Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Identity v2 #5598

Merged
merged 5 commits into from
Sep 19, 2023
Merged

Identity v2 #5598

merged 5 commits into from
Sep 19, 2023

Conversation

SanjoDeundiak
Copy link
Member

@SanjoDeundiak SanjoDeundiak commented Aug 14, 2023
edited
Loading

Changes

  1. Rewrite Identity:
    • New on-the-wire models
    • Renamings
    • New protocol design
    • Introduce PurposeKeys
    • All keys have creation and expiration timestamps
  2. Rewrite Vault
    • Introduce SigningVault, VerifyingVault and SecureChannelVault
  3. Rewrote AWS Vault:
    • Remove persistent state (fetches all keys on start)
    • Check for maximum number of keys (100)
    • Change formats from der to what we use
  4. Change Attributes key type to binary
  5. Change display formats for Identity models
  6. FFI improvements
  7. Please go over Commit messages

NOTE

It also breaks backward compatibility:

  1. Identity migration support is removed
  2. LEGACY_ID is removed from the credential

@SanjoDeundiak SanjoDeundiak force-pushed the sanjo/identity_integration branch 10 times, most recently from 1679348 to 9154384 Compare August 21, 2023 13:28
@SanjoDeundiak SanjoDeundiak force-pushed the sanjo/identity_integration branch 3 times, most recently from 1ba7fb0 to 47c9ef3 Compare August 22, 2023 15:41
@SanjoDeundiak SanjoDeundiak mentioned this pull request Aug 22, 2023
Closed
@SanjoDeundiak SanjoDeundiak force-pushed the sanjo/identity_integration branch 2 times, most recently from 83a2a6d to 9f5e381 Compare August 23, 2023 10:47
@SanjoDeundiak
Copy link
Member Author

Updated documentation is here build-trust/ockam-documentation#57

@SanjoDeundiak SanjoDeundiak force-pushed the sanjo/identity_integration branch 13 times, most recently from 8ca9734 to 0f084d2 Compare August 24, 2023 12:33
@mrinalwadhwa
Copy link
Member

@SanjoDeundiak Before we merge this branch let's squash the commit, otherwise we end up with really noisy changelogs. This PR is ~one logical change.

@SanjoDeundiak
Copy link
Member Author

@mrinalwadhwa ok, next time, I won't waste time on isolated commits with proper descriptions :D

@mrinalwadhwa
Copy link
Member

😁 we can keep everything you wrote in the description of the squashed commit

@SanjoDeundiak SanjoDeundiak force-pushed the sanjo/identity_integration branch 5 times, most recently from d6369d7 to b70ab9d Compare September 18, 2023 16:19
@SanjoDeundiak SanjoDeundiak mentioned this pull request Sep 19, 2023
Merged
@SanjoDeundiak SanjoDeundiak reopened this Sep 19, 2023
@SanjoDeundiak SanjoDeundiak force-pushed the sanjo/identity_integration branch from 7e60501 to 346b0f3 Compare September 19, 2023 13:29
@SanjoDeundiak SanjoDeundiak changed the title WIP: v2 Identity integration Identity v2 Sep 19, 2023
SanjoDeundiak and others added 5 commits September 19, 2023 16:03
@SanjoDeundiak
feat(rust): switch to new Identity design
649a7e6 
List of commits before the big squash:
 - feat(rust): extend `v2` identity api
 - feat(rust): improve verify credential api
 - feat(rust): extend `Identifier` api
 - fix(rust): fix `Identity`-related builders
 - feat(rust): improve `Identifier` serialization
 - feat(rust): use `v2` identity in `ockam` crate
 - feat(rust): use `v2` identity in `ockam_abac` crate
 - feat(rust): use `v2` identity in `ockam_api` crate
 - feat(rust): use `v2` identity in `ockam_command` crate
 - feat(rust): replace `controller.id` with temporary value
 - feat(rust): remove const-time comparison for `Identifier`
 - chore(rust): fix clippy warnings
 - test(rust): replace fixture of enrollment ticket
 - feat(rust): add `import_private_identity` method
 - feat(rust): check if public key matched on private identity import
 - feat(rust): rewrite `Vault`
 - feat(rust): update `ockam_identity` to new `Vault` structure
 - feat(rust): disable old identity implementation to avoid updating it with new `Vault`
 - test(rust): delete old identity implementation tests
 - feat(rust): update `ockam` to new `Vault` structure
 - feat(rust): update `ockam_api` to new `Vault` structure
 - feat(rust): update `ockam_command` to new `Vault` structure
 - feat(rust): update `AWS` vault
 - fix(rust): change p256 public key length to 65
 - fix(rust): fix `import_private_identity` fn
 - test(rust): fix compilation for aws `ockam_command` test
 - feat(rust): replace old identity implementation with the new one
 - fix(rust): fix `no_std` build
 - test(rust): replace all-zero test identity with a random
 - feat(rust): change `import_private_identity` to accept binary instead of hex
 - chore(rust): decrease level of logging for some messages
 - feat(rust): save `Identity` to the storage during import
 - test(rust): update kafka integration test
 - feat(rust): implement and use lazy purpose key creation
 - fix(rust): fix `expected_identifier` check during credentials verification
 - feat(rust): remove deprecated `PROJECT_ID` from credentials check
 - feat(rust): add `encoding_utils` to `ockam_identity`
 - feat(rust): improve display implementation for identity-related models
 - feat(rust): add `create` to software vaults
 - chore(rust): organize vault imports
 - feat(rust): add sync interface for `SoftwareVerifyingVault`
 - feat(rust): update ffi according to the new `Vault` design
 - feat(rust): improve `ockam/src/node.rs`
 - chore(rust): fix `get_started` examples
 - feat(rust): improve aes length checks
 - test(rust): fix secure_channel/vault integration test
 - feat(rust): remove `PurposeKeys` from `SecureChannels`
 - feat(rust): improve `Identity` verification
 - test(rust): improve `Identity` verification tests
 - chore(rust): clean up identities `mod.rs`
 - feat(rust): delete the old key during rotation
 - feat(rust): add persistent `Identity` rotation
 - feat(rust): improve `PurposeKey` and `Credential` verification
 - feat(rust): add `TRUST_CONTEXT_ID_UTF8` for type-safety
 - test(rust): fix `Identity` comparison test
 - chore(rust): remove `extern crate core;` from `ockam_command`
 - feat(rust): add key type check on identity creation with an existing key
 - fix(rust): rebase fixes
 - chore(rust): update import formats in `ockam_identity`
 - feat(rust): add `export_identity` and `get_identity` to `Identities`
 - feat(rust): add `IdentityBuilder`
 - test(rust): fix aws identity test
 - feat(rust): split `PurposeKeys` into creation and verification
 - feat(rust): split `Credentials` into creation and verification
 - feat(rust): move models conversions
 - feat(rust): add `PurposeKeyBuilder`
 - feat(rust): improve `IdentityBuilder` and `PurposeKeyBuilder`
 - feat(rust): better key type checks
 - test(rust): improve identity and purposekey tests
 - chore(rust): no_std fix
 - chore(rust): add a `FIXME` for `TrustContext`
 - feat(rust): split identity models into multiple files
 - feat(rust): split signing_vault into identity_vault and credential_vault
 - feat(rust): move `Vault` structure to `ockam_identity`
 - test(rust): update bats test to support new `Identity`
 - feat(rust): optimize credentials on-the-wire format
 - feat(rust): add ability to attest `PurposeKey` given its public key
 - fix(rust): remove panic from `SecretType` -> `SecretAttributes` cast
 - fix(rust): `no_std` build
 - feat(rust): remove unused vault part
 - feat(rust): allow 5 sec time drift during creds and pk verification
@polvorin @SanjoDeundiak
feat(elixir): adapt to new identity design
1b5103c 
Adapts to new identity desing, get rid of the separate sidecar and vault ffi.
Use rustler for rust>elixir bindings on Identity/Credentials.
@polvorin @SanjoDeundiak
fix(elixir): fix format on list_member_ids response
ce06e3a
@polvorin @SanjoDeundiak
fix(elixir): include static key and attestation on identity callbacks
f391b08
@SanjoDeundiak
chore(rust): delete ockam-ffi directory
7e2a962
@SanjoDeundiak SanjoDeundiak force-pushed the sanjo/identity_integration branch from 346b0f3 to 7e2a962 Compare September 19, 2023 14:03
@SanjoDeundiak SanjoDeundiak marked this pull request as ready for review September 19, 2023 14:04
@SanjoDeundiak SanjoDeundiak requested a review from a team as a code owner September 19, 2023 14:04
@SanjoDeundiak SanjoDeundiak added this pull request to the merge queue Sep 19, 2023
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to no response for status checks Sep 19, 2023
@metaclips metaclips added this pull request to the merge queue Sep 19, 2023
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Sep 19, 2023
@metaclips metaclips added this pull request to the merge queue Sep 19, 2023
Merged via the queue into develop with commit 359b3e8 Sep 19, 2023
99 checks passed
@metaclips metaclips deleted the sanjo/identity_integration branch September 19, 2023 20:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@polvorin polvorin polvorin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@SanjoDeundiak @mrinalwadhwa @polvorin @metaclips