Did:orb
From MgmtWiki
Contents
Full Title
Description of the did:orb method implementation.
Context
still working on the implementation. I can let you know once we have the basics ready.
- make targets that produce the binary (make orb) and the docker image (make orb-docker).
- snapshot docker images here: https://github.com/orgs/trustbloc-cicd/packages/container/package/orb
- Once there is a release, there will be release images here: https://github.com/orgs/trustbloc/packages/container/package/orb (currently 404 due to no releases).
- This project serves as a incentive to assure that did methods can be testably secure and is tracked in the wiki page Open Source Security.
Taxonomy
The current means to understand implemented servers are:
| server | Purpose or Behavior |
| claim | An assertion made about a subject. (This can only be considered true if the term subject is interpreted very broadly.) |
| subject | A thing about which claims are made.(Complete circulate - no real meaning at all.) |
| user agent | A program, such as a browser or other Web client, that mediates the communication between holders, issuers, and verifiers. (This does not match DID core well at all.) |
| validation | The assurance that a verifiable credential or a verifiable presentation meets the needs of a verifier and other dependent stakeholders. |
| vct | Verifiable Credential Transparency |
The Implementation
Server Purposes
The current means to understand did:orb are:
| Term | Meaning or Behavior | |
| claim | An assertion made about a subject. (This can only be considered true if the term subject is interpreted very broadly.) | |
| subject | A thing about which claims are made.(Complete circulate - no real meaning at all.) | |
| user agent | A program, such as a browser or other Web client, that mediates the communication between holders, issuers, and verifiers. (This does not match DID core well at all.) | |
| validation | The assurance that a verifiable credential or a verifiable presentation meets the needs of a verifier and other dependent stakeholders. | |
| NAMES | ||
| ghcr.io/trustbloc/orb:latest | "/usr/bin/orb start" 26 hours ago Up 26 hours 0.0.0.0:48526->443/tcp orb2.domain1.com | |
| ghcr.io/trustbloc/orb:latest | "/usr/bin/orb start" 26 hours ago Up 26 hours 0.0.0.0:48426->443/tcp orb.domain2.com | |
| ghcr.io/trustbloc/orb:latest | "/usr/bin/orb start" 26 hours ago Up 26 hours 0.0.0.0:48326->443/tcp orb.domain1.com | |
| ghcr.io/trustbloc/orb:latest | "/usr/bin/orb start" 26 hours ago Up 26 hours 0.0.0.0:48626->443/tcp orb.domain3.com | |
| ghcr.io/trustbloc-cicd/kms:0.1.7-snapshot-bff24d1 | "/bin/sh -c 'kms-res…" 26 hours ago Up 26 hours 0.0.0.0:7878->7878/tcp orb.kms | |
| gcr.io/trillian-opensource-ci/log_signer:eacf01ddf6503e04cda3ee941d94820f139c7737 | "/trillian_log_signe…" 26 hours ago Up 26 hours 0.0.0.0:8091->8091/tcp orb.trillian.log.signer | |
| gcr.io/trillian-opensource-ci/log_server:eacf01ddf6503e04cda3ee941d94820f139c7737 | "/trillian_log_serve…" 26 hours ago Up 26 hours 0.0.0.0:8090->8090/tcp orb.trillian.log.server | |
| couchdb:3.1.0 | -9100/tcp, 0.0.0.0:5986->5984/tcp | |
| couchdb.shared.com | - | 9100/tcp, 0.0.0.0:5984->5984/tcp |
| = | mysql:8.0.24 | "docker-entrypoint.s…" 26 hours ago Up 26 hours 0.0.0.0:3306->3306/tcp, 33060/tcp orb.mysql |
| ghcr.io/trustbloc/vct:v0.1.0 | "/usr/bin/vct start" 26 hours ago Up 26 hours 0.0.0.0:8077->8077/tcp orb.vct | |
| ipfs/go-ipfs:master-2021-04-22-eea198f | "/sbin/tini -- /usr/…" 26 hours ago Up 26 hours 4001/tcp, 8080-8081/tcp, 4001/udp, 0.0.0.0:5001->5001/tcp ipfs |
Commentary
Troy Ronda (SecureKey) 2021-05-04
In other news, we also pushed the first pre-release 0.1 version of vct and orb. It’s still early days - this is really a pre-release focused on early integration.
- We are also running devel domains to play with it (to be cleared):
- Sidetree endpoint discovery: https://orb-2.devel.trustbloc.dev/.well-known/did-orb
{"resolutionEndpoint":"https://orb-2.devel.trustbloc.dev/sidetree/v1/identifiers",
"operationEndpoint":"https://orb-2.devel.trustbloc.dev/sidetree/v1/operations"}
- Webfinger endpoint example: https://orb-1.devel.trustbloc.dev/.well-known/webfinger?resource=https%3A%2F%2Forb-1.devel.trustbloc.dev%2Fsidetree%2Fv1%2Fidentifiers
{"subject":"https://orb-1.devel.trustbloc.dev/sidetree/v1/identifiers",
"properties":{"https://trustbloc.dev/ns/min-resolvers":1},
"links":[{"rel":"self","href":"https://orb-1.devel.trustbloc.dev/sidetree/v1/identifiers"}]}
- Sidetree + ActivityPub example: https://orb-1.devel.trustbloc.dev/services/orb/outbox?page=true
- CAS example: https://orb-1.devel.trustbloc.dev/cas/Qmesb9uoKxsunwugVBrWrm9Lg6SkzQWEa7SMZTBxDxCsqF
- Resolution example: https://orb-1.devel.trustbloc.dev/sidetree/v1/identifiers/did:orb:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ (still need to add network prefixing).
- VCT signed tree head example: https://vct-1.devel.trustbloc.dev/ct/v1/get-entries?start=0&end=10
- VCT entries example: https://vct-1.devel.trustbloc.dev/ct/v1/get-sth
We’ll soon bring up a third dev domain so we can start seeing announcements.
Notice the canonical ID for that DID example above:
https://orb-1.devel.trustbloc.dev/sidetree/v1/identifiers/did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ
{"@context":"https://w3id.org/did-resolution/v1","didDocument":{"@context":["https://www.w3.org/ns/did/v1"],"authentication":["did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ#Q7BMDJdiSzpPOR5mqElxR9pZC_kYfMcFgLzEiKgQEaQ"],
"id":"did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ",
"verificationMethod":
[{"controller":"did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ",
"id":"did:orb:Qmesb9uoKxsunwugVBrWrm9[…]TBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ#Q7BMDJdiSzpPOR5mqElxR9pZC_kYfMcFgLzEiKgQEaQ",
"publicKeyBase58":"AoUECGhbgqUnGquhcXmTfVYd5HbaoNvVT9bnJ3PBmq5a",
"type":"Ed25519VerificationKey2018"}]},
"didDocumentMetadata":{"canonicalId":"did:orb:Qmesb9uoKxsunwugVBrWrm9Lg6SkzQWEa7SMZTBxDxCsqF:EiAfjRj4_Wo2tyQBsoeOEH1FHd481iwGnwbcAM_DeqZEoQ",
"method":{"anchorOrigin":"https://orb-2.devel.trustbloc.dev/services/orb",
"published":true,
"recoveryCommitment":"EiBfnPju3OqfWK2c5bZa3A2YfRMKar5ku35GxWpfBejSog",
"updateCommitment":"EiBcLBVXrO5IdjeJMQii6msigygYipRLmFxS0eQT-jfn6A"}}}
Did not run because go version files.
- Remove all GO and reinstall 1.16.3
then add these to ~/.profile
export GOROOT=/usr/local/go export GOPATH=$HOME/go export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
- Makefile is using abspath in call to frapsoft/openssl with is two unacknowledged dependencies in did:orb code.
Software Bill of Materials
In response to Executive Order on Cybersecurity these are the components that were required to build the product. It is not clear which parts actually provide code to the finished product, but they all contributed to the building of the finished product. Where finished product includes the certificates and other support files.
- Ubuntu 20.04
- sudo apt update - on 21-05-13 this installed 20 updates just in the past one month including many library as well as paython3
- GoLang 1.16.3
- frapsoft/openssl
- Docker
- Docker-compose (both from docker-desktop)
- mysql:8.0.24
Responses to the Order
With in a day the Linux Foundation had responded with rosy predictions.
