{"id":16199760,"url":"https://github.com/or13/endor","last_synced_at":"2025-03-19T05:30:51.319Z","repository":{"id":50594967,"uuid":"519568614","full_name":"OR13/endor","owner":"OR13","description":"Verifiable Credential Endorsements PoC inspired by SCITT.","archived":false,"fork":false,"pushed_at":"2022-08-15T18:22:58.000Z","size":560,"stargazers_count":4,"open_issues_count":3,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-17T04:06:00.509Z","etag":null,"topics":["decentralized-identifiers","scitt","verifiable-credentials"],"latest_commit_sha":null,"homepage":"https://or13.github.io/endor","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OR13.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null}},"created_at":"2022-07-30T16:37:20.000Z","updated_at":"2024-02-02T19:58:35.000Z","dependencies_parsed_at":"2022-09-06T08:40:36.675Z","dependency_job_id":null,"html_url":"https://github.com/OR13/endor","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OR13%2Fendor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OR13%2Fendor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OR13%2Fendor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OR13%2Fendor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OR13","download_url":"https://codeload.github.com/OR13/endor/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244364685,"owners_count":20441458,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["decentralized-identifiers","scitt","verifiable-credentials"],"created_at":"2024-10-10T09:27:59.411Z","updated_at":"2025-03-19T05:30:51.004Z","avatar_url":"https://github.com/OR13.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Endor\n\n[![Claim Reviewed](https://github.com/OR13/endor/actions/workflows/Review.yml/badge.svg)](https://github.com/OR13/endor/actions/workflows/Review.yml) [![Claim Endorsed](https://github.com/OR13/endor/actions/workflows/Endorse.yml/badge.svg)](https://github.com/OR13/endor/actions/workflows/Endorse.yml)\n\n\u003e Verifiable Credential Endorsement PoC inspired by SCITT.\n\n\u003cimg src=\"./image.jpg\" alt=\"endor protecting the death star\"/\u003e\n\nFor demonstration purposes only.\n\n- [issuers](https://or13.github.io/endor/issuers)\n- [claims](https://or13.github.io/endor/claims)\n- [policy](https://or13.github.io/endor/policy)\n- [endorsements](https://or13.github.io/endor/endorsements)\n\n## Introduction\n\nLearn more by visiting [ietf-scitt](https://github.com/ietf-scitt).\n\n🚧 This repo contains a tiny PoC.\n\nThis PoC does not reflect current of future SCITT architecture,\nit is meant to explore the actors and models associated with transparency registries.\n\nIn particular, this repository focuses on issuers that rely on DIDs and Payloads / Artifacts that are Verifiable Credentials.\n\nThese choices were made to leverage some existing visualization tooling,\nand libraries, but a similar setup can be achieved with x509 and COSE.\n\nThis repository uses a GitHub Repository as a \"Transparent Registry\" and provides \"Full Transparency\", meaning both claims and endorsements are public.\n\nWhile this makes it easier to explore the concepts it does not reflect a realistic security architecture.\n\n🚧 This repository is for experimenting / and not reflective of anything approaching the proposed SCITT architecture.\n\n### Issuers\n\nEntities such as people, organizations or devices that make statements about an artifact or subject.\n\n🧸 In this PoC I have chosen to represent issuers using W3C Decentralized Identifiers.\n\n### Claims\n\nA set of statements about a subject protected by a signature from an issuer.\n\n🧸 In this PoC I have chosen to represent claims using W3C Verifiable Credentials.\n\n### Policy Documents\n\nSecurity documents describing the rules for validating a claim for consideration in the registry.\n\n🧸 In this PoC I have chosen to represent policy documents using JSON Schema.\n\n🧸 In this PoC I have chosent to automate the claim review process by leveraging GitHub Worflows,\nsuch that a review of claims for conformance is automatically created after a pull request against the `main` branch is opened.\n\nSee [https://github.com/OR13/endor/actions/workflows/Review.yml](https://github.com/OR13/endor/actions/workflows/Review.yml).\n\n### Notary\n\nEntities such as people, organizations or devices that have some trust relationship with an issuer,\nand can provide some assurance to the issuer's identifiers and authenticity.\n\nA notary keeps a ledger or registry of their endorsements.\n\n🧸 In this PoC I have chosen to represent the transparent registry using a GitHub repository.\n\n### Endorsements\n\nA counter signature for a claim from a notary, representing that the issuer has been authenticated under some assurance level,\nbut not representing any evaluation of the payload or claims made by the issuer about a subject.\n\n🧸 In this PoC I have chosen to represent endorsements using W3C Verifiable Credentials.\n\n🧸 In this PoC I have chosen to automate the process of creating endorsements by leveraging GitHub Worflows,\nsuch that endorsements are automatically created after a pull request to the `main` branch has been merged.\n\nSee [https://github.com/OR13/endor/actions/workflows/Endorse.yml](https://github.com/OR13/endor/actions/workflows/Endorse.yml).\n\n# Try it out!\n\nFork the repo, and [use this tool](https://api.did.actor/issue) to create a `/docs/inbox/claim.json` file.\n\nIn the tool, make sure to select the following signing settings:\n\n\u003cimg src=\"./actor-key-config.png\" alt=\"actor did key settings\"/\u003e\n\nThen paste this:\n\n```json\n{\n  \"@context\": [\n    \"https://www.w3.org/2018/credentials/v1\",\n    { \"@vocab\": \"https://or13.github.io/endor#\" }\n  ],\n  \"id\": \"urn:uuid:a86f8c83-fe00-4aff-83b7-f6e55c4ebf20\",\n  \"type\": [\"VerifiableCredential\"],\n  \"issuer\": \"did:key:zQ3shrnCZq3R7vLvDeWQFnxz5HMKqP9JoiMonzYJB4TGYnftL\",\n  \"issuanceDate\": \"2010-01-01T19:23:24Z\",\n  \"credentialSubject\": {\n    \"id\": \"did:example:123\",\n    \"cool-hash\": \"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824\"\n  }\n}\n```\n\nYou can experiment with using other issuer identifiers by changing the mnemonic and/or path values.\n\nJust beware that the `@context` needs to match teh above example or you may fail to issue verifiable credentials.\n\nYou will need to click the pencil to issue the credential as a JWT.\n\nYou will need to use that JWT to create the `claim.json` file, and it should look like the `example.json` file, next to it. \n\nOnce you have the `/docs/inbox/claim.json` file in a branch, open a pull request against this repository.\n\nYou should have only this file in the change set.\n\nA reviewer (@OR13b) will have to approve and run CI to validate your claim.\n\nIf the review passes:\n\n- I will merge your pull request\n- The registry will automatically update\n- A link for your endorsed claim will appear [here](https://or13.github.io/endor/endorsements/index.json)\n\nIf you want to test out the process see the npm commands under usage below.\n\n## Usage\n\n### Prepare a claim\n\n```\nnpm run claim:prepare\n```\n\nThis command will create a `./docs/inbox/claim.json` from `./docs/inbox/example.json`.\n\nYou can also generate your own unique claim using this tool:\n\n[api.did.actor/issue](https://api.did.actor/issue)\n\n\u003cimg src=\"./issue-jwt-example.png\" alt=\"issue jwt verifiable credential example\"/\u003e\n\nAfter configuring the credential, click the \"pencil\" to issue it.\n\nYou will end on a URL that looks like this: [https://api.did.actor/v/eyJhbGc...](https://api.did.actor/v/eyJhbGciOiJFUzI1NksiLCJraWQiOiJkaWQ6a2V5OnpRM3Nocm5DWnEzUjd2THZEZVdRRm54ejVITUtxUDlKb2lNb256WUpCNFRHWW5mdEwjelEzc2hybkNacTNSN3ZMdkRlV1FGbnh6NUhNS3FQOUpvaU1vbnpZSkI0VEdZbmZ0TCJ9.eyJpc3MiOiJkaWQ6a2V5OnpRM3Nocm5DWnEzUjd2THZEZVdRRm54ejVITUtxUDlKb2lNb256WUpCNFRHWW5mdEwiLCJzdWIiOiJkaWQ6ZXhhbXBsZToxMzMzMzMzMzM3IiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLHsiQHZvY2FiIjoiaHR0cHM6Ly9vcjEzLmdpdGh1Yi5pby9lbmRvciMifSwiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiXSwiaWQiOiJ1cm46dXVpZDpkYTYyMWFmZi01MWE3LTQwYjYtYjI4Yi1lZWQyYTU1NzliMGIiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDprZXk6elEzc2hybkNacTNSN3ZMdkRlV1FGbnh6NUhNS3FQOUpvaU1vbnpZSkI0VEdZbmZ0TCIsImlzc3VhbmNlRGF0ZSI6IjIwMTAtMDEtMDFUMTk6MjM6MjRaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6ZXhhbXBsZToxMzMzMzMzMzM3IiwiY29vbC1oYXNoIjoiMmNmMjRkYmE1ZmIwYTMwZTI2ZTgzYjJhYzViOWUyOWUxYjE2MWU1YzFmYTc0MjVlNzMwNDMzNjI5MzhiOTgyNCJ9fSwianRpIjoidXJuOnV1aWQ6ZGE2MjFhZmYtNTFhNy00MGI2LWIyOGItZWVkMmE1NTc5YjBiIiwibmJmIjoxMjYyMzczODA0fQ.-RH5e1HEsg_dwa_kcZfyVPgaqYubOvINmdry81ogOtJxpQSwaknpsv9GCLr_Bg931re83oTC5kISfz3SOEEq4w)\n\nEverything after `https://api.did.actor/v/` is a JWT.\n\nYou can use this as your `claim.json`\n\n### Review a claim\n\n```\nnpm run claim:review\n```\n\n### Endorse a claim\n\n```\nnpm run claim:endorse\n```\n\n### Test the Registry\n\n```\nnpm run registry:test\n```\n\n### Update the Registry\n\n```\nnpm run registry:update\n```\n\n### Drop the Registry\n\n```\nnpm run registry:drop\n```\n\n# 🚨 Security Issues 🚨\n\nThis repository contains private keys for demonstration purposes.\n\nThis repository uses `did:key` which has no revocation or expiration mechanism... for demonstration purposes only.\n\nThis PoC is a hypothetical example.\n\nThis PoC is not safe, I made it to explore ideas.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2For13%2Fendor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2For13%2Fendor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2For13%2Fendor/lists"}