BigBlueHat/vc-test-suite-implementations

List of W3C Verifiable Credentials Implementations

VC Test Suite Implementations

This repository contains a list of all implementations that have registered to be regularly run against the W3C Verifiable Credentials test suites.

Table of Contents

• VC Test Suite Implementations
  • Table of Contents
  • Background
  • Security
  • Install
    • NPM
    • Development
  • Usage
    • Adding a new implementation
    • Testing locally
    • Tags
  • Contribute
  • License

Background

Implementations added to this package are tested against various test suites in order to demonstrate W3C Verifiable Credentials interoperability.

Security

Please do not commit any sensitive materials such as oauth2 client secrets or private key information used for signing Authorization Capabilities or HTTP Message Signatures.

Install

• Node.js 18+ is required.

NPM

To install via NPM:

npm install w3c/vc-test-suite-implementations

Development

To install locally (for development):

git clone https://github.com/w3c/vc-test-suite-implementations.git
cd vc-test-suite-implementations
npm install

Usage

Adding a new implementation

Please add implementations to the ./implementations directory. Implementation configuration files are expressed in JSON and use roughly the following form:

{
  "name": "My Company",
  "implementation": "My Implementation Name",
  "oauth2": {
     "clientId": "bar",
     "clientSecret": "CLIENT_SECRET_MY_COMPANY",
     "tokenAudience": "https://my.product.net",
     "tokenEndpoint": "https://my.product.auth0.net/oauth/token"
  },
  "issuers": [{
    "id": "urn:uuid:my:implementation:issuer:id",
    "endpoint": "https://my.product.net/issuers/foo/credentials/issue",
    "method": "POST",
    "zcap": {
      "capability": "{\"@context\":[\"https://w3id.org/zcap/v1\",\"https://w3id.org/security/suites/ed25519-2020/v1\"],\"id\":\"urn:uuid:4d44084c-334e-46dc-ac23-5e26f75262b6\",\"controller\":\"did:key:zFoo\",\"parentCapability\":\"urn:zcap:root:https%3A%2F%2Fmy.implementation.net%2Fissuers%2Fz19wCeJafpsTzvA6hZksz7TYF\",\"invocationTarget\":\"https://my.implementation.net/issuers/z19wCeJafpsTzvA6hZksz7TYF/credentials/issue\",\"expires\":\"2022-05-29T17:26:30Z\",\"proof\":{\"type\":\"Ed25519Signature2020\",\"created\":\"2022-02-28T17:26:30Z\",\"verificationMethod\":\"did:key:z6Mkk2x1J4jCmaHDyYRRW1NB7CzeKYbjo3boGfRiefPzZjLQ#z6Mkk2x1J4jCmaHDyYRRW1NB7CzeKYbjo3boGfRiefPzZjLQ\",\"proofPurpose\":\"capabilityDelegation\",\"capabilityChain\":[\"urn:zcap:root:https%3A%2F%2Fmy.implementation.net%2Fissuers%2Fz19wCeJafpsTzvA6hZksz7TYF\"],\"proofValue\":\"zBar\"}}",
      "keySeed": "KEY_SEED_DB"
    },
    "tags": ["ecdsa-2019"]
  }],
  "verifiers": [{
    "id": "https://my.product.net/verifiers/z19uokPn3b1Z4XDbQSHo7VhFR",
    "endpoint": "https://my.product.net/verifiers/z19uokPn3b1Z4XDbQSHo7VhFR/credentials/verify",
    "method": "POST",
    "zcap": {
      "capability": "{\"@context\":[\"https://w3id.org/zcap/v1\",\"https://w3id.org/security/suites/ed25519-2020/v1\"],\"id\":\"urn:uuid:41473f9f-9e44-4ac9-9ac2-c86a6f695703\",\"controller\":\"did:key:zFoo\",\"parentCapability\":\"urn:zcap:root:https%3A%2F%2Fmy.implementation.net%3A40443%2Fverifiers%2Fz19uokPn3b1Z4XDbQSHo7VhFR\",\"invocationTarget\":\"https://my.implementation.net/verifiers/zBar/credentials/verify\",\"expires\":\"2023-03-17T17:39:49Z\",\"proof\":{\"type\":\"Ed25519Signature2020\",\"created\":\"2022-03-17T17:39:49Z\",\"verificationMethod\":\"did:key:zFoo#zBar\",\"proofPurpose\":\"capabilityDelegation\",\"capabilityChain\":[\"urn:zcap:root:https%3A%2F%2Fmy.application.net%2Fverifiers%2FzFoo\"],\"proofValue\":\"zBar\"}}",
      "keySeed": "KEY_SEED_DB"
    },
    "tags": ["ecdsa-2019"]
  }]
}

Please note: implementations may specify authorization parameters for oauth2 or zcaps, but not both. Implementations may also not specify any authorization parameters, in which case they do not specify oauth2 or zcap properties.

Testing locally

If you want to test your implementation locally, you can add a configuration file in the root directory of the specific test suite that you are running.

localImplementationsConfig.cjs

That file must be a common js module that exports an array of implementations:

// localImplementationsConfig.cjs defining local implementations
module.exports = [{
  "name": "My Company",
  "implementation": "My Implementation Name",
  "issuers": [{
    "id": "urn:uuid:my:implementation:issuer:id",
    "endpoint": "https://localhost:40443/issuers/foo/credentials/issue",
    "method": "POST",
    "tags": ["ecdsa-2019", "localhost"]
  }],
  "verifiers": [{
    "id": "https://localhost:40443/verifiers/z19uokPn3b1Z4XDbQSHo7VhFR",
    "endpoint": "https://localhost:40443/verifiers/z19uokPn3b1Z4XDbQSHo7VhFR/credentials/verify",
    "method": "POST",
    "tags": ["ecdsa-2019", "localhost"]
  }]
}];

Tags

Tags tell the test suites which implementations to run the test suites against.

vc2.0 - This tag will run the VC Data Model 2.0 Test Suite on your issuer and verifier endpoints.

Ed25519Signature2020 - This tag will run the Ed25519 tests on either your issuer and/or verifier.

ecdsa-2019 - This tag will run the VC Data Integrity ECDSA Test Suite on your issuer and verifier endpoints.

eddsa-2022 - This tag will run the VC Data Integrity EDDSA Test Suite on your issuer and verifier endpoints.

Contribute

See the CONTRIBUTING.md file.

Pull Requests are welcome!

License

See the LICENSE.md file