Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expose service identity as a did:web document #5390

Closed
achamayou opened this issue Jun 21, 2023 · 2 comments
Closed

Expose service identity as a did:web document #5390

achamayou opened this issue Jun 21, 2023 · 2 comments
Labels
enhancement

Comments

@achamayou
Copy link
Member

See microsoft/scitt-ccf-ledger#53 and microsoft/scitt-ccf-ledger#88 for history.

This information is exposed now in the JSON & C++ receipts as "service_endorsements":

CCF/include/ccf/receipt.h

Line 30 in b78c1d0

std::vector<crypto::Pem> service_endorsements = {};
, but not in a did/jwk-friendly format.

This is partially implemented in the SCITT ledger now, but would be useful to bring back to CCF generally, for any user who wants a service identity history in a different format. To be defined and implemented is the way key validity ranges are indicated, perhaps by defining additional possible values for use, such as "sig:from:2.54:to:5.7869", or by using a new field in the key.
@achamayou achamayou added this to the 4.x milestone Jun 21, 2023
@achamayou achamayou removed this from the 4.x milestone Jan 25, 2024
@achamayou
Copy link
Member Author

SCITT has now moved on from did:web, and instead specifies something much closer to openid-configuration, and SCITT/application-specific that does make sense in a generic CCF context:

2.1.1.  Transparency Configuration

   Authentication SHOULD NOT be implemented for this endpoint.  This
   endpoint is used to discovery the capabilites of a transparency
   service implementing this specification.

   Request:

   GET /.well-known/transparency-configuration HTTP/1.1
   Host: transparency.example
   Accept: application/json

   Response:

Birkholz, et al.        Expires 5 September 2024                [Page 5]
Internet-Draft                   SCRAPI                       March 2024

   HTTP/1.1 200 Ok
   Content-Type: application/json

   {
     "issuer": "https://transparency.example",
     "registration_endpoint": "https://transparency.example/entries",
     "nonce_endpoint": "https://transparency.example/nonce",

     "registration_policy": \
   "https://transparency.example\
   /statements/urn:ietf:params:scitt:statement\
   :sha-256:base64url:5i6UeRzg1...qnGmr1o",

     "supported_signature_algorithms": ["ES256"],
     "jwks": {
       "keys": [
         {
           "kid": "urn:ietf:params:oauth:\
   jwk-thumbprint:sha-256:DgyowWs04gfVRim5i1WlQ-HFFFKI6Ltqulj1rXPagRo",
           "alg": "ES256",
           "use": "sig",
           "kty": "EC",
           "crv": "P-256",
           "x": "p-kZ4uOASt9IjQRTrWikGnlbGb-z3LU1ltwRjZaOS9w",
           "y": "ymXE1yltJPXgjQSRe9NweN3TLlSUALYZTzy83NVfdg0"
         },
         {
           "kid": "urn:ietf:params:oauth:\
   jwk-thumbprint:sha-256:4Fzx5HO1W0ob9CZNc3RJx28Ixpgy9JAFM8jyXKW0ClE",
           "alg": "HPKE-Base-P256-SHA256-AES128GCM",
           "use": "enc",
           "kty": "EC",
           "crv": "P-256",
           "x": "Vreuil95vzR6ixutgBBf2ota-rj97MvKfuJWB4qqp5w",
           "y": "NkUTeaoNlLRRsVRxHGDA-RsA0ex2tSpcd3G-4SmKXbs"
         }
       ]
     }
   }

@achamayou achamayou closed this as not planned Won't fix, can't repro, duplicate, stale May 9, 2024
@achamayou
Copy link
Member Author

FYI @ivarprudnikov @andpiccione @vimauro

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@achamayou