Merge pull request #222 from AYaoZhan/docs/issuerServiceDocs

docs: issuer service docs

Author: CDiezRodriguez

CHANGELOG.md

@@ -10,6 +10,8 @@ For changes in other Tractus-X components, see the [Eclipse Tractus-X Changelog]
 ## [Unreleased]
 
 ### Added
+- Add documentation about IssuerService by @AYaoZhan in [#222](https://github.com/eclipse-tractusx/tractusx-identityhub/pull/222)
+- Add documentation about IdentityHub, Developers and setup guide by @Alaitz1 in [#221](https://github.com/eclipse-tractusx/tractusx-identityhub/pull/221)
 - Add colored logger and logger persistence by @AYaoZhan in [#149](https://github.com/eclipse-tractusx/tractusx-identityhub/pull/149)
 - Add CHANGELOG.md file following TRG 1.03 standards by @CDiezRodriguez in [#151](https://github.com/eclipse-tractusx/tractusx-identityhub/pull/151)
 - Add installation and deployment documentation, enhance documentation structure, fix header and list formatting, add license headers and NOTICE files, set key signing alias default configuration by @AYaoZhan in [#147](https://github.com/eclipse-tractusx/tractusx-identityhub/pull/147)

README.md

@@ -1,46 +1,151 @@
 
 # Tractus-X IdentityHub - a comprehensive DCP Wallet
 
-| [!WARNING] this project is under heavy development, expect bugs, problems and radical changes! |
-|------------------------------------------------------------------------------------------------|
+> [!WARNING]
+> This project is under heavy development, expect bugs, problems and radical changes!
 
-Welcome Contributor! Feel free to join our Identity Hub Weeklys if you want to contibute, or our office hours.
+Welcome Contributor! Feel free to join our Identity Hub Weeklys if you want to contribute, or our office hours.
 You will find the links here: https://eclipse-tractusx.github.io/community/open-meetings/#Identity%20Hub%20Weekly
 
 Also feel free to contact us on our matrix chat: https://matrix.to/#/#tractusx-identity-hub:matrix.eclipse.org
 
 We are working at the moment to bring the current implemented functionalities from the upstream identity hub, test and integrate them here to offer a deployment in Helm Charts and publish our images in docker hub, so you can use also this wallet.
 
+## Table of Contents
+
+1. [About The Project](#about-the-project)
+2. [System Architecture](#system-architecture)
+3. [Components](#components)
+   - [IdentityHub](#identityhub)
+   - [IssuerService](#issuerservice)
+4. [Getting Started](#getting-started)
+   - [IdentityHub](#identityhub-1)
+   - [IssuerService](#issuerservice-1)
+5. [Deployment](#deployment)
+   - [Helm Chart](#helm-chart)
+   - [Localhost](#localhost)
+6. [Documentation Hub](#documentation-hub)
+7. [License](#license)
+
+---
+
 ## About The Project
 
-The Tractus-X IdentityHub is a specialized variant of
-the [IdentityHub project](https://github.com/eclipse-edc/IdentityHub/).
-It contains a DCP CredentialService implementation and a SecureTokenService, preconfigured for use in Tractus-X.
+The Tractus-X IdentityHub is a specialized, production-ready distribution of the upstream [Eclipse EDC IdentityHub project](https://github.com/eclipse-edc/IdentityHub/), tailored specifically for the Tractus-X ecosystem.
+
+This project provides deployable versions of two core components:
+
+- **IdentityHub**: A comprehensive DCP (Decentralized Claims Protocol) wallet that manages verifiable credentials and decentralized identities
+- **IssuerService**: A service for issuing verifiable credentials to participants in the dataspace
+
+Both components implement the Decentralized Claims Protocol (DCP) specification, ensuring interoperability and standardized credential exchange within the Tractus-X ecosystem. The project offers ready-to-deploy Helm charts with PostgreSQL and HashiCorp Vault integration for production environments, as well as memory-based variants for development and testing.
+
+## System Architecture
+
+The Tractus-X IdentityHub consists of two main components that work together to provide complete credential lifecycle management:
+
+```mermaid
+flowchart LR
+    subgraph Issuer["Issuer"]
+        direction TB
+        IS[tractusx-issuerservice<br/>Issuer]
+        IS_DB[(PostgreSQL<br/>Database)]
+        IS_VAULT[HashiCorp Vault<br/>Secret Storage]
+
+        IS -->|Store Data| IS_DB
+        IS -->|Store Secrets| IS_VAULT
+    end
+    subgraph Holder["Holder"]
+        direction TB
+        IH[tractusx-identityhub<br/>Holder]
+        IH_DB[(PostgreSQL<br/>Database)]
+        IH_VAULT[HashiCorp Vault<br/>Secret Storage]
+
+        IH -->|Store Data| IH_DB
+        IH -->|Store Secrets| IH_VAULT
+    end
+    subgraph DataSpace["Data Space Participant"]
+        direction TB
+        CONN[Tractus-X EDC<br/>Connector]
+    end
+    %% Issuance Flow
+    IH <-->|DCP Protocol<br/>Credential Request & Delivery| IS
+    %% Presentation Flow
+    CONN <-->|Presentation Query<br/>/presentation/query| IH
+    style IH fill:#e1f5ff
+    style IS fill:#fff4e1
+    style CONN fill:#d4edda
+    style IH_DB fill:#336791
+    style IS_DB fill:#336791
+    style IH_VAULT fill:#000000,color:#ffffff
+    style IS_VAULT fill:#000000,color:#ffffff
+```
+
+**Key Interactions:**
+
+1. **Credential Issuance (IssuerService ↔ IdentityHub)**:
+    - Holder's IdentityHub requests credentials from IssuerService via DCP Issuance Flow
+    - IssuerService evaluates attestations and rules
+    - Credentials are signed and delivered to holder's IdentityHub for storage
+
+2. **Credential Presentation (Connector ↔ IdentityHub)**:
+    - Tractus-X EDC Connector requests credential presentation via `/presentation/query` endpoint
+    - IdentityHub creates verifiable presentations from stored credentials
+    - Presentations are sent to connector for validation during dataspace interactions
+
+## Components
+
+### IdentityHub
+
+The IdentityHub serves as a comprehensive identity wallet and credential management system. Its primary purposes are:
+
+- **Credential Storage**: Securely store and manage verifiable credentials received from issuers
+- **Identity Management**: Manage decentralized identities (DIDs) and their associated key pairs
+- **Credential Presentation**: Present credentials to verifiers during DCP flows
+- **Self-Issued ID Tokens**: Create and manage self-issued ID Tokens
+
+### IssuerService
+
+The IssuerService is responsible for the issuance of verifiable credentials to dataspace participants. Its primary purposes are:
+
+- **Credential Issuance**: Issue verifiable credentials to participants based on predefined credential definitions
+- **Attestation Management**: Define and manage attestation requirements for credential issuance
+- **Credential Lifecycle**: Handle the complete lifecycle of issued credentials, including revocation
+- **Standards Compliance**: Ensure all issued credentials comply with DCP specifications and dataspace policies
+
+## Getting Started
+
+This project provides Helm charts for deploying both IdentityHub and IssuerService components. Each component is available in two variants:
+
+### IdentityHub
+
+1. [`tractusx-identityhub`](./charts/tractusx-identityhub/README.md): The recommended, production-ready version that uses PostgreSQL as database and HashiCorp Vault as secret storage.
+2. [`tractusx-identityhub-memory`](./charts/tractusx-identityhub-memory/README.md): An ephemeral, memory-only version that stores data and secrets in memory. **Please only use this for demo or testing purposes!**
+
+### IssuerService
+
+1. [`tractusx-issuerservice`](./charts/tractusx-issuerservice/README.md): The recommended, production-ready version that uses PostgreSQL as database and HashiCorp Vault as secret storage.
+2. [`tractusx-issuerservice-memory`](./charts/tractusx-issuerservice-memory/README.md): An ephemeral, memory-only version that stores data and secrets in memory. **Please only use this for demo or testing purposes!**
+
+## Deployment
 
-## Getting started
+### Helm Chart
 
-As all Tractus-X applications, IdentityHub is distributed as helm chart, of which there are two variants:
+To deploy using Helm charts, please refer to the documentation for each variant listed in the [Getting Started](#getting-started) section above. Each chart provides detailed configuration options, prerequisites, and deployment instructions.
 
-1. `tractusx-identityhub`: the recommended, production-ready version that uses PostgreSQL as database and Hashicorp
-   Vault as secret storage.
-2. `tractusx-identityhub-memory`: an ephemeral, memory-only version that stores data and secrets in memory. **Please
-   only use this for demo or testing purposes!**
+> [!NOTE]
+> This project is still under heavy development. For the most up-to-date deployment experience, it is recommended to follow the [Localhost](#localhost) deployment instructions below.
 
-Please refer to the respective [documentation](./charts/tractusx-identityhub/README.md) for more information on how to
-run it.
+### Localhost
 
-As all Tractus-X applications, IssuerService is distributed as helm chart, of which there are two variants:
+For detailed deployment instructions in a localhost environment, please refer to the [Installation Guide](./INSTALL.md).
 
-1. `tractusx-issuerservice`: the recommended, production-ready version that uses PostgreSQL as database and Hashicorp
-   Vault as secret storage.
-2. `tractusx-issuerservice-memory`: an ephemeral, memory-only version that stores data and secrets in memory. **Please
-   only use this for demo or testing purposes!**
+> [!NOTE]
+> While running the applications natively as Java processes or directly as Docker images is possible, it is highly recommended to deploy using the official Helm charts with PostgreSQL and HashiCorp Vault. The Helm chart deployment ensures proper configuration, security, and scalability.
 
-Please refer to the respective [documentation](./charts/tractusx-issuerservice/README.md) for more information on how to
-run it.
+## Documentation Hub
 
-> Note that running the application natively as Java process, or directly as Docker image is possible, but is not
-> supported by the Tractus-X IdentityHub team. Please use the official Helm chart.
+For developer resources, as well as best practices for development and testing, can be found [in this file](./docs/README.md).
 
 ## License
 

docs/README.md

@@ -1,26 +1,59 @@
-# Documentation Overview
+# Developer Documentation Hub
 
 This directory contains the complete documentation for the Identity Hub and Issuer Service components. The documentation is organized by target audience and functional area.
 
-## Directory Structure
-
-* **[admin/](./admin/)**: Contains administrative guides, including the [Migration Guide](./admin/migration-guide.md).
-* **[api/](./api/README.md)**: API specifications and testing collections.
-  * `openAPI.yaml`: The OpenAPI 3.0 specification file.
-  * `bruno/`: Bruno API collection.
-  * `postman/`: Postman collections for Eclipse Tractus-X Identity Hub.
-* **[developers/](./developers/README.md)**: Deep-dive technical documentation for contributors and system integrators.
-  * [components/](./developers/components/): Core component documentation.
-    * [IdentityHub.md](./developers/components/IdentityHub.md): Identity Hub data models and lifecycles.
-  * [setup/](./developers/setup/): Setup and configuration guides.
-    * [Linux.md](./developers/setup/Linux.md): Linux setup and configuration guide.
-  
+## Required Knowledge
+
+To effectively work with this project, familiarity with the following technologies is recommended:
+
+- **Kubernetes**: Container orchestration platform for deploying and managing the applications
+- **Minikube**: Local Kubernetes environment for development and testing
+- **Helm**: Package manager for Kubernetes, used for deploying the charts
+- **PostgreSQL**: Relational database used for persistent storage
+- **HashiCorp Vault**: Secrets management system for secure credential storage
+
+## Best Practices
+
+- Use the official Helm charts for all deployments
+- Follow the [Installation Guide](../INSTALL.md) for local development setup
+- Test API endpoints using the provided Postman or Bruno collections
+
+> [!NOTE]
+> When testing, it is recommended to enable ingress to avoid working with port-forwarding. Refer to the respective chart documentation for ingress configuration options, including hostname, TLS settings, and annotations.
+
+## Documentation Resources
+
+### [Developer Documentation](./developers/README.md)
+
+Technical documentation for understanding the core data models, architecture patterns, and implementation details of both IdentityHub and IssuerService components.
+
+This section provides detailed information about entity relationships, state machines, and complete workflow diagrams.
+Additionally, includes setup guides for configuring development environments.
+
+### [API Documentation](./api/README.md)
+
+Complete API reference and testing resources, including:
+
+- **OpenAPI Specification**: Full API documentation with endpoints, schemas, and authentication requirements
+- **Postman Collection**: Ready-to-use Postman collection for issuance flow testing
+- **Bruno Collection**: Lightweight, Git-friendly API collection for Bruno
+- **Testing Guide**: Instructions for setting up and running API tests
+
+### [Migration Guide](./admin/migration-guide.md)
+
+Administrator guide for migrating between chart versions, including:
+
+- Chart version migration instructions
+- Bitnami dependency updates and image repository changes
+- PostgreSQL version compatibility notes
+
 ---
 
 ## NOTICE
 
 This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode).
 
 * SPDX-License-Identifier: CC-BY-4.0
+* SPDX-FileCopyrightText: 2026 LKS Next
 * SPDX-FileCopyrightText: 2026 Contributors to the Eclipse Foundation
 * Source URL: <https://github.com/eclipse-tractusx/tractus-x-identityhub>

docs/developers/README.md

@@ -1,15 +1,59 @@
 # Developers Documentation
 
-Welcome to the developer resources for the Identity components. This folder contains detailed data models and architectural overviews for the core services.
+Welcome to the developer resources for the Tractus-X Identity components. This documentation provides in-depth technical information about the data models, architecture patterns, and implementation details for both IdentityHub and IssuerService.
+
+## Overview
+
+This documentation is designed for developers who need to:
+
+- Understand the internal data models and their relationships
+- Implement custom extensions or integrations
+- Debug and troubleshoot issues at the data model level
+- Contribute to the core codebase
+- Design systems that interact with these components
 
 ## Components
 
-* **[Identity Hub](./components/IdentityHub.md)**: Manages participant contexts, DIDs, and verifiable credentials.
-* **[Issuer Service](./components/IssuerService.md)**: Responsible for the validation of issuance requests and generation of credentials.
+### [Identity Hub](./components/IdentityHub.md)
+
+The IdentityHub serves as a decentralized identity wallet managing credentials and identities for dataspace participants.
+
+**Key Topics Covered:**
+- **Core Data Models**: ParticipantContext, CredentialResource, KeyPairResource, DidResource
+- **Data Relationships**: Entity relationship diagrams showing how models interconnect
+- **Data Flow**: Complete workflows from participant onboarding to credential presentation
+- **Storage Architecture**: How credentials, keys, and DIDs are persisted and managed
+
+**Use Cases:**
+- **Credential Storage & Retrieval**: How verifiable credentials are stored and queried within the wallet
+- **Participant Onboarding**: Complete participant lifecycle from creation to activation
+- **DID Management**: Decentralized identifier creation, resolution, and key pair management
+- **Credential Presentation**: Requesting and verifying credential presentations during dataspace interactions
+
+### [Issuer Service](./components/IssuerService.md)
+
+The IssuerService handles the complete credential issuance workflow, from request validation to credential delivery.
+
+**Key Topics Covered:**
+- **Core Data Models**: AttestationDefinition, CredentialDefinition, IssuanceProcess, Holder
+- **Issuance Workflow**: Complete credential request and delivery flow
+- **Credential Status & Revocation**: BitstringStatusList implementation for credential revocation
+- **Data Relationships**: How attestations, definitions, and processes work together
+- **DCP Protocol Integration**: Implementation of the Decentralized Claims Protocol
+
+**Use Cases:**
+- **Attestation Configuration**: Defining custom attestation sources for claim validation
+- **Credential Templates**: Creating credential definitions with issuance rules and data mappings
+- **Credential Revocation**: Implementing BitstringStatusList for credential status management
+- **Holder Registry**: Managing entities authorized to receive credentials
+
+## Setup Guides
 
-## Setup
+### [Linux](./setup/Linux.md)
 
-* **[Linux](./setup/Linux.md)**: Linux setup and configuration guide.
+Comprehensive setup and configuration guide for Linux-based development environments, including:
+- Development environment setup
+- Local testing configurations
 
 ---