Create sequence diagrams with simple online tool

Swimlanes.io is a free webapp for making sequence diagrams. You simply edit the text on the left and the diagram is updated in real time. You can download your sequence diagrams as images or distribute with a link.

Title: Affinidi: Wallet Storage NOTE ALL: Keys storage must be secure place for Applications/users to store their keys. Keys storing in encrypted way for each user Each user have his own secret key for encryption/decryption **UN**encrypted keys never shown for any party (keys encryption and decryption happens on client side) **Keys Storage** and **Encryption Keys Provider** must be provided by different services/providers, so no party except client will have control on decrypted keys NOTE ALL: **User Management (AWS Cognito)** party provide sign up and sign in methods, also provide verification of login method (phone number/email). Also handle recovery flow. NOTE ALL: **Keys Storage** provide storage for the user keys in encrypted (by client/SDK) way. User is able to put or pull key to the storage if go throw **User Management** (have access token from that service). P.S. user keys mapped by the userName/userId from User Management service NOTE ALL: **Encryption Keys Provider** provide a secret keys for encrypt/decrypt data (keys) for each user. User is able to pull key if go throw **User Management** (have access token from that service). P.S. user encryptio/decryption keys mapped by the userName/userId from User Management service **IMPORTANT** User should not be able auth with Keys Storage using Encryption Keys Provider access token and vice versa _: **1. Pull Keys** Client/SDK -> User Management (AWS Cognito): `signin (login, password)` Client/SDK <-- User Management (AWS Cognito): `200 [accessToken]` Client/SDK -> Keys Storage: `readMyKey(accessToken1)` Client/SDK <-- Keys Storage: `200 [encryptedSeed]` Client/SDK -> Encryption Keys Provider: `---(accessToken2)` Client/SDK <-- Encryption Keys Provider: `200 [encryptionKey]` NOTE ALL: On Client side encryptedSeed decrypting using encryptionKey, and client then able do all privateKey related operations _: **2. Store Keys** Client/SDK -> User Management (AWS Cognito): `signup (login, password)` NOTE : Login here is email or phone number Client/SDK <-- User Management (AWS Cognito): `verification request sms/email` Client/SDK --> User Management (AWS Cognito): `confirm verification` Client/SDK <-- User Management (AWS Cognito): `[accessToken]` Client/SDK -> Encryption Keys Provider: `generate secret key(accessToken2)` Client/SDK <-- Encryption Keys Provider: `200[encryptionKey]` NOTE : Using encryptionKey encrypt seed Client/SDK -> Keys Storage: `storeMyKey(accessToken1, encryptedSeed)` Client/SDK <-- Keys Storage: `200` NOTE ALL: Pull and store VC auth based on the signature challenge, other words user proving that he own key(publicKey/did). _: ** Auth flow for VC Vault** Client/SDK -> VC Storage: `auth(publicKey)` Client/SDK <-- VC Storage: `200[token]` NOTE: On Client Side token signing by privateKey. Client/SDK -> VC Storage: `auth-validation(publicKey, signature)` Client/SDK <-- VC Storage: `200[accessToken]` _: **3. Pull VC** Client/SDK -> VC Storage: `getCredentials(accessToken)` Client/SDK <-- VC Storage: `200[encryptedCredentials]` NOTE: encrypted credentials decrypting on client Side. _: **4. Store VC** NOTE: Credentials encrypting on client side. Client/SDK -> VC Storage: `saveCredentials(accessToken, credentials)` Client/SDK <-- VC Storage: `200[ids]`