Merge pull request #221 from Alaitz1/feat(docs)/Developers-Documentation

chore: add developers guide and IdentityHub documentation

Author: CDiezRodriguez

docs/README.md

@@ -0,0 +1,26 @@
+# Documentation Overview
+
+This directory contains the complete documentation for the Identity Hub and Issuer Service components. The documentation is organized by target audience and functional area.
+
+## Directory Structure
+
+* **[admin/](./admin/)**: Contains administrative guides, including the [Migration Guide](./admin/migration-guide.md).
+* **[api/](./api/README.md)**: API specifications and testing collections.
+  * `openAPI.yaml`: The OpenAPI 3.0 specification file.
+  * `bruno/`: Bruno API collection.
+  * `postman/`: Postman collections for Eclipse Tractus-X Identity Hub.
+* **[developers/](./developers/README.md)**: Deep-dive technical documentation for contributors and system integrators.
+  * [components/](./developers/components/): Core component documentation.
+    * [IdentityHub.md](./developers/components/IdentityHub.md): Identity Hub data models and lifecycles.
+  * [setup/](./developers/setup/): Setup and configuration guides.
+    * [Linux.md](./developers/setup/Linux.md): Linux setup and configuration guide.
+  
+---
+
+## NOTICE
+
+This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode).
+
+* SPDX-License-Identifier: CC-BY-4.0
+* SPDX-FileCopyrightText: 2026 Contributors to the Eclipse Foundation
+* Source URL: <https://github.com/eclipse-tractusx/tractus-x-identityhub>

docs/developers/README.md

@@ -0,0 +1,23 @@
+# Developers Documentation
+
+Welcome to the developer resources for the Identity components. This folder contains detailed data models and architectural overviews for the core services.
+
+## Components
+
+* **[Identity Hub](./components/IdentityHub.md)**: Manages participant contexts, DIDs, and verifiable credentials.
+* **[Issuer Service](./components/IssuerService.md)**: Responsible for the validation of issuance requests and generation of credentials.
+
+## Setup
+
+* **[Linux](./setup/Linux.md)**: Linux setup and configuration guide.
+
+---
+
+## NOTICE
+
+This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode).
+
+* SPDX-License-Identifier: CC-BY-4.0
+* SPDX-FileCopyrightText: 2026 LKS Next
+* SPDX-FileCopyrightText: 2026 Contributors to the Eclipse Foundation
+* Source URL: <https://github.com/eclipse-tractusx/tractus-x-identityhub>

docs/developers/components/IdentityHub.md

@@ -0,0 +1,96 @@
+# IdentityHub Data Models
+
+This document provides an overview of the core data models in the IdentityHub component, based on the upstream **Eclipse EDC IdentityHub** project.
+
+---
+
+## Core Data Models
+
+The IdentityHub manages several interconnected entities that work together to provide comprehensive identity and credential management functionality:
+
+### 1. ParticipantContext
+
+The `ParticipantContext` (specifically `IdentityHubParticipantContext`) represents a dataspace participant and serves as the top-level organizational unit.
+
+* **Purpose:** Serves as the primary organizational entity that owns and manages all other resources (credentials, DIDs, key pairs) for a specific participant.
+* **Lifecycle Events:**
+  
+* `ParticipantContextCreated`: Emitted when a new context is created.
+* `ParticipantContextUpdated`: Emitted when context properties change.
+* `ParticipantContextDeleting`: Emitted before deletion to allow cleanup.
+
+### 2. CredentialResource
+
+The `CredentialResource` represents a verifiable credential stored in the IdentityHub.
+
+* **Purpose:** Stores and manages verifiable credentials received from issuers, enabling participants to hold and present credentials during **DCP (Decentralized Claims Protocol)** flows.
+
+### 3. KeyPairResource
+
+The `KeyPairResource` represents a cryptographic key pair used for signing and verification operations.
+
+* **Purpose:** Manages cryptographic key pairs for signing credentials and presentations. Supports key rotation and comprehensive lifecycle management.
+
+#### Lifecycle States
+
+| State | Code | Description |
+| :--- | :--- | :--- |
+| **CREATED** | 100 | Key pair created in database but not yet active. Private key in vault. |
+| **ACTIVATED** | 200 | Actively used for signing. Public key added to the DID document. |
+| **ROTATED** | 300 | Can still verify signatures but cannot sign new ones. Transitional state. |
+| **REVOKED** | 400 | Completely retired. Verification method removed from DID document. |
+
+### 4. DidResource
+
+The `DidResource` wraps a DID Document and represents its lifecycle in the IdentityHub.
+
+* **Purpose:** Manages DIDs and their corresponding DID Documents, which contain public keys, service endpoints, and other metadata.
+* **Lifecycle:** DID Documents are automatically updated when `KeyPairResources` are activated or revoked.
+
+---
+
+## Relationships
+
+The data models are interconnected as follows:
+
+* **ParticipantContext (1)**
+  * └── *owns* → **CredentialResource** (many)
+  * └── *owns* → **KeyPairResource** (many)
+  * └── *owns* → **DidResource** (many)
+* **CredentialResource**
+  * └── *references* → `ParticipantContext` (via `participant_context_id`)
+* **KeyPairResource**
+  * └── *references* → `ParticipantContext` (via `participant_context_id`)
+  * └── *influences* → `DidResource` (verification methods)
+* **DidResource**
+  * └── *references* → `ParticipantContext` (via `participant_context_id`)
+
+---
+
+## Data Flow
+
+1. **Participant Onboarding:** A `ParticipantManifest` is submitted; a `ParticipantContext` is created with an API token.
+2. **DID and Key Creation:** `DidResource` and `KeyPairResource` entries are created based on the manifest.
+3. **Key Pair Activation:** Key pairs transition to `ACTIVATED`, and public keys are added to the DID Document.
+4. **Credential Reception:** `CredentialResource` entries are created when credentials are issued to the participant.
+5. **Credential Presentation:** During DCP flows, credentials are retrieved, wrapped in presentations, and signed using active keys.
+6. **Key Rotation:** Old key pairs transition to `ROTATED` (verify only), while new keys are `ACTIVATED`. After a duration, old keys become `REVOKED`.
+
+---
+
+## Additional Information
+
+For more detailed information about the Eclipse EDC IdentityHub architecture, refer to the upstream documentation:
+
+* **Architecture Overview:** [Identity Hub Architecture](https://github.com/eclipse-edc/IdentityHub)
+  
+---
+
+## NOTICE
+
+This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode).
+
+* SPDX-License-Identifier: CC-BY-4.0
+* SPDX-FileCopyrightText: 2026 LKS Next
+* SPDX-FileCopyrightText: 2026 Contributors to the Eclipse Foundation
+* Source URL: <https://github.com/eclipse-tractusx/tractus-x-identityhub>

docs/developers/setup/Linux.md

@@ -0,0 +1,78 @@
+# Linux Deployment Guide: IdentityHub and IssuerService
+
+This guide combines the steps for Cluster Setup, Network Setup, and Installation for Linux users.
+
+---
+
+## 1. Cluster Setup
+
+This guide provides instructions to set up a Kubernetes cluster required for running the IdentityHub and IssuerService Chart.
+
+### Start Minikube
+
+Start a Minikube cluster with the following command:
+
+```bash
+minikube start 
+```
+
+## 2. Network Setup
+
+This guide provides instructions to configure the network setup required for running the IdentityHub and IssuerService Chart in a Kubernetes cluster.
+
+### Enabled Ingresses
+
+To enable ingress for local access, use the following command with Minikube:
+
+```bash
+minikube addons enable ingress
+```
+
+Make sure that the **DNS** resolution for the hosts is in place:
+
+```bash
+minikube addons enable ingress-dns
+```
+
+And execute installation step [3 Add the `minikube ip` as a DNS server](https://minikube.sigs.k8s.io/docs/handbook/addons/ingress-dns) for your OS
+
+### DNS Resolution Setup
+
+Proper DNS resolution is required to map local domain names to the Minikube IP address.
+
+#### Hosts File Configuration
+
+1. Open the hosts file you find here `/etc/hosts` and insert the values from below.
+
+   ```text
+   <MINIKUBE_IP>   identityhub.presentation.local
+   <MINIKUBE_IP>   identityhub.identity.local
+   <MINIKUBE_IP>   issuerservice.issuance.local
+   <MINIKUBE_IP>   issuerservice.did.local
+   ```
+
+2. Replace `<MINIKUBE_IP>` with the output of the following command:
+
+   ```bash
+      minikube ip
+   ```
+
+3. Test DNS resolution by pinging one of the configured hostnames.
+
+## 3. Localhost Deployment
+
+For detailed installation instructions, please refer to the [Installation Guide](../../..//INSTALL.md)
+
+> [!IMPORTANT]
+> It is strongly recommended to deploy with **Ingress enabled**. In each component's `values.yaml`, there are two ingresses that have to be enabled to true. This allows you to use the internal URLs (e.g., `identityhub.presentation.local`) without additional configuration.
+> [!WARNING]
+> The path /.well-known is mandatory for did:web resolution. However, the Nginx Admission Webhook often blocks paths starting with a dot. You must edit the ingress.yaml file in the templates folder and change the pathType to ImplementationSpecific.
+
+## NOTICE
+
+This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode).
+
+* SPDX-License-Identifier: CC-BY-4.0
+* SPDX-FileCopyrightText: 2026 LKS Next
+* SPDX-FileCopyrightText: 2026 Contributors to the Eclipse Foundation
+* Source URL: <https://github.com/eclipse-tractusx/tractus-x-identityhub>