Difference between revisions of "Did:orb"
From MgmtWiki
(Created page with "==Full Title== Description of the did:orb method implementation. ==Context== still working on the implementation. I can let you know once we have the basics ready. As to your...") |
(→Taxonomy) |
||
| (56 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
==Context== | ==Context== | ||
| − | still working on the implementation. I can let you know once we have the basics ready. | + | still working on the implementation. I can let you know once we have the basics ready. |
| + | *make targets that produce the binary (make orb) and the docker image (make orb-docker). | ||
| + | *snapshot docker images here: https://github.com/orgs/trustbloc-cicd/packages/container/package/orb | ||
| + | * Once there is a release, there will be release images here: https://github.com/orgs/trustbloc/packages/container/package/orb (currently 404 due to no releases). | ||
| + | * This project serves as a incentive to assure that did methods can be testably secure and is tracked in the wiki page [[Open Source Security]]. | ||
| + | ===Taxonomy=== | ||
| + | The current means to understand implemented servers are: | ||
| + | {|border="1" padding="2" width="799px" | ||
| + | | Term || Purpose or Behavior | ||
| + | |- | ||
| + | | claim || An assertion made about a subject. (This can only be considered true if the term subject is interpreted very broadly.) | ||
| + | |- | ||
| + | |subject || A thing about which claims are made.(Complete circulate - no real meaning at all.) | ||
| + | |- | ||
| + | | user agent || A program, such as a browser or other Web client, that mediates the communication between holders, issuers, and verifiers. (This does not match DID core well at all.) | ||
| + | |- | ||
| + | |validation|| The assurance that a verifiable credential or a verifiable presentation meets the needs of a verifier and other dependent stakeholders. | ||
| + | |- | ||
| + | |vct || [https://github.com/orgs/trustbloc/packages/container/package/vct Verifiable Credential Transparency] | ||
| + | |- | ||
| + | |ipfs || [https://ipfs.io/ Inter-planetary file system] | ||
| + | |} | ||
| + | |||
| + | ==The Implementation== | ||
| + | * From code repo at https://github.com/trustbloc/orb | ||
| + | |||
| + | ===Server Purposes=== | ||
| + | The current means to understand did:orb base install. (not to be confused with a leaf node with about 1/2 of these servers) | ||
| + | {|border="1" padding="2" width="1111px" | ||
| + | | Image || Command || Ports || Names | ||
| + | |- | ||
| + | | ghcr.io/trustbloc/orb:latest || "/usr/bin/orb start" || 0.0.0.0:48526->443/tcp || orb2.domain1.com | ||
| + | |- | ||
| + | | ghcr.io/trustbloc/orb:latest || "/usr/bin/orb start" || 0.0.0.0:48426->443/tcp || orb.domain2.com | ||
| + | |- | ||
| + | | ghcr.io/trustbloc/orb:latest || "/usr/bin/orb start" || 0.0.0.0:48326->443/tcp || orb.domain1.com | ||
| + | |- | ||
| + | | ghcr.io/trustbloc/orb:latest || "/usr/bin/orb start" || 0.0.0.0:48626->443/tcp || orb.domain3.com | ||
| + | |- | ||
| + | | ghcr.io/trustbloc-cicd/kms:0.1.7-snapshot-bff24d1 || "/bin/sh -c 'kms-res…" || 0.0.0.0:7878->7878/tcp || orb.kms | ||
| + | |- | ||
| + | | gcr.io/trillian-opensource-ci/log_signer:eac... || "/trillian_log_signe…" || 0.0.0.0:8091->8091/tcp || orb.trillian.log.signer | ||
| + | |- | ||
| + | | gcr.io/trillian-opensource-ci/log_server:eac... || "/trillian_log_serve…" || 0.0.0.0:8090->8090/tcp || orb.trillian.log.server | ||
| + | |- | ||
| + | | couchdb:3.1.0 || "tini -- /docker-ent…" || 4369/tcp, |4369/tcp,9100/tcp, 0.0.0.0:5986->5984/tcp || couchdb.shared.com | ||
| + | |- | ||
| + | | couchdb:3.1.0 || "tini -- /docker-ent…" || 4369/tcp,9100/tcp, 0.0.0.0:5984->5984/tcp || couchdb.kms.com | ||
| + | |- | ||
| + | | mysql:8.0.24 || "docker-entrypoint.s…" || 0.0.0.0:3306->3306/tcp, 33060/tcp || orb.mysql | ||
| + | |- | ||
| + | | ghcr.io/trustbloc/vct:v0.1.0 || "/usr/bin/vct start" || 0.0.0.0:8077->8077/tcp || orb.vct | ||
| + | |- | ||
| + | | ipfs/go-ipfs:master-2021-04-22-eea198f || "/sbin/tini -- /usr/…" || 4001/tcp, 8080-8081/tcp, 4001/udp, 0.0.0.0:5001->5001/tcp || ipfs | ||
| + | |} | ||
| + | |||
| + | ===Commentary=== | ||
| + | Troy Ronda (SecureKey) 2021-05-04 | ||
| + | |||
| + | In other news, we also pushed the first pre-release 0.1 version of [https://github.com/trustbloc/vct vct] and [https://github.com/trustbloc/orb orb]. It’s still early days - this is really a pre-release focused on early integration. | ||
| + | * We are also running devel domains to play with it (to be cleared): | ||
| + | * Sidetree endpoint discovery: https://orb-2.devel.trustbloc.dev/.well-known/did-orb | ||
| + | {"resolutionEndpoint":"https://orb-2.devel.trustbloc.dev/sidetree/v1/identifiers", | ||
| + | "operationEndpoint":"https://orb-2.devel.trustbloc.dev/sidetree/v1/operations"} | ||
| + | |||
| + | * Webfinger endpoint example: https://orb-1.devel.trustbloc.dev/.well-known/webfinger?resource=https%3A%2F%2Forb-1.devel.trustbloc.dev%2Fsidetree%2Fv1%2Fidentifiers | ||
| + | {"subject":"https://orb-1.devel.trustbloc.dev/sidetree/v1/identifiers", | ||
| + | "properties":{"https://trustbloc.dev/ns/min-resolvers":1}, | ||
| + | "links":[{"rel":"self","href":"https://orb-1.devel.trustbloc.dev/sidetree/v1/identifiers"}]} | ||
| + | |||
| + | * Sidetree + ActivityPub example: https://orb-1.devel.trustbloc.dev/services/orb/outbox?page=true | ||
| + | * CAS example: https://orb-1.devel.trustbloc.dev/cas/Qmesb9uoKxsunwugVBrWrm9Lg6SkzQWEa7SMZTBxDxCsqF | ||
| + | * Resolution example: https://orb-1.devel.trustbloc.dev/sidetree/v1/identifiers/did:orb:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ (still need to add network prefixing). | ||
| + | * VCT signed tree head example: https://vct-1.devel.trustbloc.dev/ct/v1/get-entries?start=0&end=10 | ||
| + | * VCT entries example: https://vct-1.devel.trustbloc.dev/ct/v1/get-sth | ||
| + | We’ll soon bring up a third dev domain so we can start seeing announcements. | ||
| + | <pre> | ||
| + | Notice the canonical ID for that DID example above: | ||
| + | https://orb-1.devel.trustbloc.dev/sidetree/v1/identifiers/did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ | ||
| + | |||
| + | {"@context":"https://w3id.org/did-resolution/v1","didDocument":{"@context":["https://www.w3.org/ns/did/v1"],"authentication":["did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ#Q7BMDJdiSzpPOR5mqElxR9pZC_kYfMcFgLzEiKgQEaQ"], | ||
| + | "id":"did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ", | ||
| + | "verificationMethod": | ||
| + | [{"controller":"did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ", | ||
| + | "id":"did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ#Q7BMDJdiSzpPOR5mqElxR9pZC_kYfMcFgLzEiKgQEaQ", | ||
| + | "publicKeyBase58":"AoUECGhbgqUnGquhcXmTfVYd5HbaoNvVT9bnJ3PBmq5a", | ||
| + | "type":"Ed25519VerificationKey2018"}]}, | ||
| + | "didDocumentMetadata":{"canonicalId":"did:orb:Qmesb9uoKxsunwugVBrWrm9Lg6SkzQWEa7SMZTBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ", | ||
| + | "method":{"anchorOrigin":"https://orb-2.devel.trustbloc.dev/services/orb", | ||
| + | "published":true, | ||
| + | "recoveryCommitment":"EiBfnPju3OqfWK2c5bZa3A2YfRMKar5ku35GxWpfBejSog", | ||
| + | "updateCommitment":"EiBcLBVXrO5IdjeJMQii6msigygYipRLmFxS0eQT-jfn6A"}}} | ||
| + | </pre> | ||
| + | |||
| + | Did not run because go version files. | ||
| + | * Remove all GO and reinstall 1.16.3 | ||
| + | then add these to ~/.profile | ||
| + | export GOROOT=/usr/local/go | ||
| + | export GOPATH=$HOME/go | ||
| + | export PATH=$GOPATH/bin:$GOROOT/bin:$PATH | ||
| + | |||
| + | * Makefile is using abspath in call to [https://hub.docker.com/r/frapsoft/openssl frapsoft/openssl] with is two unacknowledged dependencies in did:orb code. | ||
| + | |||
| + | ==Software Bill of Materials== | ||
| + | In response to [[Executive Order on Cybersecurity]] these are the components that were required to build the product. It is not clear which parts actually provide code to the finished product, but they all contributed to the building of the finished product. Where finished product includes the certificates and other support files. | ||
| + | * Ubuntu 20.04 | ||
| + | * sudo apt update - on 21-05-13 this installed 20 updates just in the past one month including many libraries as well as python3 | ||
| + | * GoLang 1.16.3 | ||
| + | * [https://hub.docker.com/r/frapsoft/openssl frapsoft/openssl] | ||
| + | * Docker | ||
| + | * Docker-compose (both from docker-desktop) | ||
| + | ===Services=== | ||
| + | * [https://console.cloud.google.com/gcr/images/trillian-opensource-ci/GLOBAL trillion] - [https://opensource.google/projects/trillian documentation] | ||
| + | * ipfs | ||
| + | * mysql:8.0.24 | ||
==References== | ==References== | ||
| + | * [https://securekey.com/securekeys-new-ledger-agnostic-solution-orb-helps-solve-decentralized-identifier-challenges/ SecureKey’s New Ledger-Agnostic Solution, Orb, Helps Solve Decentralized Identifier Challenges] 2021-06-10 | ||
| − | [[Category: | + | [[Category: Identifier]] |
[[Category: Best Practice]] | [[Category: Best Practice]] | ||
Revision as of 16:34, 13 June 2021
Contents
Full Title
Description of the did:orb method implementation.
Context
still working on the implementation. I can let you know once we have the basics ready.
- make targets that produce the binary (make orb) and the docker image (make orb-docker).
- snapshot docker images here: https://github.com/orgs/trustbloc-cicd/packages/container/package/orb
- Once there is a release, there will be release images here: https://github.com/orgs/trustbloc/packages/container/package/orb (currently 404 due to no releases).
- This project serves as a incentive to assure that did methods can be testably secure and is tracked in the wiki page Open Source Security.
Taxonomy
The current means to understand implemented servers are:
| Term | Purpose or Behavior |
| claim | An assertion made about a subject. (This can only be considered true if the term subject is interpreted very broadly.) |
| subject | A thing about which claims are made.(Complete circulate - no real meaning at all.) |
| user agent | A program, such as a browser or other Web client, that mediates the communication between holders, issuers, and verifiers. (This does not match DID core well at all.) |
| validation | The assurance that a verifiable credential or a verifiable presentation meets the needs of a verifier and other dependent stakeholders. |
| vct | Verifiable Credential Transparency |
| ipfs | Inter-planetary file system |
The Implementation
- From code repo at https://github.com/trustbloc/orb
Server Purposes
The current means to understand did:orb base install. (not to be confused with a leaf node with about 1/2 of these servers)
| Image | Command | Ports | Names |
| ghcr.io/trustbloc/orb:latest | "/usr/bin/orb start" | 0.0.0.0:48526->443/tcp | orb2.domain1.com |
| ghcr.io/trustbloc/orb:latest | "/usr/bin/orb start" | 0.0.0.0:48426->443/tcp | orb.domain2.com |
| ghcr.io/trustbloc/orb:latest | "/usr/bin/orb start" | 0.0.0.0:48326->443/tcp | orb.domain1.com |
| ghcr.io/trustbloc/orb:latest | "/usr/bin/orb start" | 0.0.0.0:48626->443/tcp | orb.domain3.com |
| ghcr.io/trustbloc-cicd/kms:0.1.7-snapshot-bff24d1 | "/bin/sh -c 'kms-res…" | 0.0.0.0:7878->7878/tcp | orb.kms |
| gcr.io/trillian-opensource-ci/log_signer:eac... | "/trillian_log_signe…" | 0.0.0.0:8091->8091/tcp | orb.trillian.log.signer |
| gcr.io/trillian-opensource-ci/log_server:eac... | "/trillian_log_serve…" | 0.0.0.0:8090->8090/tcp | orb.trillian.log.server |
| couchdb:3.1.0 | "tini -- /docker-ent…" | 4369/tcp,9100/tcp, 0.0.0.0:5986->5984/tcp | couchdb.shared.com |
| couchdb:3.1.0 | "tini -- /docker-ent…" | 4369/tcp,9100/tcp, 0.0.0.0:5984->5984/tcp | couchdb.kms.com |
| mysql:8.0.24 | "docker-entrypoint.s…" | 0.0.0.0:3306->3306/tcp, 33060/tcp | orb.mysql |
| ghcr.io/trustbloc/vct:v0.1.0 | "/usr/bin/vct start" | 0.0.0.0:8077->8077/tcp | orb.vct |
| ipfs/go-ipfs:master-2021-04-22-eea198f | "/sbin/tini -- /usr/…" | 4001/tcp, 8080-8081/tcp, 4001/udp, 0.0.0.0:5001->5001/tcp | ipfs |
Commentary
Troy Ronda (SecureKey) 2021-05-04
In other news, we also pushed the first pre-release 0.1 version of vct and orb. It’s still early days - this is really a pre-release focused on early integration.
- We are also running devel domains to play with it (to be cleared):
- Sidetree endpoint discovery: https://orb-2.devel.trustbloc.dev/.well-known/did-orb
{"resolutionEndpoint":"https://orb-2.devel.trustbloc.dev/sidetree/v1/identifiers",
"operationEndpoint":"https://orb-2.devel.trustbloc.dev/sidetree/v1/operations"}
- Webfinger endpoint example: https://orb-1.devel.trustbloc.dev/.well-known/webfinger?resource=https%3A%2F%2Forb-1.devel.trustbloc.dev%2Fsidetree%2Fv1%2Fidentifiers
{"subject":"https://orb-1.devel.trustbloc.dev/sidetree/v1/identifiers",
"properties":{"https://trustbloc.dev/ns/min-resolvers":1},
"links":[{"rel":"self","href":"https://orb-1.devel.trustbloc.dev/sidetree/v1/identifiers"}]}
- Sidetree + ActivityPub example: https://orb-1.devel.trustbloc.dev/services/orb/outbox?page=true
- CAS example: https://orb-1.devel.trustbloc.dev/cas/Qmesb9uoKxsunwugVBrWrm9Lg6SkzQWEa7SMZTBxDxCsqF
- Resolution example: https://orb-1.devel.trustbloc.dev/sidetree/v1/identifiers/did:orb:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ (still need to add network prefixing).
- VCT signed tree head example: https://vct-1.devel.trustbloc.dev/ct/v1/get-entries?start=0&end=10
- VCT entries example: https://vct-1.devel.trustbloc.dev/ct/v1/get-sth
We’ll soon bring up a third dev domain so we can start seeing announcements.
Notice the canonical ID for that DID example above:
https://orb-1.devel.trustbloc.dev/sidetree/v1/identifiers/did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ
{"@context":"https://w3id.org/did-resolution/v1","didDocument":{"@context":["https://www.w3.org/ns/did/v1"],"authentication":["did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ#Q7BMDJdiSzpPOR5mqElxR9pZC_kYfMcFgLzEiKgQEaQ"],
"id":"did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ",
"verificationMethod":
[{"controller":"did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ",
"id":"did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ#Q7BMDJdiSzpPOR5mqElxR9pZC_kYfMcFgLzEiKgQEaQ",
"publicKeyBase58":"AoUECGhbgqUnGquhcXmTfVYd5HbaoNvVT9bnJ3PBmq5a",
"type":"Ed25519VerificationKey2018"}]},
"didDocumentMetadata":{"canonicalId":"did:orb:Qmesb9uoKxsunwugVBrWrm9Lg6SkzQWEa7SMZTBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ",
"method":{"anchorOrigin":"https://orb-2.devel.trustbloc.dev/services/orb",
"published":true,
"recoveryCommitment":"EiBfnPju3OqfWK2c5bZa3A2YfRMKar5ku35GxWpfBejSog",
"updateCommitment":"EiBcLBVXrO5IdjeJMQii6msigygYipRLmFxS0eQT-jfn6A"}}}
Did not run because go version files.
- Remove all GO and reinstall 1.16.3
then add these to ~/.profile
export GOROOT=/usr/local/go export GOPATH=$HOME/go export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
- Makefile is using abspath in call to frapsoft/openssl with is two unacknowledged dependencies in did:orb code.
Software Bill of Materials
In response to Executive Order on Cybersecurity these are the components that were required to build the product. It is not clear which parts actually provide code to the finished product, but they all contributed to the building of the finished product. Where finished product includes the certificates and other support files.
- Ubuntu 20.04
- sudo apt update - on 21-05-13 this installed 20 updates just in the past one month including many libraries as well as python3
- GoLang 1.16.3
- frapsoft/openssl
- Docker
- Docker-compose (both from docker-desktop)
Services
- trillion - documentation
- ipfs
- mysql:8.0.24
