git@vger.kernel.org list mirror (unofficial, one of many)
 help / color / mirror / Atom feed
From: Ibrahim El Rhezzali <ibrahim.elrhezzali@gmail.com>
To: git@vger.kernel.org
Subject: [RFC] Improved git signing interface
Date: Mon, 22 Jul 2019 16:16:15 +0200
Message-ID: <CACi-FhDeAZecXSM36zroty6kpf2BCWLS=0R+dUwuB96LqFKuTA@mail.gmail.com> (raw)

Hi Everyone,

I have been selected by the Linux Foundation to work on a summer
project. I would like to abstract the git signing interface and add
support for signatures using decentralized identifiers (DID).
Decentralized identifiers are an emerging standard [0] that allows
individuals to control their own digital identities, and is often
called self-sovereign identity (SSI). The SSIMeetup is a good place to
learn more about SSI [1] and DIDs [2].

The project’s current goal is to abstract the current GPG interface
into a more ‘generic’ API that supports the existing OpenPGP and X.509
functionality while creating the ability to write additional signature
drivers.

I have implemented a prototype that works and passes all tests, and in
the coming weeks I plan to submit a series of patches for your review.
I first need to clean up the Git history to make it easy to follow. I
will also ensure that people using the current approach to GPG signing
can use the proposed approach with only minor changes. The flag
“--gpg-sign” would evolve to “---sign”, though I would like to
preserve an alias to the old flag if possible. My prototype has
already implemented configuration aliases to ensure that the new
approach is backwards compatible with previous configuration. I am
also working to update the documentation to explain the new approach.

You can inspect my work in my fork of Git here:
https://github.com/ibrahimel/did-git-impl

I created a view model diagram to describe the intended result and the
files that would be impacted and can be viewed here:
https://github.com/ibrahimel/did-git-impl/blob/did-git-impl-signing/Documentation/technical/signing-interface.png

This project is a continuation of David Huseby’s previous work on the
subject, which can be found here:
https://github.com/dhuseby/did-git-spec

Please let me know if you have any comment on the design and the
previous work done so far. I look forward to learning from your
experience.

Thanks,
Ibrahim

[0] https://w3c-ccg.github.io/did-spec/
[1] https://ssimeetup.org/story-open-ssi-standards-drummond-reed-evernym-webinar-1/
[2] https://ssimeetup.org/decentralized-identifiers-did-fundamental-block-self-sovereign-identity-drummond-reed-webinar-2/

             reply	other threads:[~2019-07-22 14:16 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-22 14:16 Ibrahim El Rhezzali [this message]
2019-07-30  6:59 ` Jeff King
2019-08-14  8:48   ` Ibrahim El Rhezzali

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: http://vger.kernel.org/majordomo-info.html

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CACi-FhDeAZecXSM36zroty6kpf2BCWLS=0R+dUwuB96LqFKuTA@mail.gmail.com' \
    --to=ibrahim.elrhezzali@gmail.com \
    --cc=git@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

git@vger.kernel.org list mirror (unofficial, one of many)

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://public-inbox.org/git
	git clone --mirror http://ou63pmih66umazou.onion/git
	git clone --mirror http://czquwvybam4bgbro.onion/git
	git clone --mirror http://hjrcffqmbrq6wope.onion/git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 git git/ https://public-inbox.org/git \
		git@vger.kernel.org
	public-inbox-index git

Example config snippet for mirrors.
Newsgroups are available over NNTP:
	nntp://news.public-inbox.org/inbox.comp.version-control.git
	nntp://ou63pmih66umazou.onion/inbox.comp.version-control.git
	nntp://czquwvybam4bgbro.onion/inbox.comp.version-control.git
	nntp://hjrcffqmbrq6wope.onion/inbox.comp.version-control.git
	nntp://news.gmane.io/gmane.comp.version-control.git
 note: .onion URLs require Tor: https://www.torproject.org/

code repositories for the project(s) associated with this inbox:

	https://80x24.org/mirrors/git.git

AGPL code for this site: git clone https://public-inbox.org/public-inbox.git