Version: v0.13

Enterprise Development Kit (EDK)

The Enterprise Development Kit (EDK) is Sphereon's proprietary extension to the Identity Development Kit (IDK). It provides enterprise-grade features for building scalable, multi-tenant identity services.

Architecture Overview

What is the EDK?

The EDK is a modular set of libraries that extend the IDK with enterprise capabilities:

Party Persistence - Store parties, identities, contacts, and addresses in PostgreSQL, MySQL, or SQLite
Multi-tenant Database Routing - Route database operations to tenant-specific databases or schemas
Hierarchical Settings - Scope-aware configuration with APP > TENANT > PRINCIPAL inheritance
OID4VP Verification - Verify credentials from digital wallets via the Universal OID4VP REST API
Authorization Engine Integration - Integrate with policy decision points via OpenID AuthZEN
JWT Validation - Token validation with Ktor and Spring Boot integrations
eIDAS Signatures - EU-compliant digital signatures with DSS integration
Events System - EDK event types, subsystems, and rich filtering
Spring Boot Integration - First-class support for Spring Boot applications
Resilience Patterns - Circuit breakers, caching, and fallback policies

Modular Architecture

The EDK is designed as a collection of independent modules. Not all modules are JVM-only—the architecture supports different platform targets per module:

Module Category	Platforms	Description
Party Persistence	JVM	PostgreSQL, MySQL, SQLite storage for parties/identities
Database Routing	JVM	Multi-tenant connection routing and pooling
Settings Persistence	JVM	Hierarchical configuration storage
KV Persistence	JVM	Database-backed key-value stores
OID4VP Verification	All	Universal REST API for credential verification (core in IDK)
Authorization	JVM	Policy engine integration (AuthZEN, Cedar, OPA)
JWT Validation	JVM	Token validation for Ktor and Spring Boot
eIDAS Signatures	JVM	EU-compliant digital signatures with REST API
Events	JVM	Event types, subsystems, and transmitters
Spring Boot	JVM	Spring Boot auto-configuration

Future Platform Support

Some modules may gain multiplatform support in future releases. The modular design allows platform-specific implementations while sharing common interfaces.

EDK vs IDK

Aspect	IDK	EDK
License	Open Source (Apache 2.0)	Proprietary
Focus	Core identity primitives	Enterprise extensions
Party Storage	In-memory models	PostgreSQL, MySQL, SQLite
Multi-tenancy	Configuration-based scopes	Full database isolation
Authorization	—	AuthZEN, Cedar, OPA
Spring Boot	Basic support	Full auto-configuration

Module Reference

Party Persistence

Store and query parties, identities, contacts, and addresses with multi-dialect support:

Module	Description
`lib-data-store-party-persistence-api`	Unified repository interfaces and models
`lib-data-store-party-persistence-postgresql`	PostgreSQL implementation
`lib-data-store-party-persistence-mysql`	MySQL implementation
`lib-data-store-party-persistence-sqlite`	SQLite implementation

Database Routing

Route database operations based on scope (APP, TENANT, USER):

Module	Description
`lib-data-store-db-routing-public`	Core routing interfaces and models
`lib-data-store-db-routing-config`	Configuration-driven registry
`lib-data-store-db-routing-database`	Database-backed registry
`lib-data-store-db-routing-pooling`	HikariCP connection pool management

Settings Persistence

Store configuration with scope inheritance:

Module	Description
`lib-conf-settings-persistence-api`	Repository interfaces and caching
`lib-conf-settings-persistence-postgresql`	PostgreSQL implementation
`lib-conf-settings-persistence-mysql`	MySQL implementation
`lib-conf-settings-persistence-sqlite`	SQLite implementation

KV Store Persistence

Database-backed key-value storage:

Module	Description
`lib-data-store-kv-persistence-api`	Database KV store implementation
`lib-data-store-kv-persistence-postgresql`	PostgreSQL backend
`lib-data-store-kv-persistence-mysql`	MySQL backend
`lib-data-store-kv-persistence-sqlite`	SQLite backend

Authorization

Policy-based authorization:

Module	Description
`lib-authz-policy-api`	Generic policy engine interface
`lib-authz-authzen-api`	OpenID AuthZEN protocol support
`lib-authz-authzen-impl`	AuthZEN implementation with resilience
`lib-authz-authzen-cedarling`	Cedarling sidecar PDP adapter
`lib-authz-authzen-spring`	Spring Boot auto-configuration for AuthZEN

JWT Validation

Token validation with framework integrations:

Module	Description
`lib-oauth2-jwt-validation-api`	JWT validation API (in IDK)
`lib-oauth2-jwt-validation-impl`	JWT validation implementation (in IDK)
`lib-oauth2-jwt-validation-ktor`	Ktor server plugin for JWT validation
`lib-oauth2-jwt-validation-spring`	Spring Boot auto-configuration for JWT validation

eIDAS Signatures

EU-compliant digital signatures:

Module	Description
`lib-eidas-signature-client-public`	Signature client interfaces and models
`lib-eidas-signature-client-impl`	Client implementation with IDK integration
`lib-eidas-signature-client-dss`	EU DSS integration for eIDAS compliance
`lib-eidas-signature-rest-api`	OpenAPI-generated REST models
`lib-eidas-signature-rest-server-public`	Server interfaces and domain models
`lib-eidas-signature-rest-server-impl`	HTTP adapters and endpoint commands
`lib-eidas-signature-rest-server-persistence-postgresql`	PostgreSQL storage
`lib-eidas-signature-rest-server-persistence-mysql`	MySQL storage
`lib-eidas-signature-rest-server-persistence-sqlite`	SQLite storage
`lib-eidas-signature-rest-client`	REST client for remote signing services

Events

Event system extensions with persistence and framework support:

Module	Description
`lib-events-event-api`	EDK event types, subsystems, and transmitter interfaces
`lib-events-event-persistence-api`	Event persistence interfaces and models
`lib-events-event-persistence-postgresql`	PostgreSQL event storage
`lib-events-event-persistence-mysql`	MySQL event storage
`lib-events-event-persistence-sqlite`	SQLite event storage
`lib-events-event-spring`	Spring Boot auto-configuration for events

DID REST Services

Expose DID operations as REST APIs compatible with DIF Universal standards:

Module	Description
`lib-did-rest-registrar-server`	Universal Registrar compatible API for create/update/deactivate
`lib-did-rest-resolver-server`	Universal Resolver compatible API for DID resolution (in IDK)

The EDK extends the IDK's DID capabilities with a full REST API for DID lifecycle management. See DID Services for details.

Spring Boot

Module	Description
`spring-support`	Spring Boot auto-configuration (in IDK)

Requirements

JDK 17 or higher (for JVM modules)
Kotlin 2.0 or higher
Spring Boot 3.5 (for Spring Boot integration)
Database: PostgreSQL 14+, MySQL 8+, or SQLite 3.35+

Installation

The EDK is distributed through Sphereon's Maven repository. Contact Sphereon for access credentials.

// build.gradle.kts
repositories {
    maven("https://nexus.sphereon.com/repository/sphereon-releases/") {
        credentials {
            username = System.getenv("SPHEREON_MAVEN_USER")
            password = System.getenv("SPHEREON_MAVEN_PASSWORD")
        }
    }
}

dependencies {
    // Party persistence
    implementation("com.sphereon.edk:lib-data-store-party-persistence-postgresql:0.13.0")

    // Database routing
    implementation("com.sphereon.edk:lib-data-store-db-routing-public:0.13.0")
    implementation("com.sphereon.edk:lib-data-store-db-routing-config:0.13.0")

    // Settings persistence
    implementation("com.sphereon.edk:lib-conf-settings-persistence-postgresql:0.13.0")

    // Authorization
    implementation("com.sphereon.edk:lib-authz-authzen-impl:0.13.0")

    // Spring Boot integration
    implementation("com.sphereon.edk:idk-spring-support:0.13.0")
}

Quick Start

1. Create a Spring Boot Application

import com.sphereon.spring.annotation.EnableSphereonRestApi
import org.springframework.boot.autoconfigure.SpringBootApplication
import org.springframework.boot.runApplication

@SpringBootApplication
@EnableSphereonRestApi
class IdentityServiceApplication

fun main(args: Array<String>) {
    runApplication<IdentityServiceApplication>(*args)
}

2. Configure Application Properties

# application.yml
sphereon:
  app:
    id: identity-service
    profile: ${spring.profiles.active:development}

  rest-api:
    auth:
      tenant-header: X-Tenant-ID
      principal-header: X-User-ID

spring:
  datasource:
    url: jdbc:postgresql://localhost:5432/identity
    username: identity
    password: ${DB_PASSWORD}

3. Use Party Persistence

import com.sphereon.data.store.party.persistence.api.repository.IdentityRepository
import com.sphereon.data.store.party.persistence.api.router.TenantDatabaseRouter
import jakarta.inject.Inject
import jakarta.inject.Singleton

@Singleton
class PartyService @Inject constructor(
    private val router: TenantDatabaseRouter
) {
    suspend fun getIdentities(tenantId: String): List<Identity> {
        val database = router.getDatabaseForTenant(tenantId)
        return database.identityQueries.listIdentities(tenantId).executeAsList()
    }
}

Next Steps

OID4VP Verification - Verify credentials from digital wallets
Party Persistence - Store parties, identities, and contacts
Database Routing - Multi-tenant database isolation
Settings Persistence - Hierarchical configuration storage
Authorization - Policy decision point integration
Spring Boot Integration - Configure Spring Boot applications

Support

The EDK is a proprietary product. For support inquiries, contact Sphereon at support@sphereon.com.

Architecture Overview​

What is the EDK?​

Modular Architecture​

EDK vs IDK​

Module Reference​

Party Persistence​

Database Routing​

Settings Persistence​

KV Store Persistence​

Authorization​

JWT Validation​

eIDAS Signatures​

Events​

DID REST Services​

Spring Boot​

Requirements​

Installation​

Quick Start​

1. Create a Spring Boot Application​

2. Configure Application Properties​

3. Use Party Persistence​

Next Steps​

Support​