You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@milagro.apache.org by ki...@apache.org on 2019/06/28 14:40:24 UTC
[incubator-milagro] branch dta/overview created (now 00124cd)
This is an automated email from the ASF dual-hosted git repository.
kittohoward pushed a change to branch dta/overview
in repository https://gitbox.apache.org/repos/asf/incubator-milagro.git.
at 00124cd dta details
This branch includes the following new commits:
new 8e4a95a dta overview introduction
new 5d27fa0 update text
new a8918e2 Merge branch 'dev' into dta/overview
new 8012882 overview page one
new 9ef5e2d first start
new 00124cd dta details
The 6 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[incubator-milagro] 02/06: update text
Posted by ki...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
kittohoward pushed a commit to branch dta/overview
in repository https://gitbox.apache.org/repos/asf/incubator-milagro.git
commit 5d27fa0e638f2cd237cd874d0b020392abaea1bd
Author: howardkitto <ki...@gmail.com>
AuthorDate: Thu Jun 27 16:57:50 2019 +0100
update text
---
docs/d-ta-overview.md | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/docs/d-ta-overview.md b/docs/d-ta-overview.md
index 861f91a..b4c71a8 100644
--- a/docs/d-ta-overview.md
+++ b/docs/d-ta-overview.md
@@ -4,6 +4,20 @@ title: Decentralized Trust Authority Overview
sidebar_label: D-TA Node Overview
---
+## Introduction
+
+Apache Milagro Distributed Trust Authority is a server application that enables you to generate and secure secret keys using the Milagro Cryptographic libraries. In future releases we aim to enable a wide range of keys to be generated including type 3 pairing keys that can be used to authorise MPIN authentication servers and as client secrets. Securing of keys is enabled in RC1 - and is the focus of this documentation.
+
+## Safeguarding Secrets
+
+Inorder to safeguard a secret a pair of Milagro DTA servers is required, a client (refered to as the Principal) and a server (refered to as a Fiduciary) in addition the third party can be nominated at the ultimate recipient of the secret (refered to as the Beneficiary). This can be imagined like a "network HSM". Here is a VERY simplified version of the process:
+
+
+
+
+
+
+
:::tip WE NEED HELP DOCUMENTING!
Interested in becoming a contributor? Milagro is looking for you.
[CONTRIBUTOR'S GUIDE](/docs/contributor-guide.html).
[incubator-milagro] 06/06: dta details
Posted by ki...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
kittohoward pushed a commit to branch dta/overview
in repository https://gitbox.apache.org/repos/asf/incubator-milagro.git
commit 00124cded6afab8d7369a028aea542338dc6b831
Author: howardkitto <ki...@gmail.com>
AuthorDate: Fri Jun 28 15:39:58 2019 +0100
dta details
---
docs/dta-details/authentication.md | 18 +++++++++++++++++
docs/dta-details/identity-documents.md | 36 ++++++++++++++++++++++++++++++++++
docs/dta-details/why-ipfs.md | 7 +++++++
3 files changed, 61 insertions(+)
diff --git a/docs/dta-details/authentication.md b/docs/dta-details/authentication.md
new file mode 100644
index 0000000..2c25830
--- /dev/null
+++ b/docs/dta-details/authentication.md
@@ -0,0 +1,18 @@
+---
+id: authentication
+title: Authentication
+sidebar_label: Authentication
+---
+Milagro DTA's endpoints are "in the clear" by default but if you set these flags you can have the endpoints authenticate against your oAuth provider of choice.
+
+This will secure the REST API endpoints /identity and /order
+
+The RPC endpoints /fulfill are protected using the Milagro communicatio protocol (oAuth is not required)
+
+```
+config.yaml
+
+oidc_provider: URL for oAuth endpoint
+oidc_client_id: _your server secret_
+
+```
\ No newline at end of file
diff --git a/docs/dta-details/identity-documents.md b/docs/dta-details/identity-documents.md
new file mode 100644
index 0000000..bcbdbdb
--- /dev/null
+++ b/docs/dta-details/identity-documents.md
@@ -0,0 +1,36 @@
+---
+id: identity-documents
+title: Identity Documents
+sidebar_label: Identity Documents
+---
+The first problem that Milagro-DTA aims to solve is how actors in the system can identify and trust each other. In order to participate in the Milagro DTA safeguarding process each actor must publish a set of public keys into IPFS. The IPFS hash for an identity documents is then the ID for each actor.
+
+In order to create an identity document Milagro DTA provides the following endpoint.
+
+[POST: /identity](http://localhost:3000/swagger/index.html#/identity/createIdentity)
+
+The document contains public keys for signing and key encapsulation. The Milagro DTA communication protocol uses protbufs for serialisation, the defitnition of an identity document is:
+```
+message IDDocument {
+ string AuthenticationReference = 2 ;
+ bytes SikePublicKey = 3 ;
+ bytes PicnicPublicKey = 4 ;
+ string Handle = 5 ;
+ string Email = 6 ;
+ string Username = 7 ;
+ int64 Timestamp = 8;
+}
+```
+Authentication reference refers to Milagro's out of the box oAuth integration
+
+The node that is used to create an identity document will store the seed and secret keys associated with the Identity. In RC1 these are store as a JSON file in the key value store:
+
+```
+//IdentitySecrets - keys required for decryption and signing
+type IdentitySecrets struct {
+ Name string `json:"name"`
+ Seed string `json:"seed"`
+ SikeSecretKey string `json:"sikeSecretKey"`
+ PicnicSecretKey string `json:"picnicSecretKey"`
+}
+```
\ No newline at end of file
diff --git a/docs/dta-details/why-ipfs.md b/docs/dta-details/why-ipfs.md
new file mode 100644
index 0000000..abd5d74
--- /dev/null
+++ b/docs/dta-details/why-ipfs.md
@@ -0,0 +1,7 @@
+---
+id: why-ipfs
+title: Why IPFS?
+sidebar_label: Why IPFS?
+---
+
+Milagro DTA aims to provide and auditable record of all interactions between actors in the system. Whenever a secret is created or redeemed an imutable, secure and attributrable record is kep. It is vital that all the actors in the system can refer to an agreed record of these transactions incase of dispute or inresponse to requests from third parties such as law enforcement or audit / compl
\ No newline at end of file
[incubator-milagro] 04/06: overview page one
Posted by ki...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
kittohoward pushed a commit to branch dta/overview
in repository https://gitbox.apache.org/repos/asf/incubator-milagro.git
commit 8012882181d1bbd09a299acceb325962cde776fa
Author: howardkitto <ki...@gmail.com>
AuthorDate: Fri Jun 28 14:11:30 2019 +0100
overview page one
---
docs/d-ta-overview.md | 30 ++++++++++++++++++++++++++----
website/static/img/dta/Figure1.png | Bin 58639 -> 0 bytes
website/static/img/dta/RC1-Ecosystem.png | Bin 0 -> 86849 bytes
website/static/img/dta/RC1-Overview-1.png | Bin 0 -> 28513 bytes
4 files changed, 26 insertions(+), 4 deletions(-)
diff --git a/docs/d-ta-overview.md b/docs/d-ta-overview.md
index b4c71a8..b3f6bb9 100644
--- a/docs/d-ta-overview.md
+++ b/docs/d-ta-overview.md
@@ -4,16 +4,38 @@ title: Decentralized Trust Authority Overview
sidebar_label: D-TA Node Overview
---
-## Introduction
+# Introduction
-Apache Milagro Distributed Trust Authority is a server application that enables you to generate and secure secret keys using the Milagro Cryptographic libraries. In future releases we aim to enable a wide range of keys to be generated including type 3 pairing keys that can be used to authorise MPIN authentication servers and as client secrets. Securing of keys is enabled in RC1 - and is the focus of this documentation.
+Apache Milagro Distributed Trust Authority is a server application that enables you to generate and secure secret keys using the Milagro Cryptographic libraries. Securing of secret keys (Safeguarding) is enabled in RC1 - and is the focus of this documentation. In future releases we aim to enable a wide range of keys to be generated including Type-3 Pairing Keys that can be used to authorise MPIN authentication servers and as client secrets.
## Safeguarding Secrets
-Inorder to safeguard a secret a pair of Milagro DTA servers is required, a client (refered to as the Principal) and a server (refered to as a Fiduciary) in addition the third party can be nominated at the ultimate recipient of the secret (refered to as the Beneficiary). This can be imagined like a "network HSM". Here is a VERY simplified version of the process:
+In order to safeguard a secret, a pair of Milagro DTA servers is required: a client (refered to as the Principal) and a server (refered to as a Fiduciary). In addition a third party can be nominated as the ultimate recipient of the secret (refered to as the Beneficiary). This system can be imagined like a "network HSM". Here is a VERY simplified version of the process:
-
+
+## Milagro DTA is Not Secure (on its own)
+The key seed is the focus of the system - Milagro DTA aims to provide a method for communicating with organisations who provide services for securing seeds (Custodians), it does not prescribe how the securing should be done. We hope that many custodial services will adopt Milagro as a communication protocol and that they will bring a proffusion of security paradigms: working together we can make the Internet a safer place. The most basic implementation of Milagro should secure seeds in a [...]
+
+## The Milagro Communication Protocol
+Milagro DTA provides a secure, distributed method of communication between beneficiaries, principals and fiduciaries. It aims to solve the following problems:
+
+1. How can actors in the system be identified and trusted?
+
+ **Answer:** Identity Documents
+2. How can records of interactions between actors in the system be trusted and verified?
+
+ **Answer:** Encrypted Envelopes via IPFS
+3. How can conditions for revealing or using secrets be specified?
+
+ **Answer:** Redemption Policies
+4. How can different custodial services provide their own "special security sauce"?
+
+ **Answer:** Plugins
+
+A more complete view of the Milagro DTA ecosystem is shown below
+
+
diff --git a/website/static/img/dta/Figure1.png b/website/static/img/dta/Figure1.png
deleted file mode 100644
index 4c08ad6..0000000
Binary files a/website/static/img/dta/Figure1.png and /dev/null differ
diff --git a/website/static/img/dta/RC1-Ecosystem.png b/website/static/img/dta/RC1-Ecosystem.png
new file mode 100644
index 0000000..59bf721
Binary files /dev/null and b/website/static/img/dta/RC1-Ecosystem.png differ
diff --git a/website/static/img/dta/RC1-Overview-1.png b/website/static/img/dta/RC1-Overview-1.png
new file mode 100644
index 0000000..5fdfa85
Binary files /dev/null and b/website/static/img/dta/RC1-Overview-1.png differ
[incubator-milagro] 01/06: dta overview introduction
Posted by ki...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
kittohoward pushed a commit to branch dta/overview
in repository https://gitbox.apache.org/repos/asf/incubator-milagro.git
commit 8e4a95abcf444605b3539977ea568e6d3b3ab11c
Author: howardkitto <ki...@gmail.com>
AuthorDate: Thu Jun 27 16:57:22 2019 +0100
dta overview introduction
---
website/static/img/dta/Figure1.png | Bin 0 -> 58639 bytes
1 file changed, 0 insertions(+), 0 deletions(-)
diff --git a/website/static/img/dta/Figure1.png b/website/static/img/dta/Figure1.png
new file mode 100644
index 0000000..4c08ad6
Binary files /dev/null and b/website/static/img/dta/Figure1.png differ
[incubator-milagro] 03/06: Merge branch 'dev' into dta/overview
Posted by ki...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
kittohoward pushed a commit to branch dta/overview
in repository https://gitbox.apache.org/repos/asf/incubator-milagro.git
commit a8918e2dba384a9b786e07a5241aa604f703ad9b
Merge: 5d27fa0 d48fba5
Author: howardkitto <ki...@gmail.com>
AuthorDate: Thu Jun 27 17:01:15 2019 +0100
Merge branch 'dev' into dta/overview
asf-site-build.sh | 35 +++++++++++++++++++++++++++++++++++
doap_Milagro.rdf | 4 ++--
2 files changed, 37 insertions(+), 2 deletions(-)
[incubator-milagro] 05/06: first start
Posted by ki...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
kittohoward pushed a commit to branch dta/overview
in repository https://gitbox.apache.org/repos/asf/incubator-milagro.git
commit 9ef5e2d4789901706aa46c10acfc72e86ed4091e
Author: howardkitto <ki...@gmail.com>
AuthorDate: Fri Jun 28 15:39:31 2019 +0100
first start
---
docs/d-ta-overview.md | 6 +++---
website/sidebars.json | 11 +++++++++--
2 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/docs/d-ta-overview.md b/docs/d-ta-overview.md
index b3f6bb9..2373ae8 100644
--- a/docs/d-ta-overview.md
+++ b/docs/d-ta-overview.md
@@ -14,10 +14,10 @@ In order to safeguard a secret, a pair of Milagro DTA servers is required: a cli
-## Milagro DTA is Not Secure (on its own)
-The key seed is the focus of the system - Milagro DTA aims to provide a method for communicating with organisations who provide services for securing seeds (Custodians), it does not prescribe how the securing should be done. We hope that many custodial services will adopt Milagro as a communication protocol and that they will bring a proffusion of security paradigms: working together we can make the Internet a safer place. The most basic implementation of Milagro should secure seeds in a [...]
+## Milagro DTA Security
+The key seed is the focus of the system - Milagro DTA aims to provide a method for communicating with organisations who provide services for securing seeds (Custodians), it does not prescribe how the securing should be done. We hope that many custodial services will adopt Milagro as a communication protocol and that they will bring a proffusion of security paradigms: working together we can make the Internet a safer place. The most basic implementation of Milagro should secure seeds in a [...]
-## The Milagro Communication Protocol
+## The Milagro DTA Communication Protocol
Milagro DTA provides a secure, distributed method of communication between beneficiaries, principals and fiduciaries. It aims to solve the following problems:
1. How can actors in the system be identified and trusted?
diff --git a/website/sidebars.json b/website/sidebars.json
index d2449f6..9dc0b2d 100644
--- a/website/sidebars.json
+++ b/website/sidebars.json
@@ -9,13 +9,20 @@
],
"AMCL Library":
[
- "amcl-overview",
- "amcl-c-api",
+ "amcl-overview",
+ "amcl-c-api",
"amcl-javascript-api"
],
"D-TA Node":
[
"d-ta-overview",
+ {
+ "type":"subcategory",
+ "label":"DTA Details",
+ "ids":[ "dta-details/identity-documents",
+ "dta-details/why-ipfs",
+ "dta-details/authentication"]
+ },
"d-ta-api"
],
"ZKP-MFA Clients/Servers": [