This is the repository of the MultiPass project.
Build the custom docker images
- in
middleware/adapters/ebsiexecutedocker build -t ebsi-reader . - in
middleware/adapters/rekorexecutedocker build -t rekor-reader . - in
middleware/middlewareexecutedocker build -t middleware .
Edit compose/config/as-realm.json to match your needs. The provided configuration
file creates a user and adds integration with GitHub. Warning in order the
integration with GitHub to be functional, you need to configure the file with
your own
clientId and clientSecret.
Run the docker compose script
docker compose -f compose/multipass.yml up
Then, initialize openfga with a policy and some sample tuples. This can be done by executing
./ReBAC/init-api.sh
This initialized OpenFGA with the following model:
model
schema 1.1
type user
type realm
relations
define member: [company]
type company
relations
define employee: [user]
type authority
relations
define employee: [user]
type product
relations
define manufacturer: [company]
define custodian: [company]
define end-user: [user]
define can_write: manufacturer or custodian or employee from manufacturer or employee from custodian
define can_read: [authority] or can_write or end-user
To view OpenFGA go to http://localhost:3000/playground the output should look
like the following image.
To stop the docker images execute
docker compose -f compose/multipass.yml stop
Our usage scenario involves three roles: Manufacturer, Custodian, and End-User.
- Manufacturers create digital product passports, add traceability events and assign custodians
- Custodians can add traceability events to a digital product passport
- End-users can retrieve the traceability events related to a products passport
- Visit the admin portal (the default location is http://localhost:6001/)
- Selects Passports / Create
- Enter a unique name using only characters and dash (-), a comment, and select the product passport file.
- Press create. The passport is created and the current user is added as an owner in OpenFGA model.
- Visit the admin portal (the default location is http://localhost:6001/)
- Selects Passports / and press "Create" under the Events column
- Add a tile, an event, file location, and a Trust Anchor
A trust anchor is a URL that can be used for retrieving information for verifying the event.
You can add the following testing entries:
Welding Inspection 1
- Anchor: ebsi://f5de9c968dec69052e0647cdf4b1bd43e6fbc46427e9375b3323a67f5ea5a85e
- File: https://multipass-project.github.io/vectors/inspection-1.json
Welding Inspection 2
- Anchor: rekor://108e9186e8c5677a9da7049b3a8aa8a92636fa673b9394f5b20415b5f3a5595b996838890d563b10
- File: https://multipass-project.github.io/vectors/inspection-2.json
curl -X POST http://localhost:6007/middleware/Trace \
-H "Content-Type: text/json" \
-d '{
"linkURL": "https://multipass-project.github.io/vectors/inspection-2.json",
"linkType": "event",
"anchor": "rekor://108e9186e8c5677a9da7049b3a8aa8a92636fa673b9394f5b20415b5f3a5595b996838890d563b10"
}'curl -X POST http://localhost:6007/middleware/Trace \
-H "Content-Type: text/json" \
-d '{
"linkURL": "https://multipass-project.github.io/vectors/inspection-1.json",
"linkType": "event",
"anchor": "ebsi://f5de9c968dec69052e0647cdf4b1bd43e6fbc46427e9375b3323a67f5ea5a85e"
}'