kych

OAuth 2.0 API for Swiyu to enable Taler integration of Swiyu for KYC (experimental)
Log | Files | Refs | README

README (2511B)

      1 KYCH
      2 ====
      3 
      4 KYCH is an OAuth2-based identity verification system that integrates with
      5 the Swiss SWIYU trust infrastructure. It enables services like GNU Taler
      6 exchanges to verify user identity through SD-JWT Verifiable Credentials,
      7 supporting privacy-preserving selective disclosure.
      8 
      9 For integration with GNU Taler, see documentation/taler-docs/.
     10 
     11 
     12 Architecture
     13 ------------
     14 
     15 The system consists of two main components working together:
     16 
     17   +------------------+       +-------------------+       +---------------+
     18   |  Service         |       | KYCH OAuth2       |       | SWIYU         |
     19   |  (e.g. Taler     | <---> | Gateway           | <---> | Verifier      |
     20   |   Exchange)      |       | (Rust)            |       | (Java)        |
     21   +------------------+       +-------------------+       +---------------+
     22                                       ^
     23                                       |
     24                                       v
     25                              +------------------+
     26                              | SWIYU Wallet     |
     27                              | (User's mobile)  |
     28                              +------------------+
     29 
     30 1. KYCH OAuth2 Gateway (kych_oauth2_gateway/)
     31    A Rust service implementing OAuth2 authorization code flow with
     32    OpenID4VP (OID4VP) credential verification.
     33 
     34 2. SWIYU Verifier (swiyu-verifier/)
     35    Scripts and configuration for running the SWIYU Generic Verifier locally.
     36 
     37 The full interaction flow between a Taler exchange, the gateway, and the
     38 verifier is documented in:
     39   documentation/sequence_diagrams/swiyu_taler_sequence_diagram.txt
     40 
     41 
     42 Components
     43 ----------
     44 
     45   kych_oauth2_gateway/    Rust OAuth2 gateway service
     46   swiyu-verifier/         Local verifier setup scripts
     47   documentation/          Technical specifications and sequence diagrams
     48 
     49 
     50 Technology Stack
     51 ----------------
     52 
     53   Gateway:      Rust (Axum, Tokio, SQLx)
     54   Verifier:     Java 21, Spring Boot
     55   Database:     PostgreSQL
     56   Credentials:  SD-JWT Verifiable Credentials (vc+sd-jwt)
     57   Protocols:    OAuth 2.0, OpenID4VP, DCQL
     58 
     59 
     60 Standards
     61 ---------
     62 
     63   SD-JWT VC   https://datatracker.ietf.org/doc/draft-ietf-oauth-sd-jwt-vc/
     64   OpenID4VP   https://openid.net/specs/openid-4-verifiable-presentations-1_0.html
     65   GNU Taler   https://docs.taler.net/
     66   SWIYU       Swiss e-ID Trust Infrastructure
     67 
     68 
     69 Getting Started
     70 ---------------
     71 
     72 1. Set up the SWIYU Verifier - see swiyu-verifier/README
     73 2. Configure and run the OAuth2 Gateway - see kych_oauth2_gateway/README
     74 3. Review the technical documentation in documentation/