Overview
With the Trinity Identity Wallet product, software developers receive a technical framework for developing solutions for secure and self-determined mobile identification & authentication based on OIDC with full focus on data protection via decentralized design where all user data is processed and stored only readable inside the user's mobile device.
Nowadays storing user data is expensive. Trinity was designed with a maximum focus on data protection and security and can therefore save a lot money in operations within regulated environments.
Trinity Identity Wallet is a collection of software components for a data operator. Developers can integrate this into their own mobile applications. The architecture is based on a client-server principle: the mobile Trinity SDK as client and the Trinity backend as server.
Trinity is based on two components: #1 A Backend component which can be hosted on AWS and can be downloaded from the AWS marketplace and run for free #2 A SDK component which you can use to create an authenticator app on Android and on iOS which requires a seperate license - to require our SDK please get in contact with us on: support@comuny.de
-
Trinity is a OIDC compliant technical framework for mobile identity solutions with data storage / processing on the mobile device.
-
Public cloud-capable operation in AWS even in highly regulated markets with > 30 % cost savings compared to alternative central solutions
NOTE: From the AWS marketplace you can retrieve our backend to host within your own AWS environment. To make Trinity fully functional you will also need the SDK (available for iOS & Android) to integrate into your mobile app(s).
When interested in Trinity or when you have signed a license comuny will supply you with the SDK and the necessary license files to run it as well as support. As well as the online documentation for our product which can be found here: https://doc.cls.comuny.de/#trinity-overview
Highlights
- OIDC compliant technical framework for mobile identity solutions with data storage / processing on the mobile device.
- Public cloud-capable operation in AWS even in highly regulated markets with > 30 % cost savings compared to alternative central solutions
- Optimised mobile usability through modular SDK extension without UI/UX specifications - Operate in a public cloud as AWS and not in highsecurity data centers - Modern innovate concept not based on outdated concepts like Fast Track
Details
Pricing
Vendor refund policy
This is a placeholder value. Please update this value via the AWS Marketplace Management Portal.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Trinity Identity Provider Backend Self-hosting Environment on AWS
- Amazon EKS
Container image
Containers are lightweight, portable execution environments that wrap server application software in a filesystem that includes everything it needs to run. Container applications run on supported container runtimes and orchestration services, such as Amazon Elastic Container Service (Amazon ECS) or Amazon Elastic Kubernetes Service (Amazon EKS). Both eliminate the need for you to install and operate your own container orchestration software by managing and scheduling containers on a scalable cluster of virtual machines.
Version release notes
This is the first version of Trinity Digital Identity Wallet 1.6.9 supporting Amazon hosting. For a detailed product description and a license agreement get in contact with support@comuny.de .
Latest updates include updates in used frameworks to keep highest security standards
Additional details
Usage instructions
For full usage and installations instructions you will require the Trinity Self-hosting installation guide for AWS which will be provided to you by comuny after signing the license agreement. Find all further information here: https://doc.cls.comuny.de
Prerequesites:
Required Tools
- Trinity Identity Provider Backend AWS Golang: https://git.cls.comuny.de/comuny-public/trinity-identity-provider-backend-aws-golang
- AWS CLI: https://aws.amazon.com/cli/
- Latest kubectl: Installing or updating kubectl - Amazon EKS
- aws-iam-authenticator: Installing aws-iam-authenticator Amazon EKS
- golang (v1.19): Download and install - The Go Programming Language
Step 1: Create Certificate Authority System ! You can also use an already existing CA from another project !
Using CA inside the same project
- As root user search for "Certificate Manager" service and select "Private Ca"
- Change region to desired region(e.g. eu-central-1)
- Click on "Create a private CA" button -- Type: Root CA -- Key algorithm: RSA 4096 -- Pricing: confirm
- Click "Create CA" button -- Type: Subordinate -- Key algorithm: RSA 2048
Note down ARN of the CA for later steps
Using CA from another project
See 'Modify config' below
Step 2: Getting started
- Create Admin User
- Create a new user group -- Go to AWS IAM Control Panel -- User Group -> create group -- Attach policy AdministratorAccess -- Create Group and name it Administrators
- Create a new user
- With Access Key
- Attach user group Administrators
- Create Admin User
- Save its AccessKey and AccessKeyID
- Modify config Adapt (at least) following in the resources/config.json:
2.1. Modify Absolute Path 2.2. Modify YourEMail & TwilioEMail 2.3. Region 2.4. Database MasterUserPassword 2.5. Database AvailabilityZone 2.6. Redis AuthToken 2.7 (Only when the used CA is located in a different Project: Change CAIsInSameProject to false, Add Secret Key and Access Key to 'CAAccount')
- Modify Start script Adapt following in the ./start.sh: Replace the absolute path and add: /resource/config.json at the end
Step 2: Start the Script The script will create all needed Users, roles and polices. It will also create a VPC, Redis, PostgresSQL and a Kubernetes Cluster on which the yaml files will be deployed Start the script as shown
./start.sh
Step 3: Edit the yaml files
- trinity-config-map.yaml -- aws_cas_arn: {CAS_ARN}
- trinity-secrets -- Add all values -> !All values must be Base64Encoded!
Step 4: Run first kubernetes commands Run the command ./kubeOne.sh
! FOR THE FOLLOWING YOU MUST HAVE CHANGED YOUR DOMAIN RECORD POINTING TO THE LAST OUTPUT OF kubeOne.sh !
Step 5: Run second kubernetes commands ./kubeTwo.sh
Congratulations you've set up the Trinity Self-hosting Environment
You can now visit the discovery Document https://{YOUR-DOMAIN}/oidc/v1/.well-known/openid-configuration
Support
Vendor support
For support and to receive our license contract, reach out to comuny on: support@comuny.de The signed license includes beside the keys and software 2 days of service for training and support.
Trinity is based on two components: #1 A Backend component which can be hosted on AWS and can be downloaded from the AWS marketplace and run for free #2 A SDK component which you can use to create an authenticator app on Android and on iOS which requires a seperate license
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.