May 22 IRMA Workshop
Resources
- Technical documentation: https://irma.app/docs
- IRMA source code: https://github.com/privacybydesign/
- Attribute index: https://privacybydesign.foundation/attribute-index/en/
- Slack: ask for invite
Other resources:
- Privacy by Design Foundation website: https://privacybydesign.foundation/
- Privacy by Design Foundation twitter: https://twitter.com/IRMA_privacy/
- Attribute issuance: https://privacybydesign.foundation/issuance
Prerequisites
Make sure you have installed the IRMA app on your Android or iOS device.
If you haven't before, try one of the demos on our demo page. For many demos you need for example an email or age limit attribute. IRMATube is an entirely self-contained demo.
Part 1
For this part, follow the instructions in the Getting Started page of the technical documentation. You will download or compile from source the IRMA command line tool, which includes the IRMA server. You then download or compile the irmajs
JavaScript library and let the IRMA server host the static pages.
This IRMA server automatically detects your LAN IP address, and adjusts the URL in the QR to match that address. This is necessary because the IRMA app on your phone somehow needs to connect to your server. However, not all network allow direct LAN access, especially not corporate wifi. Mobile hotspots often work well.
Using a workshop server
To bypass any compilation and network issues, you can also use one of our workshop Debian Linux servers over an SSH connection. Please reserve one by grabbing a token at the front of the room. Then edit and execute the following:
PASSWORD=...
SERVER_NUMBER=01
wget -O irma_workshop_id_rsa "https://irma.app/irma_workshop_id_rsa_${PASSWORD}"
chmod 600 irma_workshop_id_rsa
ssh -i irma_workshop_id_rsa "debian@irma${SERVER_NUMBER}.irma.app"
Add the PASSWORD
you received during the workshop (as a super basic precaution). The private key gives access to all workshop servers. Enter the two-digit server number that's on your token as SERVER_NUMBER
.
You can then run the example with ./run_example.sh
and browse to the address listed in the output. The server is completely yours to use for purposes of the workshop, and can also be easily reset on request.
Part 2
Integrate IRMA attribute verification in your own website or application, for example with one of the following use cases:
- Use case 1: Instead of logging in with username/passwords, users can register and then login at your website by showing their IRMA email address attribute (index, issuance, info).
- Use case 2: Auto-fill an HTML form in your website by asking the user to disclose IRMA attributes, as in this demo.
- Use case 3: Ask your users to provide, for example, consent to receive ads per email, with an attribute-based signature.
- Use case 4 (experimental): if you develop an iOS or Android app, start an IRMA session from within your app using these libraries: iOS, Android.
Advanced/take home exercises
- In production scenarios, you should switch to the
pbdf
scheme, which contrary to theirma-demo
scheme contains actual personal data. - Start issuing your own attributes, as follows:
- Create a new credential type within the
irma-demo
scheme, and re-sign the scheme (irma scheme sign
) - Create a custom build of the IRMA app
irma_mobile
with your modifiedirma-demo
scheme in itsirma_configuration
folder - Start an
irma server
and point it to your modifiedirma-demo
scheme, e.g. with the--schemes-path
flag - Start an issuance session of your new credential type, e.g. by modifying the
irmajs
browser demo
- Create a new credential type within the
- The HTTP endpoints exposed by the
irma server
are also available as Go functions in theirmaserver
Go library, and as C functions here. Enable IRMA attribute verification and issuance from your own favorite programming language by binding to these C functions.