VeraId Authority
VeraId Authority is a cloud-native, multi-tenant app that allows organisations to manage their VeraId members and the issuance of their respective Member Id Bundles.
It offers built-in Awala support so that members can get their bundles without the Internet.
Architecture
The API server is the primary component of the app, offering the following RESTful APIs:
- Organisation Management API, to manage VeraId organisations and their members.
- Credentials Exchange API, to exchange external credentials (e.g. JWTs) for VeraId credentials (e.g. organisation signatures).
The app also uses the following backing services:
- MongoDB 6 or newer.
- A Key Management Service (KMS) supported by
@relaycorp/webcrypto-kms
. Every organisation gets its own key pair. Operators are highly encouraged to use hardware security modules in production. - Any authorisation server supporting JSON Web Key Sets (JWKS), such as Auth0.
When Awala support is required, the background queue and Awala backend servers must be deployed too.
To better understand where this server sits in the overall protocol, please refer to the architecture of VeraId itself.
Install
Refer to the installation documentation.
Support
To ask questions about this app or VeraId in general, please go to r/VeraId on Reddit.
To request features or report bugs on this app, please go to our issue tracker on GitHub.
Licence
This project is licensed under the Business Source License.