v0.0.4 – Enhanced Security with Delegation Validation & Request Logging

🚀 Release Notes - Verifier v0.0.4

Release Date: 2024-12-25
Tag: v0.0.4
Title: Enhanced Security with Delegation Validation and Improved Logging

---

✨ New Features

🔒 Delegation Validation

• QVI AID Delegation Enforcement:
  • The Verifier now strictly validates that the QVI AID is delegated by GLEIF or GLEIF External.
  • GLEIF must be explicitly set as the Root of Trust.
  • If the QVI AID is not properly delegated, the Verifier will respond with:
    • 401 Unauthorized: The QVI AID must be delegated if delegation is missing.
    • 401 Unauthorized: The QVI AID must be delegated from the Root of Trust if delegation is invalid.

📊 Request/Response Logging Middleware

• Enhanced Debugging and Monitoring:
  • Introduced middleware that logs detailed request and response information for all Falcon endpoints.
  • Logs include:
    • Timestamp of the request/response.
    • HTTP Method and Endpoint Path.
    • Response Status Code.
    • Response Body content.
  • Example Log:

    [2024-12-25T10:15:30] Incoming Request: POST /verify
    [2024-12-25T10:15:31] Completed Request: POST /verify
    [2024-12-25T10:15:31] Response Status: 200 OK
    [2024-12-25T10:15:31] Response Body:
    {
      "status": "success",
      "message": "Verification passed."
    }
    

---

🛠️ How to Run

To start the Verifier service, use the following command:

verifier server start --config-dir scripts --config-file verifier-config-public.json

---

📌 Summary

This release strengthens the Verifier's security by enforcing QVI AID delegation and improves observability with detailed request/response logging. These updates provide a more secure and transparent verification process.

v0.0.3 - Enhanced Configurability & Stability Improvements

📦 Verifier v0.0.3 – Release Notes (2025-01-08)

🚀 New Features

🔧 Configurable Parameters

The Verifier now supports additional configuration options for more flexibility and control:

• iurls – OOBI URLs.
• durls – Schema OOBI URLs.
• trustedLeis – List of trusted LE identifiers.
• allowedEcrRoles – Roles allowed for ECR credential authorization.
• allowedOorRoles – Roles allowed for OOR credential authorization.
• allowedSchemas – Schemas permitted for credential authorization.

🌎 Environment Variables

Easily adjust Verifier behavior with new environment variables:

• VERIFIER_ENV – Sets the environment mode (dev or production). Defaults to production.
  • In production mode, the /root_of_trust endpoint is disabled for security.
• VERIFY_ROOT_OF_TRUST – Enables/disables root of trust validation. Defaults to True.
• KERI_BASER_MAP_SIZE – Sets the LMDB database max size. Defaults to 100 MB.
• FILER_CHUNK_SIZE – Configures chunk size for file processing, optimizing memory usage.

🗑️ Automatic LMDB Cleanup

• Verified reports are now automatically removed from the LMDB database, preventing storage overflow.

---

🐞 Bug Fixes

• Resolved: Crash when uploading multiple reports due to lmdb.MapFullError: mdb_put: MDB_MAP_FULL.
  • Fix: LMDB size environment variable and automatic cleanup prevent this issue.

---

📄 Usage Example

Run the Verifier with the desired configuration:

verifier server start --config-dir scripts --config-file verifier-config-public.json

---

📌 Summary

This update enhances the Verifier's configurability, reliability, and performance.

• Customizable parameters and environment variables enable seamless integration.
• Automatic cleanup keeps the LMDB database optimized.