-
Notifications
You must be signed in to change notification settings - Fork 6
/
index.html
180 lines (167 loc) · 7.88 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
<html><head><meta charset="utf-8" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="description" content="" /><meta name="author" content="Maxim Sokhatsky" />
<title>AUTHORITY</title>
<link rel="stylesheet" href="https://n2o.dev/blank.css" />
<link rel="stylesheet" href="https://n2o.dev/zima.css" />
<link rel="stylesheet" href="https://n2o.dev/pro/pro.css" />
</head><body><nav>
<a href="https://erp.uno/en/">ERP</a>
<a href="https://ca.erp.uno" style="background:#ededed;">CA</a>
</nav><header>
<a href="https://github.com/synrc/ca"><img src="https://openmoji.org/data/color/svg/E08F.svg" /></a>
<h1>AUTHORITY</h1>
</header><aside>
<article>
<section>
<h3>SYNOPSIS</h3>
<div>ERP/1 AUTHORITY is the CA PKI X.509 server with its infrastructure (CMP, OCSP, TSP, CMS, CSR)
and the CA crypto library (HEX.PM) compatible with ASN.1, X.509 and OpenSSL for SYNRC services.</div>
</section>
<section>
<h3>SPEC</h3>
<div><ul><li><a href="man/ocsp.htm">OCSP</a></li>
<li><a href="man/ldap.htm">LDAP</a></li>
<li><a href="man/kep.htm">KEP</a></li>
<li><a href="man/pkix.htm">PKIX</a></li>
<li><a href="man/rsa.htm">RSA</a></li>
<li><a href="man/ecc.htm">ECC</a></li>
<li><a href="man/csr.htm">CSR</a></li></ul></div>
<br />
<div>
MAR 2019—2024 © <a href="https://github.com/5HT">5HT</a> <a href="https://5HT.co/license/">DHARMA 2.0</a><br />
VER 5.11.5
</div>
</section>
</article>
<article>
<section>
<h3>SERVICES</h3>
<div>
<ul><li>EST</li>
<li>CMP</li>
<li>OCSP</li>
<li>TSP</li>
<li>LDAP</li></ul>
</div>
</section>
<section>
<h3>SIGNING</h3>
<div><ul>
<li>PBMAC1</li>
<li>ECDSA</li>
<li>RSA</li>
<li><a href="man/CAdES.htm">CAdES</a></li>
<li>ДСТУ 4145:2014</li>
<li>ДСТУ 7564:2014</li>
</div>
</section>
<section>
<h3>ENCRYPTION</h3>
<div><ul><li>AES</li>
<li>AES-KW</li>
<li>CMS</li>
<li>ДСТУ 7624:2014</li>
</div>
</section>
<section>
<h3>DERIVATION</h3>
<div>
<ul><li>KDF</li>
<li>HKDF</li>
<li>PBKDF2</li>
</ul>
</div>
</section>
<section>
<h3>CURVES</h3>
<div>
<ul><li>SECP384R1</li>
<li>SECP256V1</li>
<li>CURVE25519</li>
<li>CURVE448</li>
</ul>
</div>
</section>
</aside>
<main>
<article>
<section>
<h3>INTRO</h3>
<figure><img src="priv/design/ca-shaders.png" width=900></figure>
<br>
</section>
<section>
<h3>DEVELOPMENT</h3>
<p>
* <a href="https://tonpa.guru/stream/2010/2010-10-18 LDAP.htm">2010-10-18 LDAP</a><br>
* <a href="https://tonpa.guru/stream/2020/2020-02-03 Кваліфікований Електронний Підпис.htm">2020-02-03 Qualified Digital Signature</a><br>
* <a href="https://tonpa.guru/stream/2023/2023-06-22 Месенжер.htm">2023-06-22 CMS Messenger (Pitch)</a><br>
* <a href="https://chat.erp.uno/en/">2023-06-30 CHAT X.509 (Homepage)</a><br>
* <a href="https://tonpa.guru/stream/2023/2023-07-05 CMS SMIME.htm">2023-07-05 CMS S/MIME</a><br>
* <a href="https://tonpa.guru/stream/2023/2023-07-16 CMS Compliance.htm">2023-07-16 CMS Compliance</a><br>
* <a href="https://tonpa.guru/stream/2023/2023-07-20 LDAP Compliance.htm">2023-07-20 LDAP Compliance</a><br>
* <a href="https://ldap.erp.uno">2023-07-25 LDAP 13.7.24 (Homepage)</a><br>
* <a href="https://authority.erp.uno">2023-07-30 CA X.509 (Homepage)</a><br>
* <a href="https://tonpa.guru/stream/2023/2023-07-21 CMP CMC EST.htm">2023-07-21 CMP/CMC/EST</a><br>
* <a href="https://tonpa.guru/stream/2023/2023-07-27 MLS.htm">2023-07-21 MLS ROOM CHAT</a><br>
* <a href="https://tonpa.guru/stream/2023/2023-08-05 CA CURVE.htm">2023-08-05 CA CURVE</a><br>
* <a href="https://tonpa.guru/stream/2023/2023-08-07 CHAT ASN.1.htm">2023-08-07 CHAT ASN.1</a><br>
* <a href="https://tonpa.guru/stream/2023/2023-08-08 ASN.1 Компілятор.htm">2023-08-08 ASN.1 Compiler</a><br>
* <a href="https://tonpa.guru/stream/2023/2023-08-13 SWIFT X.509.htm">2023-08-13 SWIFT X.509</a><br>
* <a href="https://tonpa.guru/stream/2023/2023-09-01 ASN1.EX X.680.htm">2023-09-01 ASN1.EX X.680</a><br>
* <a href="https://tonpa.guru/stream/2024/2024-10-29 EST.htm">2024-10-29 EST</a><br>
* <a href="https://tonpa.guru/stream/2024/2024-11-17 EUDI.htm">2024-11-17 EUDI</a><br>
* <a href="https://tonpa.guru/stream/2024/2024-11-20 CBOR COSE.htm">2024-11-20 CBOR COSE</a><br>
* <a href="https://tonpa.guru/stream/2024/2024-11-21 MSO MDoc.htm">2024-11-21 MSO MDoc</a><br>
</p>
</section>
<section>
<h3>ARCHITECTURE</h3>
<p>EUDI is decetralized PKIX with ABAC level control over attributes that is using JSON as encoding and HTTP as transport.</p>
<p>
<ul>
<li>● eIDAS Node — State Certificate Authority</li>
<li>● EUDI Verifier — Verifiable Presentations</li>
<li>● EUID Wallet (Holder) — iOS/Android Application </li>
<li>● EUDI Provider (Issuer) — OpenID for Verifiable Credentials</li>
<li>● Personal Identification Data (PID) Provider — Diia State Enterprise</li>
<li>● Qualified and Non-Qualified Electronic Attestation of Attributes (QEAA)</li>
<li>● Qualifiied Electronic Signature Provider (QP) — Qualified Certificates (QC)</li>
</ul>
</p>
<h4>HOLDER, ISSUER, VERIFIER</h4>
<p>In an OpenID4VC ecosystem, the Verifier and the Issuer are connected indirectly
through the credential lifecycle, with interactions primarily mediated by the Holder.
This architecture ensures trust without requiring a direct, continuous relationship
between the Verifier and the Issuer, adhering to privacy and decentralization principles.
The Verifier does not directly contact the Issuer during typical operations unless a status check is required.
The Holder acts as the intermediary, ensuring their privacy and control over the data being shared.</p>
<p>EUDI Wallet acts as Holder, QEAA, EAA, PIP (TSPs) act as EUDI Providers or Issuers. EUDI Verifier perform
status verification of credentials and acts as presentations Verifier.</P>
<h4>PKIX vs OpenID4VC</h4>
<p>EUDI model has a similarity with PKIX.
The same way person use a signed attribute set (a X.509 certificate from CSR attributes)
for authentication and authorization in PKI, the OpenID4VC provider (PIP) envelops
set of attributes (digital presentation of claims) and
issue and Electronic Documents in mDOC format for EUDI Wallet.</p>
<p>However, unlike PKIX with its centralized model,
EUDI provide distributed model without single root CA,
where all parties bounded cryptographycally. Also, EUDI has more subtle
and rigorous control over attributes (claims) like in ABAC model.</p>
<p>CRLs and OCSP can create privacy concerns since they involve
querying a CA, potentially exposing the user's activity.
OpenID4VC mitigates this by enabling the Holder to mediate
the process, and some implementations avoid real-time statu
checks entirely by including cryptographic proofs within the
credential itself.</p>
<br>
<br><center>˙</center>
</section>
</article>
</main>
<footer>
<br><center>˙</center>
<br>Namdak Tonpa <span class="heart">❤</span> 2024</footer>
</body>
</html>