Example of a Rego policy
A simple Rego policy that takes a credential subject as input and verifies the subject DID against a given parameter would look like this:
This policy file is located in the SSIKit test resources: src/test/resources/rego/subject-policy.rego
Please refer to the SSI-Kit setup section to exectute the command successfully.
You can save the policy by name, which simplifies its usage in future verifications.
Please refer to the SSI-Kit setup section to exectute the command successfully. Example
Flags:
-n, --name
: Policy name, must not conflict with existing policies
-D, --description
: Optional policy description
-p, --policy
: Path or URL to policy definition. e.g.: rego file for OPA policy engine
-i, --input
: Input JSON object for rego query, which can be overridden/extended on verification. Can be a JSON string or JSON file
-d, --data-path
: JSON path to the data in the credential which should be verified, default: "$" (whole credential object)
-s, --save-policy
: Downloads and/or saves the policy definition locally, rather than keeping the reference to the original URL
-f, --force
: Override existing policy with that name (static policies cannot be overridden!)
-e, --policy-engine
: Policy engine type, default: OPA. Options, OPA
--vc / --no-vc
: Apply/Don't apply to verifiable credentials (default: apply)
--vp / --no-vp
: Apply/Don't apply to verifiable presentations (default: don't apply)
Please refer to the SSI-Kit setup section to serve the API.
Path parameters:
policyName
: [string] Name of the policy, e.g. MyCustomPolicy
Query parameters:
update
: [boolean] Specifies if existing policy with same name should be overridden (if mutable)
downloadPolicy
: [boolean] When using an URL to reference the to created policy. Downloads and/or saves the policy definition locally, rather than keeping the reference to the original URL
Body
name
: [string] Policy name, must not conflict with existing policies
description
: [string] Optional policy description
input
: [JSON] Input JSON object for rego query, which can be overridden/extended on verification. Can be a JSON string or JSON file
policy
: [URL, REGO] Whole Policy or URL to policy definition.
dataPath
: [JSON path] JSON path to the data in the credential which should be verified, default: "$" (whole credential object)
policyQuery
: [string] The query string in the policy engine language. Defaults to
"data.system.main".
policyEngine
: [string] Policy engine type, default: OPA. Options, OPA
applyToVC
: [boolean] Apply/Don't apply to verifiable credentials (default: apply)
applyToVP
: [boolean] Apply/Don't apply to verifiable presentaion (default: don't apply)