| "use strict";(self.webpackChunk=self.webpackChunk||[]).push([[1838],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>h});var a=r(7294);function i(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function n(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,a)}return r}function o(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?n(Object(r),!0).forEach((function(t){i(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):n(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}function s(e,t){if(null==e)return{};var r,a,i=function(e,t){if(null==e)return{};var r,a,i={},n=Object.keys(e);for(a=0;a<n.length;a++)r=n[a],t.indexOf(r)>=0||(i[r]=e[r]);return i}(e,t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);for(a=0;a<n.length;a++)r=n[a],t.indexOf(r)>=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(i[r]=e[r])}return i}var l=a.createContext({}),c=function(e){var t=a.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},p=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},d="mdxType",u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var r=e.components,i=e.mdxType,n=e.originalType,l=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),d=c(r),m=i,h=d["".concat(l,".").concat(m)]||d[m]||u[m]||n;return r?a.createElement(h,o(o({ref:t},p),{},{components:r})):a.createElement(h,o({ref:t},p))}));function h(e,t){var r=arguments,i=t&&t.mdxType;if("string"==typeof e||i){var n=r.length,o=new Array(n);o[0]=m;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s[d]="string"==typeof e?e:i,o[1]=s;for(var c=2;c<n;c++)o[c]=r[c];return a.createElement.apply(null,o)}return a.createElement.apply(null,r)}m.displayName="MDXCreateElement"},5845:(e,t,r)=>{r.r(t),r.d(t,{assets:()=>p,contentTitle:()=>l,default:()=>m,frontMatter:()=>s,metadata:()=>c,toc:()=>d});var a=r(7462),i=r(3366),n=(r(7294),r(3905)),o=["components"],s={id:"d-ta-overview",title:"Decentralized Trust Authority Overview",sidebar_label:"D-TA Overview"},l=void 0,c={unversionedId:"d-ta-overview",id:"d-ta-overview",title:"Decentralized Trust Authority Overview",description:"VERSION: ALPHA RELEASE 0.1.0",source:"@site/../docs/d-ta-overview.md",sourceDirName:".",slug:"/d-ta-overview",permalink:"/docs/d-ta-overview",draft:!1,tags:[],version:"current",frontMatter:{id:"d-ta-overview",title:"Decentralized Trust Authority Overview",sidebar_label:"D-TA Overview"},sidebar:"docs",previous:{title:"UInt64",permalink:"/docs/cryptojs/unit64"},next:{title:"Quick Start",permalink:"/docs/dta-details/quickstart"}},p={},d=[{value:"VERSION: ALPHA RELEASE 0.1.0",id:"version-alpha-release-010",level:3},{value:"Release Schedule:",id:"release-schedule",level:4},{value:"Milagro D-TA Security",id:"milagro-d-ta-security",level:2},{value:"The Milagro D-TA Communication Protocol",id:"the-milagro-d-ta-communication-protocol",level:2}],u={toc:d};function m(e){var t=e.components,s=(0,i.Z)(e,o);return(0,n.kt)("wrapper",(0,a.Z)({},u,s,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h3",{id:"version-alpha-release-010"},"VERSION: ALPHA RELEASE 0.1.0"),(0,n.kt)("admonition",{title:"The Alpha Release of the D-TA is not for production use.",type:"important"}),(0,n.kt)("h4",{id:"release-schedule"},"Release Schedule:"),(0,n.kt)("p",null,"Beta Release: Q4 2019"),(0,n.kt)("p",null,"RC1 Release: Q1 2020"),(0,n.kt)("h1",{id:"introduction"},"Introduction"),(0,n.kt)("p",null,"The Apache Milagro (Incubating) Decentralized Trust Authority (D-TA) is a collaborative key management server. It has two primary functions. "),(0,n.kt)("ol",null,(0,n.kt)("li",{parentName:"ol"},(0,n.kt)("strong",{parentName:"li"},"Issue")," shares of identity-based Type-3 pairing secrets for initializing zero-knowledge proof multi-factor authentication (ZKP-MFA) networks of clients and authentication servers."),(0,n.kt)("li",{parentName:"ol"},(0,n.kt)("strong",{parentName:"li"},"Safeguards")," shares of generic secrets, acting independently but in conjunction with other D-TA nodes, for the benefit of other D-TA nodes. ")),(0,n.kt)("p",null,"In the use case where it issues shares, the D-TA holds nothing except for its Master Secret and acts as a distributed private key generation server. In the use case where it is safeguarding shares of secrets, it is up to the application developer to implement back-end application logic to hold those shares securely. Examples include using Hardware Security Modules (HSMs) via an on-board PKCS#11 implementation to create a realm of key encryption keys, or multi-party computation through BLS signature aggregation."),(0,n.kt)("h1",{id:"roles"},"Roles"),(0,n.kt)("p",null,"Operators of Decentralized Trust Authorities are segmented into three roles."),(0,n.kt)("ol",null,(0,n.kt)("li",{parentName:"ol"},(0,n.kt)("p",{parentName:"li"},(0,n.kt)("strong",{parentName:"p"},"Principals")," - These entities operate a Milagro D-TA node to securely communicate with other D-TA nodes (Fiduciaries), employing them to issues shares of secrets or safeguard shares of secrets.")),(0,n.kt)("li",{parentName:"ol"},(0,n.kt)("p",{parentName:"li"},(0,n.kt)("strong",{parentName:"p"},"Fiduciaries")," - These entities operate ","\\","( 1 + n ","\\",") Milagro D-TAs to issue shares of secrets or safeguard shares of secrets.")),(0,n.kt)("li",{parentName:"ol"},(0,n.kt)("p",{parentName:"li"},(0,n.kt)("strong",{parentName:"p"},"Beneficiaries")," - These entities receive shares of secrets from Fiduciaries."))),(0,n.kt)("p",null,"A D-TA facilitates secure and auditable communication between entities and service providers who can keep shares of secret keys safe (Fiduciaries). The D-TA is written in Go and uses REST services based on the GoKit microservices framework. The D-TA uses IPFS to create a shared immutable log of transactions and relies on Milagro-Crypto-C for it's crypto. Future release candidates will incorporate Tendermint for consensus protocol."),(0,n.kt)("h1",{id:"safeguarding-secrets"},"Safeguarding Secrets"),(0,n.kt)("p",null,"In order to safeguard a secret using the D-TA a minimum of two roles are required: a client (Principal) and a server (Fiduciary). In addition a third party can be nominated as the ultimate recipient of the secret (Beneficiary). You can run a single D-TA to provide all three roles if you want to see it in action. See the ",(0,n.kt)("a",{parentName:"p",href:"/docs/dta-details/quickstart"},"quick start guide")," for instructions on how to do that."),(0,n.kt)("p",null,'This system can be imagined like a "network HSM". Below is a VERY simplified overview of the process:'),(0,n.kt)("p",null,(0,n.kt)("img",{alt:"Figure 1",src:r(8214).Z,width:"1283",height:"720"})),(0,n.kt)("h2",{id:"milagro-d-ta-security"},"Milagro D-TA Security"),(0,n.kt)("p",null,"The ",(0,n.kt)("strong",{parentName:"p"},"Seed")," is the focus of the system - the D-TA provides a method for Principals to communicate with Fiduciaries who can secure their secrets, it does not prescribe how the securing should be done. The most basic implementation of a D-TA should secure seeds in an HSM using a PKCS#11 interface. "),(0,n.kt)("p",null,"We hope that many custodial services will adopt the Milagro D-TA as a communication protocol and that they will bring a profusion of security paradigms, by working together we can make a dynamic market place for custodial services and together make the Internet a safer place."),(0,n.kt)("h2",{id:"the-milagro-d-ta-communication-protocol"},"The Milagro D-TA Communication Protocol"),(0,n.kt)("p",null,"The D-TA provides a secure, distributed method of communication between Beneficiaries, Principals and Fiduciaries. It aims to solve the following problems:"),(0,n.kt)("ol",null,(0,n.kt)("li",{parentName:"ol"},(0,n.kt)("p",{parentName:"li"},"How can actors in the system be identified and trusted?"),(0,n.kt)("p",{parentName:"li"},(0,n.kt)("strong",{parentName:"p"},"Answer:")," ",(0,n.kt)("a",{parentName:"p",href:"/docs/dta-details/identity-documents"},"Identity Documents"))),(0,n.kt)("li",{parentName:"ol"},(0,n.kt)("p",{parentName:"li"},"How can records of interactions between actors in the system be trusted and verified?"),(0,n.kt)("p",{parentName:"li"},(0,n.kt)("strong",{parentName:"p"},"Answer:")," ",(0,n.kt)("a",{parentName:"p",href:"/docs/dta-details/encrypted-envelope"},"Encrypted Envelopes")," via ",(0,n.kt)("a",{parentName:"p",href:"/docs/dta-details/ipfs"},"IPFS"))),(0,n.kt)("li",{parentName:"ol"},(0,n.kt)("p",{parentName:"li"},'How can different custodial services provide their own "special security sauce"?'),(0,n.kt)("p",{parentName:"li"},(0,n.kt)("strong",{parentName:"p"},"Answer:")," ",(0,n.kt)("a",{parentName:"p",href:"/docs/dta-details/plugins-overview"},"Plugins")))),(0,n.kt)("p",null,"A more complete view of the Milagro D-TA ecosystem is shown below"),(0,n.kt)("p",null,(0,n.kt)("img",{alt:"Figure 1",src:r(8294).Z,width:"1672",height:"1095"})))}m.isMDXComponent=!0},8214:(e,t,r)=>{r.d(t,{Z:()=>a});const a=r.p+"assets/images/RC1-Overview-1-df66e3e41d643bfeb8ad2c77160b6d97.png"},8294:(e,t,r)=>{r.d(t,{Z:()=>a});const a=r.p+"assets/images/RC1-537ade04d4b9de9c84709b309c333790.png"}}]); |