Skip to main content
CCDigital Logo

Overview

CCDigital is a research-driven web platform for digital identity and document management, developed at Universidad El Bosque in Colombia. It provides secure, auditable citizen document management with blockchain-based traceability using Hyperledger Fabric and Hyperledger Indy.
This is an applied research project (AUX_2025-02-02) focused on digital identity, traceability, and document access governance.

Research Context

FieldValue
Project TypeApplied research project
InstitutionUniversidad El Bosque
Research AreaDigital identity, traceability, and document access governance
Project CodeAUX_2025-02-02
Team MembersYeison Hernandez Huertas, Danniel Alejandro Parra Chavarro

Three Core Modules

The platform is organized into three functional modules, each serving a distinct user role:

Admin (Government)

Government operators can register citizens, upload/review documents, manage access rights, generate reports, and synchronize with blockchain networks.

Issuer

Authorized institutions can upload official documents (PDF only), create access requests, and consult authorized documents.

End User

Citizens can register, authenticate with verifiable credentials + MFA, approve/reject access requests, and view their documents.

Module Details

Admin Module

Government users manage the entire citizen lifecycle:
  • Create person records and associated folder structures
  • Upload and review documents with approval workflows
  • Manage user access states (ENABLED, SUSPENDED, DISABLED)
  • Generate analytical reports and blockchain traceability audits
  • Synchronize data with Hyperledger Fabric and Indy networks
Key Endpoints: /admin/dashboard, /admin/persons, /admin/sync, /admin/reports

Issuer Module

Authorized institutions can issue official documents:
  • Search for citizens by ID type and number
  • Upload PDF documents (strict validation: extension, MIME type, PDF signature)
  • Documents enter a PENDING review status
  • Create access requests for approved documents only
  • View documents when access request is APPROVED and valid
Key Endpoints: /issuer, /issuer/upload, /issuer/access-requests

End User Module

Citizen-facing portal with advanced security:
  • Self-registration linked to existing person records
  • Multi-factor authentication (Indy proof + TOTP/Email OTP)
  • Email verification during registration
  • Approve/reject document access requests
  • View and download personal documents
  • Password recovery with OTP codes
Key Endpoints: /register/user, /login/user, /user/dashboard, /user/requests

Technology Stack

CCDigital is built as a Spring Boot monolith integrating multiple technologies:

Backend

  • Java 17
  • Spring Boot 3.5.11
  • Spring MVC + Thymeleaf
  • Spring Security (role-based access)
  • Spring Data JPA (Hibernate)

Storage & Data

  • MySQL 8 (primary persistence)
  • Local filesystem (document storage)
  • Structured views and stored procedures

Blockchain

  • Hyperledger Fabric (document registry and audit)
  • Hyperledger Indy / ACA-Py (credential proofs and state sync)

Reporting

  • OpenHTMLToPDF (PDF generation)
  • XChart (server-side charts)
  • Analytical dashboards with trend analysis

Key Features

Security Architecture

  • Role-based access control: ROLE_GOBIERNO, ROLE_ISSUER, ROLE_USER
  • Rate limiting: Protection on sensitive endpoints via SensitiveEndpointRateLimitFilter
  • Session management: Configurable timeout with server + client-side expiry
  • Signed URLs: Time-limited document access via SignedUrlService
  • Content Security Policy: HSTS, frame options, referrer policy
  • Path validation: Ensures documents served to users are within allowed directories

Blockchain Integration

Hyperledger Fabric provides:
  • Document registration and traceability
  • Immutable audit log of access events
  • Block-level verification for compliance
  • Sync operations from MySQL to ledger
Hyperledger Indy (via ACA-Py) provides:
  • Verifiable credential-based login
  • Present-proof 2.0 protocol implementation
  • Attribute extraction (id_type, id_number, first_name, last_name, email)
  • User access state synchronization to connection metadata

Document Management

  • Strict PDF validation (extension, MIME type, file signature %PDF)
  • Review workflow with states: PENDING, APPROVED, REJECTED
  • Versioning via database triggers (trg_files_autoversion)
  • SHA-256 hash calculation for integrity
  • Folder structure per citizen with normalized naming

Access Request Workflow

  1. Issuer creates access request for approved documents
  2. End user receives notification and reviews request
  3. User approves or rejects the request
  4. Approved requests become time-limited access grants
  5. All access events are logged and can be traced on Fabric

Multi-Factor Authentication

End users authenticate with a two-step process:
  1. Verifiable credential proof via Indy (proving identity attributes)
  2. Second factor: TOTP (app-based) or Email OTP

Reports & Analytics

  • Administrative dashboard with configurable date ranges
  • Trend analysis by day/week/month
  • Top tables for documents, issuers, and users
  • Blockchain traceability viewer
  • PDF export with embedded charts

Architecture Overview

CCDigital is a Spring Boot monolith that integrates: 
┌─────────────────┐
│   Web Browser   │
└────────┬────────┘


┌─────────────────────────────────────────┐
│      Spring Boot Application            │
│  ┌──────────┬──────────┬──────────┐    │
│  │  Admin   │  Issuer  │   User   │    │
│  │  Module  │  Module  │  Module  │    │
│  └─────┬────┴─────┬────┴─────┬────┘    │
│        │          │          │         │
│  ┌─────▼──────────▼──────────▼─────┐   │
│  │      Spring Security             │   │
│  │  (Role-based Access Control)     │   │
│  └──────────────┬───────────────────┘   │
│                 │                       │
│  ┌──────────────▼───────────────────┐   │
│  │     Business Logic Services      │   │
│  └──────────────┬───────────────────┘   │
│                 │                       │
└─────────────────┼───────────────────────┘

     ┌────────────┼────────────┐
     │            │            │
     ▼            ▼            ▼
┌─────────┐  ┌──────────┐  ┌──────────┐
│  MySQL  │  │  Files   │  │Blockchain│
│Database │  │  System  │  │ Fabric   │
└─────────┘  └──────────┘  │  + Indy  │
                            └──────────┘

Source Code Structure

The project follows a clean package structure: 
src/main/java/co/edu/unbosque/ccdigital/
├── config/        # Configuration (security, properties, filters)
├── controller/    # MVC/REST endpoints for all modules
├── dto/           # Form objects and view models
├── entity/        # JPA entities (database tables)
├── repository/    # Spring Data repositories
├── security/      # Security principals and filters
└── service/       # Business logic and integrations

src/main/resources/
├── application.properties  # Environment-driven configuration
├── templates/              # Thymeleaf views (admin, issuer, user, auth)
└── static/                 # CSS, JavaScript, assets

Next Steps

Quickstart Guide

Set up CCDigital locally with Java 17, MySQL 8, and Docker

Architecture

Deep dive into system architecture and integration points

Documentation Principles

All technical documentation in this portal is extracted directly from the source code repository. No API signatures, endpoints, or features are invented. Every code example references real implementations in co/edu/unbosque/ccdigital/.

Build docs developers (and LLMs) love

Get started for freeTalk to us