Did:orb
Contents
Full Title
Description of the did:orb method implementation.
Context
still working on the implementation. I can let you know once we have the basics ready.
- make targets that produce the binary (make orb) and the docker image (make orb-docker).
- snapshot docker images here: https://github.com/orgs/trustbloc-cicd/packages/container/package/orb
- Once there is a release, there will be release images here: https://github.com/orgs/trustbloc/packages/container/package/orb (currently 404 due to no releases).
- This project serves as a incentive to assure that did methods can be testably secure and is tracked in the wiki page Open Source Security.
Taxonomy
The current means to understand implemented servers are:
| server | Purpose or Behavior |
| claim | An assertion made about a subject. (This can only be considered true if the term subject is interpreted very broadly.) |
| subject | A thing about which claims are made.(Complete circulate - no real meaning at all.) |
| user agent | A program, such as a browser or other Web client, that mediates the communication between holders, issuers, and verifiers. (This does not match DID core well at all.) |
| validation | The assurance that a verifiable credential or a verifiable presentation meets the needs of a verifier and other dependent stakeholders. |
| vct | Verifiable Credential Transparency |
The Implementation
Server Purposes
The current means to understand did:orb are:
| Term | Meaning or Behavior |
| claim | An assertion made about a subject. (This can only be considered true if the term subject is interpreted very broadly.) |
| subject | A thing about which claims are made.(Complete circulate - no real meaning at all.) |
| user agent | A program, such as a browser or other Web client, that mediates the communication between holders, issuers, and verifiers. (This does not match DID core well at all.) |
| validation | The assurance that a verifiable credential or a verifiable presentation meets the needs of a verifier and other dependent stakeholders. |
| NAMES | |
| 5651d50298a7 ghcr.io/trustbloc/orb:latest "/usr/bin/orb start" 26 hours ago Up 26 hours 0.0.0.0:48526->443/tcp orb2.domain1.com | |
| a8d4533079a9 ghcr.io/trustbloc/orb:latest "/usr/bin/orb start" 26 hours ago Up 26 hours 0.0.0.0:48426->443/tcp orb.domain2.com
379dade5c95a ghcr.io/trustbloc/orb:latest "/usr/bin/orb start" 26 hours ago Up 26 hours 0.0.0.0:48326->443/tcp orb.domain1.com fd8484cb3e96 ghcr.io/trustbloc/orb:latest "/usr/bin/orb start" 26 hours ago Up 26 hours 0.0.0.0:48626->443/tcp orb.domain3.com 7b34a2224249 ghcr.io/trustbloc-cicd/kms:0.1.7-snapshot-bff24d1 "/bin/sh -c 'kms-res…" 26 hours ago Up 26 hours 0.0.0.0:7878->7878/tcp orb.kms 13d1e5366c99 gcr.io/trillian-opensource-ci/log_signer:eacf01ddf6503e04cda3ee941d94820f139c7737 "/trillian_log_signe…" 26 hours ago Up 26 hours 0.0.0.0:8091->8091/tcp orb.trillian.log.signer c91afb7f97c2 gcr.io/trillian-opensource-ci/log_server:eacf01ddf6503e04cda3ee941d94820f139c7737 "/trillian_log_serve…" 26 hours ago Up 26 hours 0.0.0.0:8090->8090/tcp orb.trillian.log.server 27df65285e9b couchdb:3.1.0 "tini -- /docker-ent…" 26 hours ago Up 26 hours 4369/tcp, 9100/tcp, 0.0.0.0:5986->5984/tcp couchdb.shared.com 637fc1b9f2ab couchdb:3.1.0 "tini -- /docker-ent…" 26 hours ago Up 26 hours 4369/tcp, 9100/tcp, 0.0.0.0:5984->5984/tcp couchdb.kms.com 11c9d20c1d1e mysql:8.0.24 "docker-entrypoint.s…" 26 hours ago Up 26 hours 0.0.0.0:3306->3306/tcp, 33060/tcp orb.mysql e9e4dab25c5a ghcr.io/trustbloc/vct:v0.1.0 "/usr/bin/vct start" 26 hours ago Up 26 hours 0.0.0.0:8077->8077/tcp orb.vct 7a55aaefcfbd ipfs/go-ipfs:master-2021-04-22-eea198f "/sbin/tini -- /usr/…" 26 hours ago Up 26 hours 4001/tcp, 8080-8081/tcp, 4001/udp, 0.0.0.0:5001->5001/tcp ipfs |
Commentary
Troy Ronda (SecureKey) 2021-05-04
In other news, we also pushed the first pre-release 0.1 version of vct and orb. It’s still early days - this is really a pre-release focused on early integration.
- We are also running devel domains to play with it (to be cleared):
- Sidetree endpoint discovery: https://orb-2.devel.trustbloc.dev/.well-known/did-orb
{"resolutionEndpoint":"https://orb-2.devel.trustbloc.dev/sidetree/v1/identifiers",
"operationEndpoint":"https://orb-2.devel.trustbloc.dev/sidetree/v1/operations"}
- Webfinger endpoint example: https://orb-1.devel.trustbloc.dev/.well-known/webfinger?resource=https%3A%2F%2Forb-1.devel.trustbloc.dev%2Fsidetree%2Fv1%2Fidentifiers
{"subject":"https://orb-1.devel.trustbloc.dev/sidetree/v1/identifiers",
"properties":{"https://trustbloc.dev/ns/min-resolvers":1},
"links":[{"rel":"self","href":"https://orb-1.devel.trustbloc.dev/sidetree/v1/identifiers"}]}
- Sidetree + ActivityPub example: https://orb-1.devel.trustbloc.dev/services/orb/outbox?page=true
- CAS example: https://orb-1.devel.trustbloc.dev/cas/Qmesb9uoKxsunwugVBrWrm9Lg6SkzQWEa7SMZTBxDxCsqF
- Resolution example: https://orb-1.devel.trustbloc.dev/sidetree/v1/identifiers/did:orb:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ (still need to add network prefixing).
- VCT signed tree head example: https://vct-1.devel.trustbloc.dev/ct/v1/get-entries?start=0&end=10
- VCT entries example: https://vct-1.devel.trustbloc.dev/ct/v1/get-sth
We’ll soon bring up a third dev domain so we can start seeing announcements.
Notice the canonical ID for that DID example above:
https://orb-1.devel.trustbloc.dev/sidetree/v1/identifiers/did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ
{"@context":"https://w3id.org/did-resolution/v1","didDocument":{"@context":["https://www.w3.org/ns/did/v1"],"authentication":["did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ#Q7BMDJdiSzpPOR5mqElxR9pZC_kYfMcFgLzEiKgQEaQ"],
"id":"did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ",
"verificationMethod":
[{"controller":"did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ",
"id":"did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ#Q7BMDJdiSzpPOR5mqElxR9pZC_kYfMcFgLzEiKgQEaQ",
"publicKeyBase58":"AoUECGhbgqUnGquhcXmTfVYd5HbaoNvVT9bnJ3PBmq5a",
"type":"Ed25519VerificationKey2018"}]},
"didDocumentMetadata":{"canonicalId":"did:orb:Qmesb9uoKxsunwugVBrWrm9Lg6SkzQWEa7SMZTBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ",
"method":{"anchorOrigin":"https://orb-2.devel.trustbloc.dev/services/orb",
"published":true,
"recoveryCommitment":"EiBfnPju3OqfWK2c5bZa3A2YfRMKar5ku35GxWpfBejSog",
"updateCommitment":"EiBcLBVXrO5IdjeJMQii6msigygYipRLmFxS0eQT-jfn6A"}}}
Did not run because go version files.
- Remove all GO and reinstall 1.16.3
then add these to ~/.profile
export GOROOT=/usr/local/go export GOPATH=$HOME/go export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
- Makefile is using abspath in call to frapsoft/openssl with is two unacknowledged dependencies in did:orb code.
Software Bill of Materials
In response to Executive Order on Cybersecurity these are the components that were required to build the product. It is not clear which parts actually provide code to the finished product, but they all contributed to the building of the finished product. Where finished product includes the certificates and other support files.
- Ubuntu 20.04
- sudo apt update - on 21-05-13 this installed 20 updates just in the past one month including many library as well as paython3
- GoLang 1.16.3
- frapsoft/openssl
- Docker
- Docker-compose (both from docker-desktop)
- mysql:8.0.24
Responses to the Order
With in a day the Linux Foundation had responded with rosy predictions.
