Sunbird RC (Registry & Credential)
  • Learn
    • Introduction
    • Sunbird RC Overview
      • Why do we need Sunbird RC?
      • Core Capabilities
      • Core Registry Verbs
      • Workflows
      • What Sunbird RC is and what it's not? (WIP)
      • Possibilities
      • Demo Links
    • Technical Overview
      • High level architecture
      • Technical Specification Draft
      • Tech Stack and Requirements
    • Adopters
    • Roadmap
  • Use
    • Getting started
      • Pre-requisites
      • Installation Guide
        • Registry CLI
          • Setup A Registry Instance
        • Manual installation through docker-compose
        • Production setup through Helm
    • Developer's Guide
      • Configurations
        • Frontend Configurations
        • Frontend - Proxy configuration
        • Audit Configuration
        • Notifications Configuration
        • View Templates Configuration
      • Schema Setup
        • Introduction To Schemas
        • Creating Your Own Schemas
        • Schema Configuration
        • Create Schemas With Custom Password
      • Setup the Backend
      • Setup the Frontend
      • Backup and Restore
        • PostgreSQL
          • SQL Dump
          • File System Level Backup
          • Continuous Archiving and Point-in-Time Recovery (PITR)
        • Cassandra
          • Snapshot-based backup method
          • Incremental backup method
          • Data Restore
      • Generic Identity And Access Management
      • Metrics
      • Custom Keycloak Build
      • Custom QR Code design
      • VC Verification Module
    • Integrations
      • SSO with existing systems
      • Digilocker Meripehchaan SSO
      • Digilocker Integration
    • Release Notes
      • Latest Release - v1.0.0
    • Admin Portal
      • Login
      • Get Started
        • Create Schema
        • Attestation Workflows (WIP)
        • VC Template
          • Custom VC Template (WIP)
        • Ownership (WIP)
        • Publish (WIP)
      • Dashboard
  • API Reference
    • Registry
      • Using The APIs
      • Create An Entity
      • Invite An Entity
      • Generate token
      • Generate admin token
      • Get An Entity
      • Get An Entity By Id
      • Update An Entity
      • Create A Property Of An Entity
      • Update A Property Of An Entity
      • Revoke a Credential
      • Delete An Entity
    • Schema
      • Create Schema
      • Get Schema
      • Update Schema
      • Delete Schema
      • Publish A Schema
    • Attestation API
      • Raise An Attestation
      • Get Attestation Certificate
    • Claims API
      • Get All Claims
      • Get Claim by ID
      • Attest A Claim
    • Discovery API
      • Search An Entity
    • File Storage API
      • Upload A File
      • Get Uploaded File
      • Delete A File/ Multiple Files
    • Bulk Issuance API
      • Get Sample Template
      • Upload CSV
      • Get all uploaded Files
      • Download a Report File
    • Metrics APIs
      • Get Count
      • Get Aggregates
    • Other APIs
      • Sign API
      • Verify API
      • Swagger JSON API
      • Health API
  • Reference Solutions for Functional Registries
    • Education
      • Education Ecosystem
        • Installation
      • Education Registries
        • Installation
    • Health Registries
      • Organ Registries
        • Frontend Setup
        • Backend Setup
        • User Guide
      • Health Facility Registry
    • Govt to Person (G2P)
  • Reference Solution for Digital Credentials
    • Certificate Issuance
      • Installation(WIP)
      • User Guide
    • Vaccination Platform
    • Unified Learners Passport (ULP)
      • ULP Capabilities
      • Example Scenario
      • Technical Components (WIP)
      • Demo/Sandbox Links (WIP)
      • Installation Guide (WIP)
        • Frontend Setup
        • Installation through docker-compose
        • Dummy records setup for refrence
    • eLocker
      • High Level Diagram
      • Installation (WIP)
        • Frontend Setup E-locker
      • User Guide
    • Skills & Work Credentials
  • Links
    • Source Code
    • Releases & Changelogs
    • Website
    • Roadmap
    • Reference links
    • Design
  • Community
    • Discussion Forum
    • Contributors
    • Contributing
    • Contribution Guidebook
    • Code of Conduct
    • Community Events
    • Status By Track
  • HELP
    • Roadmap
    • FAQs
    • Glossary
    • Guide to Electronic Registries and Verifiable Credentials
      • Verifiable Credentials
        • What issues will Verifiable Credentials address?
        • What are the key roles in Verifiable Credentials?
        • What are the components of Verifiable Credentials?
        • What are the benefits of Verifiable Credentials?
        • Digital Credentials vs Verifiable Credentials
        • QR code vs Verifiable QR code
        • Use Cases
      • Electronic Registries
        • Evolution of Electronic Registries
        • What issues will Electronic Registries address?
        • Benefits of Electronic Registries
        • Registry vs Database
        • Design Principles
        • Use Cases
      • Leveraging Existing data stores
    • External Open Source Software Attributions
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
  1. Learn
  2. Technical Overview

High level architecture

PreviousTechnical OverviewNextTechnical Specification Draft

Last updated 9 months ago

Was this helpful?

The functionalities and purpose of various microservices built as part of Sunbird-RC are explained below.

Registry (Core)

This is the core service which enables the major functionalities of SunbirdRC. It exposes API that can be used to configure schemas and manage entities and workflows. It can also process creating entities synchronously or asynchronously. The registry is enabled to support various database providers, which are:

  1. Graph database (Neo4J)

  2. Relational databases (Postgresql, HSQLDB, H2, MariaDB, MySQL, MSSQLServer)

  3. NoSQL databases (Cassandra)

The registry generates REST APIs for the schemas that are created dynamically. It also applies authentication and authorization on schema APIs based on the schema configuration. The registry service also provides discovery API, which can be used to search public data of a particular schema. Elasticsearch needs to be configured to the registry to enable the discovery of schemas.

Claim ms

This service needs to be enabled if attestation/workflows are required. This service is responsible for handling all the claims of an attestation.

Certificate Signer

Certificate API

This service needs to be enabled if a visual template for the verifiable credentials is required. This service is capable of generating a QR based template. The templates that are supported are SVG/HTML/PDF.

Notification ms

This service is required to send SMS or emails to the users. This service is used by the registry to send invite notifications to users. It is also used by keycloak to send OTP messages. This service can be configured with 3rd party plugins to send notifications.

Public key service

This service is used to expose public keys that are used to generate verifiable credentials. It has APIs that exposes all the public keys or issuer-based public key. This API will be used by the verification services to verify the issued verifiable credentials.

Metrics service

This service is used to handle all the events emitted by registry through kafka. The service stores this events in clickhouse. However the service can be used to connect different databases. Service also exposes an API which returns all the events emitted

Clickhouse

Clickhouse is a open source database. We are using clickhouse to store all the events that are emitted in this clickhouse

Context proxy service

This service will be used by verifying clients to proxy the context URLs that are used in the verifiable credentials. The public facing verifying clients needs to access the content of the context URLs that are present in the verifiable credentials. If the client is UI based application, the context URLs will be blocked due to CORS issues. This service can be used to overcome the CORS issue. The context URLs can be routed to this service which can proxy and return back the contents.

DB

The registry requires a main DB that is used as the main store for storing all data. The following DB providers can be used:

  1. Graph database (Neo4J)

  2. Relational databases (Postgresql, HSQLDB, H2, MariaDB, MySQL, MSSQLServer)

  3. NoSQL databases (Cassandra)

Elastic Search

Elastic search is used to store all public data and it enables the discovery of data.

Keycloak

Keycloak is used to enable authentication and authorization of the users on using the APIs.

Nginx

The SunbirdRC package is also shipped with a custom modified Nginx image which is configured with all the reverse proxies for the services and also contains a generic verification page.

File Storage (minio)

S3 compatible object storage service is also shipped along with services which can be used to store files. It can be used by adopters who are running the services on private/bare metal servers.

Redis

The registry core service will require a Redis cache layer when the core service is scaled to multiple instances.

Kafka

Kafka service is required to create entities in an asynchronous fashion. If the system needs to handle high load and high availability the entity creation(with generating credentials) can be processed asynchronously using Kafka.

Bulk Issuance

Bulk issuance service will allow the issuers to upload their csv files and issue credentials to all those actors present in each row of a csv. The service also has the capability to return a file based reports which will download a csv file which will contain a column of errors that occurred for a that specific actors data

Encryption

Encryption service can be used to store private fields configured in a schema in encrypted form in db, which can only be decrypted by the encryption service. It requires to be enabled through appropriate environment variables.

ID Gen

ID Gen service can be used to generate IDs with given format for any fields in the schema. It requires format configurations to be provided in schema configurations. and enabled through environment variables.

This service needs to be enabled if verifiable credentials need to be generated for a schema. This service is capable of generating W3C based schemas. This service support configuring multi keys based on issuer. The service supports RSA & ED25519 based keys. The key needs to be to the service.

file
mounted
High Level Architecture Diagram
Key Services