Summary of Next Steps
- Pritam Singh -
- Deploy Vault locally on MiniKube
- Move to cloud deployment as part of multi cloud deployment
- Guide on how to use Cactus integration in a client application, for example opentaps SAS
- Bertrand Rioux -
- Record video demo of full lifecycle of web socket security signing
- Guideline documentation on when to use Fabric CA, Vault, or Web Socket
- Harsh Sharma -
- Get github CI pipeline working
- Work on unit tests and integratino tests.
ws-identity provider demo
ws-identity/wallet demo update
Hyperledger is committed to creating a safe and welcoming community for all. For more information please visit the Hyperledger Code of Conduct. |
---|
Time:
- Monday at 09 AM Pacific
- Add Climate Action and Accounting SIG calls to your calendar
Dial-In Information: [ZOOM]
You can join either from your computer or from your phone:
- From computer: https://zoom.us/j/6223336701?pwd=dkJKdHRlc3dNZEdKR1JYdW40R2pDUT09
- From phone: +1(855)880-1246 (toll free US number) or view International numbers
Meeting ID: 622 333 6701
4 Comments
Bertrand WILLIAMSRIOUX
Pritam Singh Si Chen Robin Klemens Kamlesh Nagware
Added above short demo using ws-identity server and ws-wallet packages to use FabricSigningCredentialType.WsX509 in the typescript app. Still ahd trouble seeding the fabric database with utility data, but ws-server is clearly working.
A PR is open on cactus fabric connector. Peter has offered helpful comments to improve the ws-server function. I am using my own published version of the cactus plugin to use this in the TS app for now. Once it is approved, i'll integrate this into the latest version.
In the mean time working on the draft documentation, ws-identity. More to come....
Si Chen
Bertrand WILLIAMSRIOUXThank you for uploading the video. I just watched it. Please let me know if this is correct:
So my questions are:
Finally, why are you not able to get the Fabric record/get emissions to work? It seems you're trying to use a USA_EIA_ utility id that is not in the database at all. Have you tried following the instructions of the Fabric utility emissions channel to get it to work? If so then you should be able to perform the record and get emissions operations with those parameters.
Bertrand WILLIAMSRIOUX
Hi Si Chen
First, the record/get emission transactions are now working with the WsX509 identity provider. The couchdb wasn't seeded properly...
It is a public address of the pub/private key pair stored in ws-wallet. See the additional video detailing contents of ws-wallet.
2. Are both ws-wallet and typescript app talking to your ws-identity server docker image?
yes ws-wallet connects directly to the ws-identity server. The typescript app uses a ws-identity-client on the backend built into cactus fabric connector. webSocketConfig (endpoint, pathPrefix) are passed into typescript app as part of IPluginLedgerConnectorFabricOptions.
sessionId/signature authenticate the WsX509 provider to access the server's '/identity' paths, including /sign' and '/get-pub'. The latter is used in the enrollment stage to fetch the public-key PEM used by the cactus fabric connector crypto-util (kudos Pritam Singh) to build the CSR before it is sent to ws-wallet for signing.
3. In production, would we deploy ws-identity on the same server as Fabric or a separate server instance?
In my opinion it can be run separately serving ws-identity connections for multiple applications. Might be compared to Infura endpoints (???). This service should come from a trusted sources, and additional security integration should be added to ensure the service is connecting the ws-wallet to the desired application. An organization could also run its own ws-identity server within its Fabric network rack.
Bertrand WILLIAMSRIOUX
Si Chen Pritam Singh
FYI i have sent a PR for the ws-identity branch https://github.com/hyperledger-labs/blockchain-carbon-accounting/pull/293. This includes new directory secure-identities with al the src code for web-socket identities.