://github.com/sunbird-rc/sunbird-rc-core/pkgs/container/sunbird-rc-credentials-service
Depends on identity service, schema service, and database.

d. Vault Service:

To be included as a dependency along with the pg.
Hashi Corp vault is the Keystore which acts as the vault service.
Identity service is dependent on the vault service.
Stores key pairs and secrets for the issuers.