Skip to content

Commit

Permalink
Merge branch 'indy-besu' of https://github.com/DSRCorporation/indy-node
Browse files Browse the repository at this point in the history 
… into feat/quorum-handler

Signed-off-by: DenisRybas <[email protected]>
  • Loading branch information
@DenisRybas
DenisRybas committed Dec 5, 2023
2 parents b93fbf2 + dca3cdc commit 27af1d2
Show file tree
Hide file tree
Showing 46 changed files with 762 additions and 499 deletions.
37 changes: 35 additions & 2 deletions indy-besu/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,43 @@
# Indy ledger

This project aims to provide a replacement for Hyperledger Indy blockchain that provides support for verifiable credentials.
## Goals and ideas

* Provide a replacement for [Hyperledger Indy](https://www.hyperledger.org/projects/hyperledger-indy) ecosystem that provides support for verifiable credentials:
* Components to replace:
* Distributed ledger: [Indy Node](https://github.com/hyperledger/indy-node) and [Indy Plenum](https://github.com/hyperledger/indy-plenum)
* Client library: [Indy SDK](https://github.com/hyperledger/indy-sdk/tree/main)
* Capability to migrate the data from the original Indy Ledger
* Distributed ledger requirements:
* Public Permissioned Blockchain
* Control the validator nodes
* Control the user permissions
* EVM compatible Blockchain
* Capability to deploy on different networks
* Based on existing open-source blockchain framework with a good performance, sufficient adoption, and wide community
* Capability to work without tokens and fees
* Stable consensus protocol
* Functional requirements:
* Interoperability:
* Capability to use existing DID's and identifiers:
* Support [indy](https://hyperledger.github.io/indy-did-method/) DID method
* Support [sov](https://sovrin-foundation.github.io/sovrin/spec/did-method-spec-template.html) DID method
* Identifiers previously stored on the client side should be resolvable on the new Ledger
* Capability to use the ledger as an [AnonCreds Registry](https://hyperledger.github.io/anoncreds-methods-registry/)
* Compatibility with the latest [AnonCreds Specification](https://hyperledger.github.io/anoncreds-spec/)
* Extensibility:
* Capability to integrate new pieces of functionality easily
* Capability to use [ETHR](https://github.com/decentralized-identity/ethr-did-resolver/blob/master/doc/did-method-spec.md) DID method
* Integration with the [AnonCreds Registry](https://hyperledger.github.io/anoncreds-methods-registry/)
* Integration with `Permissioned` modules
* Data validity:
* Neglect `gas` efficiency in favour general validation of the stored data
* Basic [DID Documents](https://www.w3.org/TR/did-core/) validation
* Basic [AnonCreds entities](https://hyperledger.github.io/anoncreds-spec/#anoncreds-setup-data-flow) validation
* Basic state consistency validation

## Design documentation

See [README.md](/docs/README.md).
See [design document](./docs/README.md) covering the main ledger aspects.

## Running local network

Expand Down
19 changes: 13 additions & 6 deletions indy-besu/docs/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,18 @@
## Design documents

- [Auth model](design/auth.md)
- [DID Method](design/did-doc.md)
- [CL Registry](design/cl-registry.md)
- [VDR](design/vdr.md)
- [Validators node management](design/network.md)
- [Upgrading contracts](design/upgradability.md)
### Modules

- Network Permission modules:
- [Auth](design/auth.md) - control user permissions
- role control - manage roles assigned to accounts
- access control - first level validation: whether to accept write transactions (execute target contract method) from a given account
- [Upgrading contracts](design/upgradability.md) - control versions of deployed contracts (proposing and approving new versions).
- [Validators node management](design/network.md) - control the list of network validator nodes
- [DID Methods](design/did-registry.md) - Supported DID methods
- Registries:
- [DID Document Registry](design/did-registry.md)
- [CL Registry](design/cl-registry.md)
- [VDR](design/vdr.md) - design of VDR library

## Migration documents

Expand Down
164 changes: 99 additions & 65 deletions indy-besu/docs/design/auth.md
View file
Original file line number Diff line number Diff line change
@@ -1,69 +1,19 @@
# Auth model

## Roles
## Role control

| Label | Value |
|----------|-----------|
| Trustee | 1 |
| Endorser | 2 |
| Steward | 3 |
Contract to manage roles assigned to accounts.

## Account role management
### Roles

| Contract | Method | Value | Required Role | Action Description |
|-------------|------------|------------|---------------|------------------------------------------|
| RoleControl | hasRole | - | any | Check if an account has a requested role |
| RoleControl | getRole | - | any | Get account role |
| RoleControl | assignRole | Trustee | Trustee | Assign Trustee role to an account |
| RoleControl | assignRole | Endorser | Trustee | Assign Endorser role to an account |
| RoleControl | assignRole | Steward | Trustee | Assign Steward role to an account |
| RoleControl | revokeRole | Trustee | Trustee | Revoke Trustee role from an account |
| RoleControl | revokeRole | Endorser | Trustee | Assign Endorser role to an account |
| RoleControl | revokeRole | Steward | Trustee | Assign Steward role to an account |

## Validator nodes management

| Contract | Method | Required Role | Action Description |
|------------------|-----------------|---------------|-----------------------------------------|
| ValidatorControl | getValidators | any | Get the list of current validator nodes |
| ValidatorControl | addValidator | Steward | Add new validator node |
| ValidatorControl | removeValidator | Steward | Remove validator node |

## DID Document management

| Contract | Method | Required Role | Action Description |
|---------------|--------------------------------|-----------------------------|---------------------------------|
| DidRegistry | createDid | Trustee, Endorser, Steward | Create a new DID Document |
| DidRegistry | updateDid | DID owner | Update DID an existing Document |
| DidRegistry | deactivateDid | DID owner | Deactivate an existing DID |
| DidRegistry | resolveDid | any | Resolve DID Document for a DID |
| Label | Value |
|--------------------|----------------------------------------|
| Trustee | 1 |
| Endorser | 2 |
| Steward | 3 |
| User without role | 0 / "null" (not present on the ledger) |

## CL Registry management

| Contract | Method | Required Role | Action Description |
|------------------------------|-----------------------------|-----------------------------|------------------------------------------|
| SchemaRegistry | createSchema | Trustee, Endorser, Steward | Create a new Schema |
| SchemaRegistry | resolveSchema | any | Resolve Schema by id |
| CredentialDefinitionRegistry | createCredentialDefinition | Trustee, Endorser, Steward | Create a new Credential Definition |
| CredentialDefinitionRegistry | resolveCredentialDefinition | any | Resolve Credential Definition by id |

## Contract upgrade management

| Contract | Method | Required Role | Action Description |
|-------------------|---------------------------|-------------------|--------------------------------------------------------------------------|
| UpgradeControl | propose | Trustee | Propose the upgrade of a specefic contract implementation |
| UpgradeControl | approve | Trustee | Approve the upgrade of a specefic contract implementation |
| UpgradeControl | ensureSufficientApprovals | any | Ensures that an implementation upgrade has received sufficient approvals |

## Transactions managment

| Transaction | Required Role | Action Description |
|--------------------------|-----------------------------|--------------------------------------------------|
| Deploy contract | Trustee | Deploy a new contract |
| Modify contract state | Trustee, Endorser, Steward | Execute contract method to modify its state |
| Read contract state | any | Execute contract method to read its state |

## Storage format
### Storage format

* Roles collection:
* Description: Mapping holding the list of accounts with roles assigned to them. Accounts which does not have any role assigned are not present in the list.
Expand Down Expand Up @@ -97,11 +47,11 @@
}
```
## Transactions (Smart Contract's methods)
### Transactions (Smart Contract's methods)
Contract name: **RoleControl**
### Check if account has role assigned
#### Check if account has role assigned
* Method: `hasRole`
* Description: Transaction to check if an account has requested role assigned.
Expand All @@ -122,7 +72,7 @@ Contract name: **RoleControl**
```
* Raised Event: None
### Get account role
#### Get account role
* Method: `getRole`
* Description: Transaction to get the role assigned to an account
Expand All @@ -141,7 +91,7 @@ Contract name: **RoleControl**
```
* Raised Event: None
### Assign role to an account
#### Assign role to an account
* Method: `assignRole`
* Description: Transaction to assign role to an account
Expand All @@ -163,7 +113,7 @@ Contract name: **RoleControl**
* Raised Event:
* RoleAssigned(ROLE, account, sender)
### Revoke role from an account
#### Revoke role from an account
* Method: `revokeRole`
* Description: Transaction to revive role from an account
Expand All @@ -185,3 +135,87 @@ Contract name: **RoleControl**
* Raised Event:
* RoleRevoked(ROLE, account, sender)
## Access control
The first level validation whether to accept write transactions (execute target contract method) from a given account or not.
### Transactions (Smart Contract's methods)
Contract name: **transactionAllowed**
#### Check if sender can perform an action
* Method: `transactionAllowed`
* Description: Transaction to check whether to accept a transaction received from a given account.
* Restrictions: None
* Format
```
AccountControl.transactionAllowed(
address sender,
address target,
uint256 value,
uint256 gasPrice,
uint256 gasLimit,
bytes calldata payload
) returns (bool)
```
* Raised Event: None
## Ledger Permissions
### Account role management
| Contract | Method | Value | Required Role | Action Description |
|-------------|------------|------------|---------------|------------------------------------------|
| RoleControl | hasRole | - | any | Check if an account has a requested role |
| RoleControl | getRole | - | any | Get account role |
| RoleControl | assignRole | Trustee | Trustee | Assign Trustee role to an account |
| RoleControl | assignRole | Endorser | Trustee | Assign Endorser role to an account |
| RoleControl | assignRole | Steward | Trustee | Assign Steward role to an account |
| RoleControl | revokeRole | Trustee | Trustee | Revoke Trustee role from an account |
| RoleControl | revokeRole | Endorser | Trustee | Assign Endorser role to an account |
| RoleControl | revokeRole | Steward | Trustee | Assign Steward role to an account |
### Validator nodes management
| Contract | Method | Required Role | Action Description |
|------------------|-----------------|---------------|-----------------------------------------|
| ValidatorControl | getValidators | any | Get the list of current validator nodes |
| ValidatorControl | addValidator | Steward | Add new validator node |
| ValidatorControl | removeValidator | Steward | Remove validator node |
### DID Document management
| Contract | Method | Required Role | Action Description |
|---------------|--------------------------------|-----------------------------|---------------------------------|
| DidRegistry | createDid | Trustee, Endorser, Steward | Create a new DID Document |
| DidRegistry | updateDid | DID owner | Update DID an existing Document |
| DidRegistry | deactivateDid | DID owner | Deactivate an existing DID |
| DidRegistry | resolveDid | any | Resolve DID Document for a DID |
### CL Registry management
| Contract | Method | Required Role | Action Description |
|------------------------------|-----------------------------|-----------------------------|------------------------------------------|
| SchemaRegistry | createSchema | Trustee, Endorser, Steward | Create a new Schema |
| SchemaRegistry | resolveSchema | any | Resolve Schema by id |
| CredentialDefinitionRegistry | createCredentialDefinition | Trustee, Endorser, Steward | Create a new Credential Definition |
| CredentialDefinitionRegistry | resolveCredentialDefinition | any | Resolve Credential Definition by id |
### Contract upgrade management
| Contract | Method | Required Role | Action Description |
|-------------------|---------------------------|-------------------|--------------------------------------------------------------------------|
| UpgradeControl | propose | Trustee | Propose the upgrade of a specefic contract implementation |
| UpgradeControl | approve | Trustee | Approve the upgrade of a specefic contract implementation |
| UpgradeControl | ensureSufficientApprovals | any | Ensures that an implementation upgrade has received sufficient approvals |
### General transactions management
| Transaction | Required Role | Action Description |
|--------------------------|----------------------------------------|--------------------------------------------------|
| Deploy contract | Trustee | Deploy a new contract |
| Modify contract state | Per contract method as described above | Execute contract method to modify its state |
| Read contract state | any | Execute contract method to read its state |
5 changes: 2 additions & 3 deletions indy-besu/docs/design/cl-registry.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ Contract name: **SchemaRegistry**
* Schema must have name.
* Schema must contain at least one attribute.
* Schema must have version.
* Corresponding issuer DID must exist and be active.
* Corresponding issuer DID must exist, be active, and owned by sender.
* Format:
```
SchemaRegistry.createSchema(Schema schema)
Expand Down Expand Up @@ -127,7 +127,6 @@ Contract name: **SchemaRegistry**
)
* Raised Event: None
## Credential Definition
### ID Syntax
Expand Down Expand Up @@ -217,7 +216,7 @@ Contract name: **CredentialDefinitionRegistry**
* Description: Transaction to create a new AnonCreds Credential Definition
* Restrictions:
* Credential Definition must be unique.
* Corresponding issuer DID must exist and be active.
* Corresponding issuer DID must exist, be active, and owned by sender.
* Corresponding schema must exist.
* Format:
```
Expand Down
46 changes: 46 additions & 0 deletions indy-besu/docs/design/did-methods.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
# DID Methods

Out of box Ledger provides an ability to use one of two supported DID methods: `did:ethr` or `did:indy`.

Contracts implementing both methods are deployed on the network and integrated with `CL Registry`.

Ledger `permission` related modules are implemented in a way to use **account address** but not a DID.

It is up to a User which DID method to use.

> Moreover, users having an appropriate permissions can even deploy contracts adding support for another DID methods
> (need to integrate into `CLRegistry`).
## Ethereum DID method: did:ethr

Ethereum DID Method `did:ethr` described in
the [specification](https://github.com/decentralized-identity/ethr-did-resolver/blob/master/doc/did-method-spec.md).

Example DID: `did:ethr:0xf39fd6e51aad88f6f4ce6ab8827279cfffb92266`

## Indy2 DID method: did:indy2 - Indy/Sov DID methods adoption

New `indy2` DID method represented in a form compatible with `indy` and `sov` DID methods used in legacy Indy based
networks.

Users having `indy/sov` DID's (like `did:sov:2wJPyULfLLnYTEFYzByfUR`) can keep using their `id`
part (`2wJPyULfLLnYTEFYzByfUR`) for preserving the trust.

Example:

* Legacy DID: `did:sov:2wJPyULfLLnYTEFYzByfUR`
* New DID will be stored on the Ledger: `did:indy2:2wJPyULfLLnYTEFYzByfUR`

### DID Syntax

| parameter | value |
|--------------------|---------------------------------------------------------|
| did | “did:” method-name “:” namespace “:” method-specific-id |
| method-name | "indy2" |
| namespace | “testnet”/"mainnet" |
| method-specific-id | indy-id |
| indy-id | Base58(Truncate_msb(16(SHA256(publicKey)))) |

The `indy-id` is received by deriving from the initial ED25519 verkey the same was as it is described in
the [Sovrin DID Method Specification](https://sovrin-foundation.github.io/sovrin/spec/did-method-spec-template.html#namespace-specific-identifier-nsi).

11 changes: 1 addition & 10 deletions indy-besu/docs/design/did-doc.md → indy-besu/docs/design/did-registry.md
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,4 @@
# DID Method

## DID Syntax
| parameter | value |
|--------------------|---------------------------------------------------------|
| did | “did:” method-name “:” namespace “:” method-specific-id |
| method-name | "indy2" |
| namespace | “testnet”/"mainnet" |
| method-specific-id | indy-id / UUID |
| indy-id | Base58(Truncate_msb(16(SHA256(publicKey)))) |
# DID Registry

## Storage format

Expand Down
4 changes: 2 additions & 2 deletions indy-besu/docs/design/network.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
## Validators node management
# Validators node management

### Storage format
## Storage format

* Validators list:
* Description: List of current validator node addresses
Expand Down
Loading

0 comments on commit 27af1d2

Please sign in to comment.