Difference between revisions of "Did:orb"
From MgmtWiki
(→The Implementation) |
(→Server Purposes) |
||
| (24 intermediate revisions by the same user not shown) | |||
| Line 11: | Line 11: | ||
The current means to understand implemented servers are: | The current means to understand implemented servers are: | ||
{|border="1" padding="2" width="799px" | {|border="1" padding="2" width="799px" | ||
| − | | | + | | Term || Purpose or Behavior |
|- | |- | ||
| claim || An assertion made about a subject. (This can only be considered true if the term subject is interpreted very broadly.) | | claim || An assertion made about a subject. (This can only be considered true if the term subject is interpreted very broadly.) | ||
| Line 22: | Line 22: | ||
|- | |- | ||
|vct || [https://github.com/orgs/trustbloc/packages/container/package/vct Verifiable Credential Transparency] | |vct || [https://github.com/orgs/trustbloc/packages/container/package/vct Verifiable Credential Transparency] | ||
| + | |- | ||
| + | |ipfs || [https://ipfs.io/ Inter-planetary file system] | ||
|} | |} | ||
==The Implementation== | ==The Implementation== | ||
| + | * From code repo at https://github.com/trustbloc/orb | ||
===Server Purposes=== | ===Server Purposes=== | ||
| − | The current means to understand did:orb | + | The current means to understand did:orb base install. (not to be confused with a [[Leaf Node]] with about 1/2 of these servers) |
| − | {|border="1" padding="2" width=" | + | {|border="1" padding="2" width="1111px" |
| − | | | + | | Image || Command || Ports || Names |
| + | |- | ||
| + | | ghcr.io/trustbloc/orb:latest || "/usr/bin/orb start" || 0.0.0.0:48526->443/tcp || orb2.domain1.com | ||
| + | |- | ||
| + | | ghcr.io/trustbloc/orb:latest || "/usr/bin/orb start" || 0.0.0.0:48426->443/tcp || orb.domain2.com | ||
|- | |- | ||
| − | | | + | | ghcr.io/trustbloc/orb:latest || "/usr/bin/orb start" || 0.0.0.0:48326->443/tcp || orb.domain1.com |
| + | |- | ||
| + | | ghcr.io/trustbloc/orb:latest || "/usr/bin/orb start" || 0.0.0.0:48626->443/tcp || orb.domain3.com | ||
| + | |- | ||
| + | | ghcr.io/trustbloc-cicd/kms:0.1.7-snapshot-bff24d1 || "/bin/sh -c 'kms-res…" || 0.0.0.0:7878->7878/tcp || orb.kms | ||
| + | |- | ||
| + | | gcr.io/trillian-opensource-ci/log_signer:eac... || "/trillian_log_signe…" || 0.0.0.0:8091->8091/tcp || orb.trillian.log.signer | ||
| + | |- | ||
| + | | gcr.io/trillian-opensource-ci/log_server:eac... || "/trillian_log_serve…" || 0.0.0.0:8090->8090/tcp || orb.trillian.log.server | ||
| + | |- | ||
| + | | couchdb:3.1.0 || "tini -- /docker-ent…" || 4369/tcp, |4369/tcp,9100/tcp, 0.0.0.0:5986->5984/tcp || couchdb.shared.com | ||
|- | |- | ||
| − | | | + | | couchdb:3.1.0 || "tini -- /docker-ent…" || 4369/tcp,9100/tcp, 0.0.0.0:5984->5984/tcp || couchdb.kms.com |
|- | |- | ||
| − | | | + | | mysql:8.0.24 || "docker-entrypoint.s…" || 0.0.0.0:3306->3306/tcp, 33060/tcp || orb.mysql |
|- | |- | ||
| − | | | + | | ghcr.io/trustbloc/vct:v0.1.0 || "/usr/bin/vct start" || 0.0.0.0:8077->8077/tcp || orb.vct |
|- | |- | ||
| − | | | + | | ipfs/go-ipfs:master-2021-04-22-eea198f || "/sbin/tini -- /usr/…" || 4001/tcp, 8080-8081/tcp, 4001/udp, 0.0.0.0:5001->5001/tcp || ipfs |
|} | |} | ||
| − | ===Commentary | + | ===Commentary=== |
Troy Ronda (SecureKey) 2021-05-04 | Troy Ronda (SecureKey) 2021-05-04 | ||
| Line 92: | Line 109: | ||
In response to [[Executive Order on Cybersecurity]] these are the components that were required to build the product. It is not clear which parts actually provide code to the finished product, but they all contributed to the building of the finished product. Where finished product includes the certificates and other support files. | In response to [[Executive Order on Cybersecurity]] these are the components that were required to build the product. It is not clear which parts actually provide code to the finished product, but they all contributed to the building of the finished product. Where finished product includes the certificates and other support files. | ||
* Ubuntu 20.04 | * Ubuntu 20.04 | ||
| − | * sudo apt update - on 21-05-13 this installed 20 updates just in the past one month including many | + | * sudo apt update - on 21-05-13 this installed 20 updates just in the past one month including many libraries as well as python3 |
* GoLang 1.16.3 | * GoLang 1.16.3 | ||
* [https://hub.docker.com/r/frapsoft/openssl frapsoft/openssl] | * [https://hub.docker.com/r/frapsoft/openssl frapsoft/openssl] | ||
* Docker | * Docker | ||
* Docker-compose (both from docker-desktop) | * Docker-compose (both from docker-desktop) | ||
| + | ===Services=== | ||
| + | * [https://console.cloud.google.com/gcr/images/trillian-opensource-ci/GLOBAL trillion] - [https://opensource.google/projects/trillian documentation] | ||
| + | * ipfs | ||
* mysql:8.0.24 | * mysql:8.0.24 | ||
| − | |||
| − | |||
==References== | ==References== | ||
| + | * [https://securekey.com/securekeys-new-ledger-agnostic-solution-orb-helps-solve-decentralized-identifier-challenges/ SecureKey’s New Ledger-Agnostic Solution, Orb, Helps Solve Decentralized Identifier Challenges] 2021-06-10 | ||
[[Category: Identifier]] | [[Category: Identifier]] | ||
[[Category: Best Practice]] | [[Category: Best Practice]] | ||
Latest revision as of 17:22, 11 January 2024
Contents
Full Title
Description of the did:orb method implementation.
Context
still working on the implementation. I can let you know once we have the basics ready.
- make targets that produce the binary (make orb) and the docker image (make orb-docker).
- snapshot docker images here: https://github.com/orgs/trustbloc-cicd/packages/container/package/orb
- Once there is a release, there will be release images here: https://github.com/orgs/trustbloc/packages/container/package/orb (currently 404 due to no releases).
- This project serves as a incentive to assure that did methods can be testably secure and is tracked in the wiki page Open Source Security.
Taxonomy
The current means to understand implemented servers are:
| Term | Purpose or Behavior |
| claim | An assertion made about a subject. (This can only be considered true if the term subject is interpreted very broadly.) |
| subject | A thing about which claims are made.(Complete circulate - no real meaning at all.) |
| user agent | A program, such as a browser or other Web client, that mediates the communication between holders, issuers, and verifiers. (This does not match DID core well at all.) |
| validation | The assurance that a verifiable credential or a verifiable presentation meets the needs of a verifier and other dependent stakeholders. |
| vct | Verifiable Credential Transparency |
| ipfs | Inter-planetary file system |
The Implementation
- From code repo at https://github.com/trustbloc/orb
Server Purposes
The current means to understand did:orb base install. (not to be confused with a Leaf Node with about 1/2 of these servers)
| Image | Command | Ports | Names |
| ghcr.io/trustbloc/orb:latest | "/usr/bin/orb start" | 0.0.0.0:48526->443/tcp | orb2.domain1.com |
| ghcr.io/trustbloc/orb:latest | "/usr/bin/orb start" | 0.0.0.0:48426->443/tcp | orb.domain2.com |
| ghcr.io/trustbloc/orb:latest | "/usr/bin/orb start" | 0.0.0.0:48326->443/tcp | orb.domain1.com |
| ghcr.io/trustbloc/orb:latest | "/usr/bin/orb start" | 0.0.0.0:48626->443/tcp | orb.domain3.com |
| ghcr.io/trustbloc-cicd/kms:0.1.7-snapshot-bff24d1 | "/bin/sh -c 'kms-res…" | 0.0.0.0:7878->7878/tcp | orb.kms |
| gcr.io/trillian-opensource-ci/log_signer:eac... | "/trillian_log_signe…" | 0.0.0.0:8091->8091/tcp | orb.trillian.log.signer |
| gcr.io/trillian-opensource-ci/log_server:eac... | "/trillian_log_serve…" | 0.0.0.0:8090->8090/tcp | orb.trillian.log.server |
| couchdb:3.1.0 | "tini -- /docker-ent…" | 4369/tcp,9100/tcp, 0.0.0.0:5986->5984/tcp | couchdb.shared.com |
| couchdb:3.1.0 | "tini -- /docker-ent…" | 4369/tcp,9100/tcp, 0.0.0.0:5984->5984/tcp | couchdb.kms.com |
| mysql:8.0.24 | "docker-entrypoint.s…" | 0.0.0.0:3306->3306/tcp, 33060/tcp | orb.mysql |
| ghcr.io/trustbloc/vct:v0.1.0 | "/usr/bin/vct start" | 0.0.0.0:8077->8077/tcp | orb.vct |
| ipfs/go-ipfs:master-2021-04-22-eea198f | "/sbin/tini -- /usr/…" | 4001/tcp, 8080-8081/tcp, 4001/udp, 0.0.0.0:5001->5001/tcp | ipfs |
Commentary
Troy Ronda (SecureKey) 2021-05-04
In other news, we also pushed the first pre-release 0.1 version of vct and orb. It’s still early days - this is really a pre-release focused on early integration.
- We are also running devel domains to play with it (to be cleared):
- Sidetree endpoint discovery: https://orb-2.devel.trustbloc.dev/.well-known/did-orb
{"resolutionEndpoint":"https://orb-2.devel.trustbloc.dev/sidetree/v1/identifiers",
"operationEndpoint":"https://orb-2.devel.trustbloc.dev/sidetree/v1/operations"}
- Webfinger endpoint example: https://orb-1.devel.trustbloc.dev/.well-known/webfinger?resource=https%3A%2F%2Forb-1.devel.trustbloc.dev%2Fsidetree%2Fv1%2Fidentifiers
{"subject":"https://orb-1.devel.trustbloc.dev/sidetree/v1/identifiers",
"properties":{"https://trustbloc.dev/ns/min-resolvers":1},
"links":[{"rel":"self","href":"https://orb-1.devel.trustbloc.dev/sidetree/v1/identifiers"}]}
- Sidetree + ActivityPub example: https://orb-1.devel.trustbloc.dev/services/orb/outbox?page=true
- CAS example: https://orb-1.devel.trustbloc.dev/cas/Qmesb9uoKxsunwugVBrWrm9Lg6SkzQWEa7SMZTBxDxCsqF
- Resolution example: https://orb-1.devel.trustbloc.dev/sidetree/v1/identifiers/did:orb:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ (still need to add network prefixing).
- VCT signed tree head example: https://vct-1.devel.trustbloc.dev/ct/v1/get-entries?start=0&end=10
- VCT entries example: https://vct-1.devel.trustbloc.dev/ct/v1/get-sth
We’ll soon bring up a third dev domain so we can start seeing announcements.
Notice the canonical ID for that DID example above:
https://orb-1.devel.trustbloc.dev/sidetree/v1/identifiers/did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ
{"@context":"https://w3id.org/did-resolution/v1","didDocument":{"@context":["https://www.w3.org/ns/did/v1"],"authentication":["did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ#Q7BMDJdiSzpPOR5mqElxR9pZC_kYfMcFgLzEiKgQEaQ"],
"id":"did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ",
"verificationMethod":
[{"controller":"did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ",
"id":"did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ#Q7BMDJdiSzpPOR5mqElxR9pZC_kYfMcFgLzEiKgQEaQ",
"publicKeyBase58":"AoUECGhbgqUnGquhcXmTfVYd5HbaoNvVT9bnJ3PBmq5a",
"type":"Ed25519VerificationKey2018"}]},
"didDocumentMetadata":{"canonicalId":"did:orb:Qmesb9uoKxsunwugVBrWrm9Lg6SkzQWEa7SMZTBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ",
"method":{"anchorOrigin":"https://orb-2.devel.trustbloc.dev/services/orb",
"published":true,
"recoveryCommitment":"EiBfnPju3OqfWK2c5bZa3A2YfRMKar5ku35GxWpfBejSog",
"updateCommitment":"EiBcLBVXrO5IdjeJMQii6msigygYipRLmFxS0eQT-jfn6A"}}}
Did not run because go version files.
- Remove all GO and reinstall 1.16.3
then add these to ~/.profile
export GOROOT=/usr/local/go export GOPATH=$HOME/go export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
- Makefile is using abspath in call to frapsoft/openssl with is two unacknowledged dependencies in did:orb code.
Software Bill of Materials
In response to Executive Order on Cybersecurity these are the components that were required to build the product. It is not clear which parts actually provide code to the finished product, but they all contributed to the building of the finished product. Where finished product includes the certificates and other support files.
- Ubuntu 20.04
- sudo apt update - on 21-05-13 this installed 20 updates just in the past one month including many libraries as well as python3
- GoLang 1.16.3
- frapsoft/openssl
- Docker
- Docker-compose (both from docker-desktop)
Services
- trillion - documentation
- ipfs
- mysql:8.0.24
