decentralized-id.github.io/_posts/identosphere-dump/open-source-projects/tools-code.md
2022-12-03 02:23:23 -05:00

37 KiB
Raw Blame History

published
false
  • Open API for Interoperable Traceability CCG

    resolve:dids - Grants permission to resolve DIDsissue:credentials - Grants permission issue Verifiable Credentialsverify:credentials - Grants permission verify Verifiable Credentialsread:credentials - Grants permission to get Verifiable Credentialsupdate:credentials - Grants permission to update the status of Verifiable Credentialsprove:presentations - Grants permission to prove Verifiable Presentationsverify:presentations - Grants permission verify Verifiable Presentationssubmit:presentations - Grants permission to submit Verifiable Presentations

Tools

  • Beginners Guide to JWTs

    A JWT is a structured security token format used to encode JSON data. The main reason to use JWT is to exchange JSON data in a way that can be cryptographically verified. There are two types of JWTs:

  • JSON Web Signature (JWS)
  • JSON Web Encryption (JWE) The data in a JWS is public—meaning anyone with the token can read the data—whereas a JWE is encrypted and private. To read data contained within a JWE, you need both the token and a secret key.
  • A back-end authenticating users by their wallet addressed - their Decentralized Identifiers.
  • A registration model capable of requesting users for data stored in its user-centric cloud storage, the Data Vault.
  • A front-end capable of interacting with any wallet that the user chooses, with a pre-designed user experience for registration and login.
  • Compatibility with a unified platform where the user can control their identity and information, the RIF Identity Manager.

Code: https://github.com/swiss-ssi-group/MattrGlobalAspNetCore

This article shows how use verifiable credentials stored on a digital wallet to verify a digital identity and use in an application. For this to work, a trust needs to exist between the verifiable credential issuer and the application which requires the verifiable credentials to verify. A blockchain decentralized database is used and MATTR is used as a access layer to this ledger and blockchain. The applications are implemented in ASP.NET Core.

  • Gordian QR Tool Supports Vaccine Records, 2FAs, Cryptoseeds, and More Blockchain Commons

    Some possible architectural issues arise from using QR codes for confidential data, such as the fact that youre actually transmitting the data (not a proof of the data), that the QRs tend to contain all of the data (not just a selection), and that theres no way to rescind a QR or expire it. Those issues will have to be dealt with at a foundational level as we figure out what can safely be encoded as a QR — and more importantly how to offer restricted proofs rather than complete information.

  • Build an SSI proof of concept in <30 minutes by Riley Hughes

The session began with a short introduction to SSI, an introduction to Trinsic, and an overview of how to get started. Then, everybody present starting building an SSI proof of concept, creating issuers, verifiers, and schemas to learn first-hand how it all works. A step-by-step guide on how to replicate this session can be found at the following link:

This session had the objective to present a solution to the problem of forking when developing new mobile agents. With the current starting kits available in the community it is very easy to start a path where it is almost impossible to retrofit updates to the kit back into our custom agent.

The solution consists in using a framework-first approach and ensuring that custom code can reside exclusively outside of the framework, thus ensuring updates can be executed more easily.

The following link can be used as the public url for the project:

Code

Rust, FFI, Code generation, language bindings, UDL

At Anonyome Labs we value well-written code that has good tests. This is a guide on how we go about producing useful and meaningful tests for our Android code. Testing approach: SDK or app?

In this post Im going to list all 40 of Patricks original falsehoods, but give you an example (or two) drawn from my experiences working in this space. Ready? Lets go!

  1. People have exactly one canonical full name.
  2. People have exactly one full name which they go by.

A short note to point folks at Seth Godins recent podcast about Project Debt. He covers some great topics:

  • Technical Debt Seth covers it well but missed a major cause of technical debt. That being the shortcuts that are taken to meet deadlines and requirements with the hope/fantasy that well go back and do them right later (hint: we never do).
  • Project Debt
  • Why saying NO to those simple things may be the best thing. For some hints on how to do that see Say No With Grace.

Give it a listen on Overcast (my fave) or  Apple Podcasts.

TLDR: The Me2B Alliance believes apps including the AskingPoint SDK should be safe from malicious redirects or other exploits.

You can test our API in the sandbox testnet by simply switching the toggle to test mode. To get started; create a free account, log into your dashboard and acquire your API key.

HowTo

For example, this update formats address fields to make them more readable; formats names and proper nouns where possible; makes URLs, telephone numbers and email addresses clickable; highlights images and icons for better trust and brand signaling; and creates basic rules for language localization that adjust to a users device settings.

there are many known DID methods, but most of them require you to have a digital identity wallet 🔒, where you will keep a seed (private key 🔑.

While this may sound convenient for many of us, it comes with its shortcomings as well.

Our goal is to make the process of building trust easier and more effective for creators. With that in mind, were sharing an overview of our plan to address the pain points of creators and marketplaces in the NFT space using identity tools.

This project implements a user authentication flow leveraging an Ethereum wallet for single sign on capabilities across all of Web3.

The technologies used are DID (decentralized identifiers), Ceramic, 3id-connect, and Self.ID

MSFT does know how to do to JSON-LD they just pretend not to

DTDL is based on JSON-LD and is programming-language independent. DTDL isn't exclusive to Azure Digital Twins, but is also used to represent device data in other IoT services such as IoT Plug and Play.

The 3Box Labs team recently published a new standard for creating capability containers for accessing decentralized data to the Chain Agnostic Standards Alliance. Capability containers are an approach for managing advanced data security and permissions, commonly referred to as “Object Capabilities” or “OCAPs.”

This new standard is currently in development for use on Ceramic. Once deployed in a future version of the protocol, it will allow Ceramic to be fully compatible with the new Sign-in with Ethereum (SIWE) specification as well as provide advanced data flow control features for resources stored on the Ceramic network.

Indicio Thought Leadership

Introducing the SSI Kit, which offers developers and organisations an easy and fast way to use Self-Sovereign Identity (SSI).

we spoke to a range of participants who are or who have felt excluded from financial systems for different reasons and well be sharing these stories over the next few months. This research is the foundation for Women in Identity to build an Identity Code of Conduct — a set of guiding principles and a framework for inclusive ID-product development.

early experiment with Sign in With Ethereum + auth0

usernameless + passwordless auth

Support for @MetaMask, walletlink

profile enriched with ENS + NFTs through @graphprotocol

Interested? discuss https://discord.gg/rkjYHWHJ

Our goal was to put the power back into the hands of users who do not have any coding knowledge or experience, to accelerate the time to configure and launch an entire Trusted Decentralized Digital Identity peer-to-peer ecosystem

The tbDEX protocol facilitates decentralized networks of exchange between assets by providing a framework for establishing social trust, utilizing decentralized identity (DID) and verifiable credentials (VCs) to establish the provenance of identity in the real world.

JSON Web Tokens, or JWTs for short, are all over the web. They can be used to track bits of information about a user in a very compact way and can be used in APIs for authorization purposes. This post will cover what JSON Web Tokens are and how to create JWTs in Python using the most popular JWT library: PyJWT. We are also going to see how you can sign and verify JWTs in Python using asymmetric algorithms.

“why would I read your code?” To be clear, when I say I, I dont mean me, I mean you. And when I say your code I also mean you, but in the third person. So really what Im asking is, “why would you read another persons code?”

We're replacing the popular IDX runtime with a more powerful set of tools for building applications on Ceramic including DID DataStore, DataModels, and Self.ID.

As the Lead Developer, a big part of my role is to build Gravitys decentralized identity protocol and blockchain architecture on Tezos.

Sphereon has developed a Typescript/Javascript Library  that implements the functionality described in the DIF Presentation Exchange specification.

the deployment of digital identification systems needs to get smarter about understanding the political interests and risks that shape the contexts in which identification systems are used — our ID Ecosystem Mapping tool supports risk assessment arising from the deployment of digital identification systems.

Ill walk through configuring a YubiKey and highlight some of the things Ive learned along the way.

Learn how APIs can accelerate software development and delivery.

  • @bloomprotocol/vc
  • @bloomprotocol/ecdsa-secp256k1-signature-2019
  • @bloomprotocol/ecdsa-secp256k1-verification-key-2019
  • @bloomprotocol/elem-did-legacy-non-anchored
  • @bloomprotocol/waci-core
  • @bloomprotocol/waci-jose
  • @bloomprocotol/waci-kit-react
  • @bloomprotocol/presentation-exchange
  • @bloomprotocol/credential-manifest

The Indicio DemoNet joins the Indicio TestNet, which is used for developing new technology releases, and the Indicio MainNet, which hosts mission-critical products and services. With the DemoNet, Indicio now provides a full suite of networks for decentralized identity development and deployment.

This is so exciting to see what Wayne and his team are building.

At Spruce, were building a product suite to manage all aspects of the data supply chain.

  • Tezos DID Method - Specifies VC compatible DID creation and management
  • DIDKit - cross-platform toolkit for working with DIDs and VCs.
  • Credible - Spruces credential wallet.
  • Intake - onboarding tool \ secure document collection and processing.

Code

extension the semantics, of the set of claims comprising a Verifiable Credential. A shared Credential Schema allows all parties to reference data in a known way

  • The Tezos DID Method specifies how Tezos can be used for DID creation and management, compatible with the issuance, storage, and verification of Verifiable Credentials.
  • DIDKit is a cross-platform toolkit for working with W3C Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs).
  • Credible is Spruces native credential wallet for the consumption, storage, and presentation of Verifiable Credentials on Android and iOS.
  • Keylink is Spruces tool to link existing enterprise accounts to keypairs.
  • Intake is a smarter onboarding tool for businesses via secure document collection and processing. These artifacts can then be used as evidence to generate and issue credentials to the counterparty that originally uploaded them.

Overall, the creation of a new schema type via the SDK was not a straightforward process.

This is where Affinidis Schema Manager comes into play

Inspiration - for folks engaging with new code

As a frequent open source maintainer and contributor, Im often asked: where do you start? How do you approach a new project with the goal of making meaningful changes? How can you possibly understand the internals of a complex project?

At the most superficial level, we know that the expectations of board members drive decisions.  The decisions we take link to incentives, rewards and motivations and our shared values.

Our online relationships are almost all transactional. A purely transaction digital life can't feel as rich and satisfying as one based on interactional relationships. As more of our relationships are intermediated by technology, finding ways to support interactional relationships will allow us to live authentic digital lives.

This weekend I worked on making a github action that can sign and verify verifiable credentials with decentralized identifiers.

8/ Animo (@AnimoSolutions is DID/VC provider working on systems and infrastructure for SSI. They built this Aries CLI so you can play around and create invitations, schemas, and credentials.

I created a DID at http://GoDiddy.com did🔑z6MkfxFPD3vwny367HZVQoqUnKatH4RTHEitcbEdvxst3nZm#z6MkfxFPD3vwny367HZVQoqUnKatH4RTHEitcbEdvxst3nZm DIDs are important in Self Sovereign Identity. You can learn about DIDs @bluesky_commons

Building better, more human-centric solutions in smart cities starts by realising that citizens and their digital footprints are not merely aspects to monitor and evaluate. They are active participants in the cities we live and work together and need to be engaged in designing better cities and managing the data about themselves. This is not important only for respecting citizens rights, but it is crucial to building sustainable services and humane cities.

Again, the Indy DID Method is not an optional upgrade. Its a major development that delivers interoperability.

We have documented the functionality of SOyA in a W3C-conforming Specifiation and the full source code is available under the MIT License on Github. Examples and an introduction how to use SOyA is available in a dedicated Tutorial

Learn about verifiable credentials, then head to the playground to view examples, explore multiple use-cases and start using them.

we want to explain what we talk about when we talk about Open Recognition. It builds on this previous post, and aims to move from the abstract to practicalities.

► Dr. Ivan Gudymenko, Subject Matter Lead SSI and Confidential Computing, T-Systems MMS

►Mujtaba Idrees, Advanced Software Engineer, T-Systems MMS

Credentials as a Service Providing Self Sovereign Identity as a Cloud Service Using Trusted Execution Environments

This episode of FOSS and Crafts features Christopher Lemmer Webber discussing the object capability security approach. Its a generalization not specific to VCs, continuing from the conversation on the CCG mailinglist, Hygiene for a computing pandemic: separation of VCs and ocaps/zcaps, we shared last month.

The podcast show-notes include an epic list of references supporting the discussion.

first time since the launch of the Early Adopters Programme in 2021, we are ready to showcase, in real-time and with real data, the outcomes of the EBSI multi-university pilot.

Whether a beginning learner, or interested in advanced concepts like Game Development, Hardware Prototyping, or Competitive Coding, you will find tools, lessons and mentors

DID method traits are testable properties about DID methods that can help implementers tame complexity and choose the right DID method(s) for their use case.

this article describes a simple approach to revoke verifiable credentials and a decentralized and efficient way to index and query those revoked credentials using the Graph protocol.

We consider the knowledge of Self-Sovereign Identity (SSI) and rudimentary knowledge of the Ethr DID method as a requirement for understanding this article.

KBW helps people understand the badge landscape. The community is there to provide solidarity for badge champions and newbies. We do not assume prior knowledge of Open Badges or Verifiable Credentials. We recognise and celebrate those who can share their experience. Anyone interested in badges or integrating Open Recognition are welcome to join.

TL;DR: chapi.io is a site that helps developers integrate Verifiable Credential issuance, holding, and presentation into their applications. It includes a playground that can issue arbitrary VCs to digital wallets (web and native). It also includes tutorials on how Web Developers can add CHAPI integration to their websites. All you need to try it out is a web browser.

Interoperability

With this badge, they qualify to participate in Plugfest #2 which will focus on issuing and displaying LER VCs. Plugfest #2 will take place in November 2022 with plans to meet in person the day before the Internet Identity Workshop on November 14 in Mountainview, CA. If vendors are interested in Plugfest #2 and didnt participate in Plugfest #1, there is still an opportunity to do so by fulfilling the same requirements listed above including the video and earning a Plugfest #1 badge.

Summary: Building a better internet won't happen by chance or simply maximizing freedom. We have to build systems that support justice. How can we do that? Philosophy discussions are the black hole of identity. Once you get in, you can't get out. Nevertheless, I find that I'm drawn to them

Noir is a Rust-based domain specific language (DSL) for creating and verifying zero-knowledge proofs. Its the easiest way to write zk applications that are compatible with any proving system.

  • We recently added support for EIP-1271 (smart contract wallets) on our Python library (siwe-py #30.
  • There is ongoing work on supporting EIP-1271 in our Rust library as well, along with an API refactor (siwe-rs #43.
  • We're updating dependencies in our NextAuth library (siwe-next-auth-example #9, #14).
  • We're finalizing various improvements to our Sign-In with Ethereum TypeScript library toward a v2.1 release.
  • [...]
  • We're adding support for did:jwk into ssi (ssi #466.
  • We've updated DIDKit to reflect the recent ssi refactor (DIDKit #312.

Rebase

  • We're making some additional changes and finalizing our Solana wallet flow (rebase #32.