Open Enterprise Cloud Agent
The Enterprise Cloud Agent is a W3C/Aries standards-based cloud agent written in Scala that provides self-sovereign identity services to build products and solutions based on it. The term "cloud" indicates that it operates on servers and is not intended for use on mobile devices.
Enterprise Cloud Agent supports standard-based protocols built on top of DIDComm V2 for issuing, verifying, and holding verifiable credentials using both JWT and Hyperledger AnonCreds (coming soon) formats.
In order to use the Cloud Agent, you establish a business logic controller responsible for communicating with the agent (initiating HTTP requests and processing webhook notifications). This controller can be created using any programming language capable of sending and receiving HTTP requests.
As a result, you can concentrate on crafting self-sovereign identity solutions using well-known web development tools, without the need to delve into the intricacies of lower-level cryptography and identity protocol internals.
- Rest API
- DIDComm V2
- W3C-compliant
did:prismanddid:peermethods - Credential types
- JWT
- AnonCreds (coming soon)
- HTTP events notification
- Cardano as a distributed ledger
- Secrets management with Hashicorp vault
- Multi-tenancy (coming soon)
- A government issues verifiable credentials (VCs) to its citizens to prove their identity and access government services.
- An enterprise issues VCs to its employees to prove their employment and access enterprise services.
- A Web3 authentication service based on verifiable presentations (VPs).
Before starting to use the Cloud Agent, it is important to understand the basic concepts of self-sovereign identity (SSI). The following resources provide a good introduction to SSI:
The next diagram offers a concise architectural overview, depicting a Cloud Agent instance, a controller, the interconnections linking the controller and agent, as well as the external routes to other agents and public ledgers across the Internet.
Enterprise Cloud Agent is distributed as a Docker image to be run in a containerized environment. All versions can be found here.
The following sections describe how to run the Enterprise Cloud Agent in different configurations.
The Enterprise Cloud Agent can be configured to use different types of ledger, secret storage and DID persistence. Any combination of options is available, but the most common configurations are:
| Configuration | Secret Storage | DIDs persistence | VDR |
|---|---|---|---|
| Dev | PostgreSQL | No | In-memory |
| Pre-production | PostgreSQL | Yes | Cardano testnet (preview or preprod) |
| Production | Hashicorp | Yes | Cardano mainnet |
To start playing with Cloud Agent, we recommend using the Dev configuration. Pre-production and production configurations are intended for real-world use cases and require additional more complex configurations of the Cardano stack setup.
If you're interested in a hosted version of Enterprise Cloud Agent, please, contact us at atalaprism.io.
System requirements can vary depending on the use case. The following are the minimum requirements for running the Cloud Agent with the Dev configuration:
- Linux or MacOS operating system
- Docker (with docker-compose support)
- Modern x86 or ARM-based CPU
- >=2GB RAM
Here is a general example of running a Cloud Agent locally:
PORT=${PORT} PRISM_AGENT_VERSION=${PRISM_AGENT_VERSION} PRISM_NODE_VERSION=${PRISM_NODE_VERSION} \
docker compose \
-p "${AGENT_ROLE}" \
-f ./infrastructure/shared/docker-compose-demo.yml \
up --waitThe PORT variable is used to specify the port number for the Cloud Agent to listen on. The PRISM_AGENT_VERSION and PRISM_NODE_VERSION variables are used to specify the versions of the Cloud Agent and PRISM Node to use. The AGENT_ROLE variable is used to specify the role of the Cloud Agent. The AGENT_ROLE variable can be set to issuer, verifier or holder.
In real life, you will need to start at least two Cloud Agent instances with different roles. For example, you can start one instance with the issuer role and another one with the holder role. The issuer instance will be used to issue verifiable credentials (VCs) and the holder instance will be used to hold VCs. Here is an example of how you can do this:
PORT=8080 PRISM_AGENT_VERSION=1.12.0 PRISM_NODE_VERSION=2.2.1 \
docker compose \
-p "issuer" \
-f ./infrastructure/shared/docker-compose-demo.yml \
up --waitPORT=8090 PRISM_AGENT_VERSION=1.12.0 PRISM_NODE_VERSION=2.2.1 \
docker compose \
-p "holder" \
-f ./infrastructure/shared/docker-compose-demo.yml \
up --waitIf the Cloud Agent is started successfully, all the running containers should achieve Healthy state, and Cloud Agent Rest API should be available at the specified port, for example:
http://localhost:8080/prism-agentfor theissuerinstancehttp://localhost:8090/prism-agentfor theholderinstance
You can check the status of the running containers using the health endpoint:
$ curl http://localhost:8080/prism-agent/_system/health
{"version":"1.12.0"}For more information about all available configuration parameters, please, check Cloud Agent configuration section at the documentation portal and edit the
docker-compose-demo.ymlfile accordingly.
There could be some incompatibilities between the most latest versions of Enterprise Cloud Agent and PRISM Node. Please, use the following table to check the compatibility between the versions:
| Cloud Agent | PRISM Node |
|---|---|
| >=1.9.2 | 2.2.1 |
| <1.9.2 | 2.1.1 |
Please note: it is not guaranteed that the latest version of Enterprise Cloud Agent will work with the latest version of PRISM Node. We recommend using the versions from the table above.
The following tutorials will help you get started with the Cloud Agent and issue your first credentials:
- Creating, updating and deactivating Decentralized Identifiers (DIDs)
- Setting up connections between agents using out-of-band (OOB) protocol
- Issuing verifiable credentials (VCs)
- Presenting VC proofs
All extended documentation, tutorials and API references for the PRISM ecosystem can be found at https://docs.atalaprism.io/
Please read our contributions guidelines and submit your PRs. We enforce developer certificate of origin (DCO) commit signing.
We also welcome issues submitted about problems you encounter in using Enterprise Cloud Agent.
Love the repo? Give our repo a star ⭐ ⬆️.