From 6051ca229b0575d6a2ff11bc9799f78608b58931 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Joan=20Cipri=C3=A0?= Date: Tue, 14 Oct 2025 11:52:05 +0200 Subject: [PATCH] MIAIS: Add auth code details for level 2 --- docs/services/waste_collection.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/services/waste_collection.md b/docs/services/waste_collection.md index 8845245b..23c4675c 100644 --- a/docs/services/waste_collection.md +++ b/docs/services/waste_collection.md @@ -137,10 +137,10 @@ To illustrate the case (see Figure 2), a simple data space structure is assumed, In addition, the AI service has a **wallet identity** consisting of a **Decentralized Identifier (DID)** and its associated private key, enabling the service to authenticate itself and sign verifiable credentials. Finally, the AI service must authenticate against the consumer's **Keycloak** identity server to get the corresponding access token. -This authentication process leverages the **OpenID for Verifiable Presentations (OID4VP)** protocol, allowing the AI service to obtain a verifiable credential from the consumer's identity provider and present it as cryptographic proof of authorization. As a wallet, the service generates a verifiable presentation signed with its private key and submits it to the identity server. After successful verification, the service receives an access token, enabling secure and trusted interaction with the provider. For more details about this process, refer to the [Data Space Connectors documentation](./../documentation/data_space_connectors/index.md). +This authentication process leverages the **OpenID for Verifiable Presentations (OID4VP)** protocol, allowing the AI service to obtain a verifiable credential from the consumer's identity provider and present it as cryptographic proof of authorization. As a wallet, the service generates a verifiable presentation signed with its private key and submits it to the identity server. After successful verification, the service receives an access token, enabling secure and trusted interaction with the provider. In this demo, this entire process is implemented in the [`auth_oidc.py`](https://github.com/CitComAI-Hub/waste-collection-demo/blob/mvds/services/auth_oidc.py) script. This script handles the **authentication and authorization flow** using OID4VP. It builds the verifiable presentation using the AI service's wallet (DID and private key), submits it to the consumer's Keycloak instance, and processes the response to retrieve the access token. The script also manages the underlying cryptographic operations and HTTP interactions required to comply with the protocol. **It is intended purely for testing purposes and as an illustrative example; it is not optimized for production environments.** For more details about this process, refer to the [Data Space Connectors documentation](./../documentation/data_space_connectors/index.md). -Below, you will find step-by-step instructions on deploying the MIAIS: +Below, you will find step-by-step instructions on deploying the MIAIS in a Level 2 environment: 1. Clone the repository and navigate to its root folder: ```bash