Summary of Next Steps

  • Pritam Singh 
    • Deploy Vault locally on MiniKube
    • Move to cloud deployment as part of multi cloud deployment
    • Guide on how to use Cactus integration in a client application, for example opentaps SAS
  • Bertrand Rioux -
    • Record video demo of full lifecycle of web socket security signing
    • Guideline documentation on when to use Fabric CA, Vault, or Web Socket
  • Harsh Sharma -
    • Get github CI pipeline working
    • Work on unit tests and integratino tests.


zoom_0.mp4

ws-identity provider demo

ws-identity server.mov

ws-identity/wallet demo update 

Screen Recording 2021-10-03 at 11.11.31 AM.mov



Hyperledger is committed to creating a safe and welcoming

community for all. For more information

please visit the Hyperledger Code of Conduct.


Time:


Dial-In Information:  [ZOOM]

You can join either from your computer or from your phone:




  • No labels

4 Comments

  1. Bertrand WILLIAMSRIOUX

    Pritam Singh Si Chen Robin Klemens Kamlesh Nagware

    Added above short demo using ws-identity server and ws-wallet packages to use FabricSigningCredentialType.WsX509 in the typescript app. Still ahd trouble seeding the fabric database with utility data, but ws-server is clearly working.

    A PR is open on cactus fabric connector. Peter has offered helpful comments to improve the ws-server function. I am using my own published version of the cactus plugin to use this in the TS app for now. Once it is approved, i'll integrate this into the latest version. 

    In the mean time working on the draft documentation, ws-identity. More to come....

    1. Si Chen

      Bertrand WILLIAMSRIOUXThank you for uploading the video.  I just watched it.  Please let me know if this is correct:

      • In the demo you have a new ws-identity server running in the background.
      • Then you used "ws-wallet get-pkh admin" to generate a public key hex for the admin user
      • You passed into /im/web-socket-session-id on the typescript app of the Fabric channel to get a session id.
      • Then you used "ws-wallet connect ${sessionId} admin" to start a web socket connection for the admin.  This return a signature for your sessionId.
      • Using the signature and sessionId and the username, you logged into the typescript app.  Then you chose ws-x509 to enroll the admin and register client1 as a user.
      • Then you used "ws-wallet get-pkh client1" to generate a public key hex for the client1 user
      • Then again you logged into the typescript app at /im/web-socket-session-id with client1's public key hex to get a session id for client1
      • Using this session id, you connected to "ws-wallet connect ${sessionId} client1" to start a web socket connection for client1 and get a signature for that connected session id.
      • You used that to login to typescript app as client1 with their session id, signature, and client1.

      So my questions are:

      1. What is the public key hex?  Is it a public version of a private key?  Do you need to generate a private key first to generate the public key hex?
      2. Are both ws-wallet and typescript app talking to your ws-identity server docker image?
      3. In production, would we deploy ws-identity on the same server as Fabric or a separate server instance?

      Finally, why are you not able to get the Fabric record/get emissions to work?  It seems you're trying to use a USA_EIA_ utility id that is not in the database at all.  Have you tried following the instructions of the Fabric utility emissions channel to get it to work?  If so then you should be able to perform the record and get emissions operations with those parameters.

      1. Bertrand WILLIAMSRIOUX

        Hi Si Chen

        First, the record/get emission transactions are now working with the WsX509 identity provider. The couchdb wasn't seeded properly...

        1. What is the public key hex?...

        It is a public address of the pub/private key pair stored in ws-wallet. See the additional video detailing contents of ws-wallet. 

        2. Are both ws-wallet and typescript app talking to your ws-identity server docker image?

        yes ws-wallet connects directly to the ws-identity server. The typescript app uses a ws-identity-client on the backend built into cactus fabric connector.  webSocketConfig (endpoint, pathPrefix) are passed into typescript app as part of IPluginLedgerConnectorFabricOptions.

        sessionId/signature authenticate the WsX509 provider to access the server's '/identity'  paths, including /sign' and '/get-pub'. The latter is used in the enrollment stage to fetch the public-key PEM used by the cactus fabric connector crypto-util (kudos Pritam Singh) to build the CSR before it is sent to ws-wallet for signing. 

        3. In production, would we deploy ws-identity on the same server as Fabric or a separate server instance?

        In my opinion it can be run separately serving ws-identity connections for multiple applications. Might be compared to Infura endpoints (???). This service should come from a trusted sources, and additional security integration should be added to ensure the service is connecting the ws-wallet to the desired application. An organization could also run its own ws-identity server within its Fabric network rack. 

  2. Bertrand WILLIAMSRIOUX

    Si Chen Pritam Singh 

    FYI i have sent a PR for the ws-identity branch https://github.com/hyperledger-labs/blockchain-carbon-accounting/pull/293. This includes new directory secure-identities with al the src code for web-socket identities.