/tunitas-scarpet

Primary LanguageC++Apache License 2.0Apache-2.0

Tunitas Scarpet

This repository contains a reference implementation of an identifier resolver and identifier (document) storage service for W3C Decentralized Identifiers. The majority of the service capability is provided through the Domain Name Service using the A DID Document is a Zone paradigm, as is described below and elsewhere. The system is "self-sovereign" in the sense that anyone (you) is able to stand up an identity service and announce identifiers, their ownership proofs and the service endpoints associated with them. There are procedures for validating the origin and veracity of the identifiers which have been published through the system.

The main body of documentation for the Tunitas family of components and services can be found with the packaging and with build system. The overview and administrative declarations herein are necessarily summary in nature. The declarations and definitions in the packaging and build system areas are complete and should be interpreted as superceding these when the two are in conflict.

Current work with modern-generation tooling, e.g. circa Fedora 36+ and GCC 12+, is occurring around the v0.1-themed feature branches.

Table of Contents

Background

The implementation herein follows the DID Specification. It provides libraries and command-line tools for creating decentralized identifiers and the service endpoint statements (called "DID Documents"). Certain aspects of the Scarpet system are offered in the form of a Service-Oriented Architecture for those use cases where a command-line offering of the capability is not appropriate.

In the Tunitas Scarpet system, the DIDs (identifiers) and DID documents (meta-data containers) are published in the Domain Name System (DNS) as autonomous zones. A description of the Domain Name System is beyond the scope of this summary document, however, some tutorial material is indicated below. Suffice it to say that a DID Document is a Zone File.

Once players have developed their identifiers, services may be offered against the identifiers which have been announced. A complete description of the practical use of decentralized identifiers is beyond the scope of this summary document. A good introductory work can be found in the Primer for Decentralized Identifiers.

DIDs are universal identifiers which are publicly announced and are prepared with service endpoints and cryptographic methods for proving their veracity and authenticity. They fit well with the Verified Credential concept, which is mentioned in the References section below. DIDs are useful for any application that benefit from self-administration, cryptographic verifiability and universality. In contrast so called "cookie-based" identifiers do not have these properties.

Some notable services which use the DIDs produced in this project are listed below. These are projects among Tunitas family of technologies

PrivacyChain

Dependencies

The DIDs and DID documents of Tunitas Scarpet are published int the Domain Name System (DNS) as zones.

Operational Dependencies

  • BIND - Berkeley Internet Name Daemon is widely available
  • DLZ - Dynamically Loadable Zones (DLZ)

Build Dependencies

The configuration step will check for many but not all required packages and operating system features. There is a list of known package-dependencies which you will need to install beyond your base operating system.

Generally, the dependencies are among:

  • Certain other components of the Tunitas system; e.g. the Basic Components.
  • A modern (C++2a) development environment.
  • A recent Fedora, but any recent Linux distro should suffice.

The Tunitas project was developed on Fedora 27 through Fedora 30 using GCC 7 and GCC 8 with -fconcepts and at least -std=c++1z. More details on the development environment and the build system can be found in temerarious-flagship.

Installation

You may install this repo and its dependents by running the following command:

git clone https://github.com/yahoo/tunitas-scarpet.git

This will create a directory called tunitas-scarpet and download the contents of this repo to it.

Alternatively, if your organization already has made available the packaged version, then the following recipe will install the service:

sudo dnf install tunitas-scarpet

Configuration

The build system is based upon GNU Autotools.

The configuration of the repo consists of two steps which must be done once.

  1. ./buildconf
  2. ./configure

The first step performs some crude assessments of the build environment and creates the site-specific configure'. Of course configure --helpwill explain the build options. The general options toconfigure` are widely documented.

The buildconf component is boilerplate and can be updated from temerarious-flagship as needed. The Tunitas Build System should be available in /opt/tunitas and the template at /opt/tunitas/share/temerarious-flagship/bc/template.autotools-buildconf

Build

The service can be built with the following recipe:

./buildconf &&
./configure &&
make &&
make check &&
make install &&
echo OK DONE

Alternatively, if your organization already has made available the packaged version, then the following recipe will install the service:

sudo dnf install tunitas-scarpet

Usage

The tools provided in this repository are command-line tools which can be used to create DIDs and their associated service statements. A simple example of the tools in use is shown following:

did-keygen --private=file.private --public=file.public
did-zonegen --zone=file.zone --public=file.public
did-publish --zone=file.zone

References

Decentralized Identifiers (DIDs)

  • did-spec - Decentralized Identifiers: Data Model and Syntaxes for Decentralized Identifiers (DIDs)
  • did-primer - A Primer for Decentralized Identifiers: An introduction to self-administered identifiers for curious people

Verifiable Credentials (VC)

Domain Name System (DNS) and Berkeley Internet Name Daemon (BIND)

Security

The Tunitas Scarpet tooling and service-practice is intended to facilitate the publication of structured meta-data which is indexed by the Decentralized Identifiers. The system allows individuals to fully control the identifiers and meta-data which to conveys information them. The best practices for secure operations of DID Resolvers and DID Registries is described in Section 10 of the specification document The system, as it would be used in commercial practice, must not be used to convey so-called personally-identifying information (PII), or other proscribed information classes. These considerations are described in Section 11 of the aforementioned specification document. While there are no known security implications around this business practice, there is significant interest in the practice by both jurisdictional commercial regulatory bodies (rules, regulations, laws) as well as voluntary trade representation bodies (self-regulatory codes). Care should be taken in the operation of this service.

Server Containers

Macroservice Approach

Microservice Approach

Contribute

Please refer to the contributing.md file for information about how to get involved. We welcome issues, questions, and pull requests. Pull Requests are welcome.

Maintainers

You may contact us at least at tunitas@yahooinc.com

License

This project is licensed under the terms of the Apache 2.0 open source license. Please refer to LICENSE for the full terms.

Origin of the Name

Scarpet Peak is one of the Summits in San Mateo County, California. Also interesting is the colorful history of the names Scarper, Scarpet, Scarpa.