-
-
Save mrtuborg/a44ca9f497f1b6652b9a5d9fe605084d to your computer and use it in GitHub Desktop.
irma_api_server attribute verification
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
// A sample configuration file that have all options set to their default. | |
// If this file should be reloaded on each new request. | |
"hot_reload_configuration": true, | |
// Names of the private/public key files for JWT signing (public key is only necessary for running unit tests) | |
"jwt_privatekey": "sk.der", | |
"jwt_publickey": "pk.der", | |
// Name of the JWT issuer that signs the JWT's | |
"jwt_issuer": "irma_api_server-demo", | |
// Completely enable or disable verification. | |
"enable_verification": true, | |
// Completely enable or disable issuing. | |
"enable_issuing": true, | |
// Completely enable or disable attribute-based signatures | |
"enable_signing": true, | |
// In order to prevent linkability, the timestamps of all issued credentials must fall exactly on an | |
// epoch bondary. If this is set to true and the IdP requests a validity for a credential which does | |
// not fall on such a boundary, we reject the request. If set to true, we accept the request and | |
// floor it to the nearest epoch boundary ourselves. | |
"reject_unfloored_validity_timestamps": true, | |
// DANGEROUS: Allow JWTs containing issuing requests to be unsigned (using signing algorithm "none"). | |
// Use with care: if you set this to true, anyone that can reach your server can create issuance requests! | |
"allow_unsigned_issue_requests": true, | |
// Same as above for verification requests | |
"allow_unsigned_verification_requests": true, | |
// Same as above for signature requests | |
"allow_unsigned_signature_requests": true, | |
// Maximum age (in seconds) of incoming JSON web tokens for issuing or verification. | |
"max_jwt_age": 60, | |
// Time (in seconds) the token has to post its proof or secret key commitments. After this the session | |
// expires and is removed. | |
"token_response_timeout": 600, | |
// Time (in seconds) the token has to retrieve the session info after the session has been created. | |
// After this the session expires and is removed. | |
"token_get_timeout": 120, | |
// Time (in seconds) the client (i.e. the identity or service provider) has to fetch the result after the | |
// token is done. After this the session expires and is removed. | |
"client_get_timeout": 120, | |
// A list of authorized IdP's and what credentials they may sign. | |
// Example entry: "testip": [ "irma-demo.MijnOverheid.ageLower" ] | |
// Supports wildcards as follows: | |
// "testip": [ "*" ] // testip can issue anything | |
// "testip": [ "irma-demo.*" ] // testip can issue anything managed by the irma-demo scheme manager | |
// "testip": [ "irma-demo.MijnOverheid.*" ] // testip can issue all credentials from issuer MijnOverheid | |
// Assuming "allow_unsigned_issue_requests" is set to false, for each key identifying an identity provider, | |
// a .der public key file with the same name should be included in the src/main/resources/issuers folder, for | |
// verifying JWT's containing incoming issuing requests. For example, in the example below, | |
// src/main/resources/issuers/testip.der should exist. | |
// Note that the included testip.js will not work until you put it here, for example as above. | |
"authorized_idps": { | |
"testip": [ "*" ], | |
"keyshare_server": [ "*" ], | |
"pk": [ "*" ] | |
}, | |
// A list of authorized SP's and what attributes they may verify. | |
// Example entry: "testsp": [ "irma-demo.MijnOverheid.ageLower.over12" ] | |
// Wildcards are supported as above, plus: | |
// "testsp": [ "irma-demo.MijnOverheid.ageLower.*" ] // testsp can verify all attributes from ageLower | |
// .der public keys of authorized verifiers are expected at the path src/main/resources/verifiers. | |
"authorized_sps": { | |
"testsp": [ "*" ], | |
"sk": [ "*" ] | |
}, | |
// A list of authorized signature clients and what they may verify. Structure is the same as above. | |
"authorized_sigclients": { | |
"testsigclient": [ "*" ] | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment