Tunitas Scarpet
This repository contains a reference implementation of an identifier resolver and identifier (document) storage service for W3C Decentralized Identifiers. The majority of the service capability is provided through the Domain Name Service using the A DID Document is a Zone paradigm, as is described below and elsewhere. The system is "self-sovereign" in the sense that anyone (you) is able to stand up an identity service and announce identifiers, their ownership proofs and the service endpoints associated with them. There are procedures for validating the origin and veracity of the identifiers which have been published through the system.
The main body of documentation for the Tunitas family of components and services can be found with the packaging and with build system. The overview and administrative declarations herein are necessarily summary in nature. The declarations and definitions in the packaging and build system areas are complete and should be interpreted as superceding these when the two are in conflict.
Current work with modern-generation tooling, e.g. circa Fedora 36+ and GCC 12+, is occurring around the v0.1-themed feature branches.
Table of Contents
- Background
- Dependencies
- Installation
- Configuration
- Build
- Usage
- References
- Security
- Contribute
- License
- Origin of the Name
Background
The implementation herein follows the DID Specification. It provides libraries and command-line tools for creating decentralized identifiers and the service endpoint statements (called "DID Documents"). Certain aspects of the Scarpet system are offered in the form of a Service-Oriented Architecture for those use cases where a command-line offering of the capability is not appropriate.
In the Tunitas Scarpet system, the DIDs (identifiers) and DID documents (meta-data containers) are published in the Domain Name System (DNS) as autonomous zones. A description of the Domain Name System is beyond the scope of this summary document, however, some tutorial material is indicated below. Suffice it to say that a DID Document is a Zone File.
Once players have developed their identifiers, services may be offered against the identifiers which have been announced. A complete description of the practical use of decentralized identifiers is beyond the scope of this summary document. A good introductory work can be found in the Primer for Decentralized Identifiers.
DIDs are universal identifiers which are publicly announced and are prepared with service endpoints and cryptographic methods for proving their veracity and authenticity. They fit well with the Verified Credential concept, which is mentioned in the References section below. DIDs are useful for any application that benefit from self-administration, cryptographic verifiability and universality. In contrast so called "cookie-based" identifiers do not have these properties.
Some notable services which use the DIDs produced in this project are listed below. These are projects among Tunitas family of technologies
PrivacyChain
- Tunitas Montara, a micro-service approach ot the "North-facing" API
- Tunitas Apanolio, a macro service approach to that API.
Dependencies
The DIDs and DID documents of Tunitas Scarpet are published int the Domain Name System (DNS) as zones.
Operational Dependencies
Build Dependencies
The configuration step will check for many but not all required packages and operating system features. There is a list of known package-dependencies which you will need to install beyond your base operating system.
Generally, the dependencies are among:
- Certain other components of the Tunitas system; e.g. the Basic Components.
- A modern (C++2a) development environment.
- A recent Fedora, but any recent Linux distro should suffice.
The Tunitas project was developed on Fedora 27 through Fedora 30 using GCC 7 and GCC 8 with -fconcepts
and at least -std=c++1z
. More details on the development environment and the build system can be found in temerarious-flagship.
Installation
You may install this repo and its dependents by running the following command:
git clone https://github.com/yahoo/tunitas-scarpet.git
This will create a directory called tunitas-scarpet
and download the contents of this repo to it.
Alternatively, if your organization already has made available the packaged version, then the following recipe will install the service:
sudo dnf install tunitas-scarpet
Configuration
The build system is based upon GNU Autotools.
The configuration of the repo consists of two steps which must be done once.
./buildconf
./configure
The first step performs some crude assessments of the build environment and creates the site-specific configure'. Of course
configure --helpwill explain the build options. The general options to
configure` are widely documented.
The buildconf
component is boilerplate and can be updated from temerarious-flagship as needed. The Tunitas Build System should be available in /opt/tunitas
and the template at /opt/tunitas/share/temerarious-flagship/bc/template.autotools-buildconf
Build
The service can be built with the following recipe:
./buildconf &&
./configure &&
make &&
make check &&
make install &&
echo OK DONE
Alternatively, if your organization already has made available the packaged version, then the following recipe will install the service:
sudo dnf install tunitas-scarpet
Usage
The tools provided in this repository are command-line tools which can be used to create DIDs and their associated service statements. A simple example of the tools in use is shown following:
did-keygen --private=file.private --public=file.public
did-zonegen --zone=file.zone --public=file.public
did-publish --zone=file.zone
References
Decentralized Identifiers (DIDs)
- did-spec - Decentralized Identifiers: Data Model and Syntaxes for Decentralized Identifiers (DIDs)
- did-primer - A Primer for Decentralized Identifiers: An introduction to self-administered identifiers for curious people
Verifiable Credentials (VC)
- verifiable-claims-use-cases - Verifiable Claims Use Cases
- verifiable-claims-data-model - Verifiable Credentials Data Model 1.0: Expressing verifiable information on the Web
Domain Name System (DNS) and Berkeley Internet Name Daemon (BIND)
- Dynamically Loadable Zones (DLZ) - BIND 9 Annotated Reference Manual
- Using DLZ in BIND
- BIND DLZ
Security
The Tunitas Scarpet tooling and service-practice is intended to facilitate the publication of structured meta-data which is indexed by the Decentralized Identifiers. The system allows individuals to fully control the identifiers and meta-data which to conveys information them. The best practices for secure operations of DID Resolvers and DID Registries is described in Section 10 of the specification document The system, as it would be used in commercial practice, must not be used to convey so-called personally-identifying information (PII), or other proscribed information classes. These considerations are described in Section 11 of the aforementioned specification document. While there are no known security implications around this business practice, there is significant interest in the practice by both jurisdictional commercial regulatory bodies (rules, regulations, laws) as well as voluntary trade representation bodies (self-regulatory codes). Care should be taken in the operation of this service.
Server Containers
Macroservice Approach
Microservice Approach
- etr/libhttpserver
- microhttpd
- libmicrohttpd, forked as libmicrohttpd
Contribute
Please refer to the contributing.md file for information about how to get involved. We welcome issues, questions, and pull requests. Pull Requests are welcome.
Maintainers
- Wendell Baker wbaker@yahooinc.com
- The Tunitas Team at Yahoo.
You may contact us at least at tunitas@yahooinc.com
License
This project is licensed under the terms of the Apache 2.0 open source license. Please refer to LICENSE for the full terms.
Origin of the Name
Scarpet Peak is one of the Summits in San Mateo County, California. Also interesting is the colorful history of the names Scarper, Scarpet, Scarpa.