Merge b2946f8 into be613bf

vramperez · web-flow · commit 203ea0763b56 · 2026-02-26T13:42:34.000Z
diff --git a/README.md b/README.md
@@ -19,20 +19,21 @@ This project is part of [FIWARE](https://www.fiware.org/). For more information
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 **Table of Contents**
 
-- [Overview](#overview)
-- [Release Information](#release-information)
-- [Components](#components)
-- [Description of flows in vc-authentication](#description-of-flows-in-vc-authentication)
-  - [Registration](#registration)
-  - [Authenticated access to a service](#authenticated-access-to-a-service)
-    - [Human-To-Machine (H2M)](#human-to-machine-h2m)
-    - [Machine-To-Machine (M2M)](#machine-to-machine-m2m)
-- [Deployment](#deployment)
-  - [Local Deployment](#local-deployment)
-  - [Deployment with Helm](#deployment-with-helm)
-- [Testing](#testing)
-- [How to contribute](#how-to-contribute)
-- [License](#license)
+- [vc-authentication](#vc-authentication)
+  - [Overview](#overview)
+  - [Release Information](#release-information)
+  - [Components](#components)
+  - [Description of flows in vc-authentication](#description-of-flows-in-vc-authentication)
+    - [Registration](#registration)
+    - [Authenticated access to a service](#authenticated-access-to-a-service)
+      - [Human-To-Machine (H2M)](#human-to-machine-h2m)
+      - [Machine-To-Machine (M2M)](#machine-to-machine-m2m)
+  - [Deployment](#deployment)
+    - [Local Deployment](#local-deployment)
+    - [Deployment with Helm](#deployment-with-helm)
+  - [Testing](#testing)
+  - [How to contribute](#how-to-contribute)
+  - [License](#license)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 
@@ -70,6 +71,7 @@ The main components of the FIWARE Verifiable Credential Authentication are:
 | VCVerifier      | Validates VCs and exchanges them for tokens | https://github.com/FIWARE/VCVerifier |
 | credentials-config-service | Holds the information which VCs are required for accessing a service | https://github.com/FIWARE/credentials-config-service |
 | trusted-issuers-list | Acts as Trusted Issuers List by providing an [EBSI Trusted Issuers Registry](https://api-pilot.ebsi.eu/docs/apis/trusted-issuers-registry) API | https://github.com/FIWARE/trusted-issuers-list |
+|dss-validation-service|service for validating [JAdES Signatures](https://www.etsi.org/deliver/etsi_ts/119100_119199/11918201/01.01.01_60/ts_11918201v010101p.pdf) using the [eSignature Building Block Digital Signature Service library](https://github.com/esig/dss/tree/master)|[https://github.com/wistefan/dss-validation-service](https://github.com/wistefan/dss-validation-service)|
 
 **Note,** that the FIWARE Verifiable Credential Authentication does not include a Verifiable Credential Issuer nor a Verifiable Credential Wallet. Regarding the SQL database, any SQL database technology could be used theoretically, but it has been tested with both MySQL and PostgreSQL.
 
diff --git a/charts/vc-authentication/Chart.lock b/charts/vc-authentication/Chart.lock
@@ -8,8 +8,11 @@ dependencies:
 - name: trusted-issuers-list
   repository: https://fiware.github.io/helm-charts
   version: 0.10.8
+- name: dss-validation-service
+  repository: https://fiware.github.io/helm-charts
+  version: 0.0.18
 - name: postgres-operator
   repository: https://opensource.zalando.com/postgres-operator/charts/postgres-operator
   version: 1.15.1
-digest: sha256:52d5450da57e072a2e299c77ced3df562cead480188eacd57802a8b4b67607de
-generated: "2026-01-07T15:40:23.051054+01:00"
+digest: sha256:765e3c831137d65c0e796f6f7b38540e9d7cf99ef1d5c59c3a3d876b8739825d
+generated: "2026-02-26T14:25:25.025513+01:00"
diff --git a/charts/vc-authentication/Chart.yaml b/charts/vc-authentication/Chart.yaml
@@ -16,6 +16,11 @@ dependencies:
     condition: trusted-issuers-list.enabled
     version: 0.10.8
     repository: https://fiware.github.io/helm-charts
+  - name: dss-validation-service
+    alias: dss
+    condition: dss.enabled
+    version: 0.0.18
+    repository: https://fiware.github.io/helm-charts
   - name: postgres-operator
     condition: postgres-operator.enabled
     version: 1.15.1
diff --git a/charts/vc-authentication/templates/crl-provider-secret.yaml b/charts/vc-authentication/templates/crl-provider-secret.yaml
@@ -0,0 +1,11 @@
+{{- if eq .Values.dss.crl.enabled true }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: crl-provider
+  namespace: {{ $.Release.Namespace | quote }}
+  labels:
+    {{ include "vcauthentication.labels" . | nindent 4 }}
+data:
+  {{- toYaml .Values.dss.crl.secret | nindent 2 }}
+{{- end }}
diff --git a/charts/vc-authentication/values.yaml b/charts/vc-authentication/values.yaml
@@ -113,4 +113,15 @@ credentials-config-service:
     # -- name of the schema inside the db
     name: ccsdb
   registration:
+    enabled: false
+
+# -- configuration for the digital-signature.service to be deployed as part of the connector in case of did:elsi support
+dss:
+  # -- should it be enabled?
+  enabled: false
+  # -- allows to set a fixed name for the services
+  fullnameOverride: dss
+  # -- can be used to provide the crl for ca's provided as truststore to the dss
+  crl:
+    # -- should it be enabled?
     enabled: false
