Merge pull request hyperledger-indy#734 from kdenhartog/master

updated links and added temporary place holder to share link

Author: dhh1128

doc/design/005-dkms/DKMS Design and Architecture V3.md

@@ -67,11 +67,11 @@ DKMS architecture and DPKI provides the following major benefits:
 
 As a general rule, DKMS requirements are a derivation of CKMS requirements, adjusted for the lack of centralized authorities or systems for key management operations. Evernym’s DKMS team and subcontractors performed an extensive analysis of the applicability of conventional CKMS requirements to DKMS using [NIST Special Publication 800-130: A Framework for Designing Cryptographic Key Management Systems](http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-130.pdf). For a summary of the results, see:
 
-* [Evernym HSHQDC-17-C-00018 - DKMS Requirements Spreadsheet Based On NIST 800-130](https://github.com/hyperledger/indy-sdk/blob/master/doc/dkms/DKMS Requirements Spreadsheet Based On NIST 800-130.pdf)
+* [Evernym HSHQDC-17-C-00018 - DKMS Requirements Spreadsheet Based On NIST 800-130](https://github.com/hyperledger/indy-sdk/blob/master/doc/design/005-dkms/DKMS%20Requirements%20Spreadsheet%20Based%20On%20NIST%20800-130%20-%20Sheet1.pdf)
 
-* [Evernym HSHQDC-17-C-00018 - DKMS Requirements Text Based on NIST 800-130](https://github.com/hyperledger/indy-sdk/blob/master/doc/dkms/DKMS Requirements Text Based on NIST 800-130.pdf)
+* [Evernym HSHQDC-17-C-00018 - DKMS Requirements Text Based on NIST 800-130](https://github.com/hyperledger/indy-sdk/blob/master/doc/design/005-dkms/DKMS%20Requirements%20Text%20Based%20on%20NIST%20800-130.pdf)
 
-* [Evernym HSHQDC-17-C-00018 - DKMS Requirements Report - 30 June 2017](https://github.com/hyperledger/indy-sdk/blob/master/doc/dkms/DKMS Requirements Report - 30 June 2017.pdf)
+* [Evernym HSHQDC-17-C-00018 - DKMS Requirements Report - 30 June 2017](https://github.com/hyperledger/indy-sdk/blob/master/doc/design/005-dkms/DKMS%20Requirements%20Report%20-%2030%20June%202017.pdf)
 
 The most relevant special requirements are highlighted in the following sections.
 

doc/design/005-dkms/README.md

@@ -33,5 +33,5 @@ These methods are not exclusive and should be combined with key rotation and rev
 
 1. [Design and architecture](DKMS%20Design%20and%20Architecture%20V3.md)
 2. **Public Registry for Agent Authorization Policy**. An identity owner create a policy on the ledger that defines its agents and their authorizations. 
-   Agents while acting on the behalf of the identity owner need to prove that they are authorised. [More details](https://github.com/hyperledger/indy-sdk/blob/master/doc/dkms/Agent Authorization Policy.pdf)  
+   Agents while acting on the behalf of the identity owner need to prove that they are authorised. [More details](https://github.com/hyperledger/indy-sdk/blob/master/doc/design/005-dkms/Agent%20Authorization%20Policy.pdf)  
 

doc/design/005-dkms/agent-2-agent-proposal.puml

@@ -0,0 +1,85 @@
+@startuml
+
+participant "Client Agent" as Client
+participant "Server Agent" as Server
+
+== Transport Layer ==
+
+Client -> Server: Transport layer CurveCP HELLO
+note left
+    Conversation starts with establishing standard CurveCP connection.
+
+    Important point is that client must (?) be able to authenticate
+    endpoint (only endpoint, not server identity) on transport level. Without this
+    it is quite easy to perform man in the middle attacks. In case of
+    CurveCP transport key will be part of endpoint. It causes agency-level transport
+    key related correlation, but CurveCP-PW and DID-TLS proposals have the same
+    issue if we want to indicate server DID securely. Anyway any IP/DNS based
+    solutions have exactly same issue.
+
+    We can adopt this workflow to use TLS protocol too. Endpoint authentication
+    can be be performed in different ways:
+    - Option 1 is just use standard CAA signed cert on the endpoint.
+    - Option 2 is use self signed cert, store server cert in the Ledger,
+      and add this cert to client trust chain, but this option have a lot
+      of potential vulnerabilities.
+
+    It can be possible to adopt some TOR like protocol too.
+end note
+Server <-> Client: Complete transport layer CurveCP Handshake
+note left
+    At this point secure transport connection is established.
+    We can assume that communication is secure, provides integrity, and endpoint is authenticated.
+    So Client can send Server DID he wants to communicate without fear of eavesdropping.
+end note
+
+== DID Protocol Layer ==
+
+Client -> Server: AGENT_CLIENT_HELLO message
+note left
+    Note this sequence diagram describes DID Protocol over sockets layer, but it can be adopted
+    to HTTP layer too if we use TLS as transport layer.
+
+    Client sends AGENT_HELLO message. It contains the following fields:
+    - Random nonce (CLIENT_NONCE)
+    - Server DID he wants to communicate (SERVER_DID)
+    - Security levels that client accepts (SECURITY_LEVELS). It is bit mask with the following
+      values for now:
+      - TRANSPORT. Application messages will be secured only on transport layer.
+      - APPLICATION. Application messages will be also encrypted by DIDs ed25519 keys.
+end note
+
+Server -> Server: Server checks that he owns SERVER_DID
+Server -> Server: Server checks that he can accept SECURITY_LEVELS
+Server -> Client: AGENT_SERVER_HELLO message
+note left
+    Server sends AGENT_SERVER_HELLO message. It contains the following fields:
+    - CLIENT_NONCE signed by SERVER_DID (CLIENT_NONCE_SIGNATURE)
+    - Random nonce (SERVER_NONCE)
+    - Accepted security level (SECURITY_LEVEL). One of value from SECURITY_LEVELS bitmask.
+end note
+
+Client -> Client: Client verifies CLIENT_NONCE_SIGNATURE and authenticates Server
+Client -> Server: AGENT_CLIENT_ACCEPTED message
+note left
+    Client sends AGENT_CLIENT_ACCEPTED message. It contains the following fields:
+    - Client DID (CLIENT_DID)
+    - SERVER_NONCE signed by CLIENT_DID (SERVER_NONCE_SIGNATURE)
+end note
+
+Server -> Server: Server verifies SERVER_NONCE_SIGNATURE and authenticates Client
+Server -> Client: AGENT_SERVER_ACCEPTED message
+note left
+    Server sends AGENT_SERVER_ACCEPTED message without payload.
+
+    At this point Client and Server authenticated each other and performed Nonce Exchange.
+    They are ready to exchange application-specific messages. This messages can be optionally
+    encrypted by DIDs ed25519 keys.
+end note
+
+== Application Layer ==
+
+Client -> Server: Application layer message 1 (optionally encrypted by Server DID ed25519 key and CLIENT_NONCE)
+Server -> Client: Application layer message 1 ack (optionally encrypted by Client DID ed25519 key and SERVER_NONCE)
+
+@enduml

doc/design/005-dkms/before-and-after.png

@@ -0,0 +1,142 @@
+@startuml
+
+start
+
+title Indy SDK CI/CD Pipeline structure
+scale 0.8
+
+partition Testing {
+    fork
+        partition "Ubuntu Testing" {
+            :Start test pool;
+            if (BRANCH_NAME in ["master", "rc"]) then (yes)
+              :<b>Libindy\nRelease build;
+            else (no)
+              :<b>Libindy\nDebug build;
+            endif
+            :<b>Libindy
+            Testing;
+            :<b>Python Wrapper
+            Testing;
+            :<b>Java Wrapper
+            Testing;
+        }
+    fork again
+        partition "RHEL Testing" {
+            :Start test pool;
+            if (BRANCH_NAME in ["master", "rc"]) then (yes)
+                :<b>Libindy\nRelease build;
+            else (no)
+                :<b>Libindy\nDebug build;
+            endif
+            :<b>Libindy
+            Testing;
+            :<b>Python Wrapper
+            Testing;
+            :<b>Java Wrapper
+            Testing;
+        }
+    fork again
+        partition "Windows Testing" {
+            :Start test pool;
+            if (BRANCH_NAME in ["master", "rc"]) then (yes)
+                :<b>Libindy\nRelease build;
+            else (no)
+                :<b>Libindy\nDebug build;
+            endif
+            :<b>Libindy
+            Testing;
+            :<b>Python Wrapper
+            Testing;
+            :<b>Java Wrapper
+            Testing;
+            #red:<b>.Net Wrapper
+            Testing;
+            note right: Not implemented yet\nSee IS-257
+        }
+    fork again
+        partition "MacOS Testing" {
+            #red::Skip;
+            note right: Not implemented yet\nSee IS-192
+        }
+    fork again
+        partition "iOS Testing" {
+            #red::Skip;
+            note right: Not implemented yet\nSee IS-189
+        }
+    end fork
+}
+
+partition Publishing {
+    if (BRANCH_NAME in ["master", "rc"]) then (yes)
+        fork
+            partition "Ubuntu Publishing" {
+                :<b>Libindy
+                Build and publish Master/RC debs;
+                :<b>Python Wrapper
+                Publish RC to PyPi;
+                :<b>Java Wrapper
+                Build and publish Master/RC to Maven Central;
+            }
+        fork again
+            partition "RHEL Publishing" {
+                :<b>Libindy
+                Build and publish Master/RC rpms;
+            }
+        fork again
+            partition "Windows Publishing" {
+                :<b>Libindy
+                Build and publish Master/RC dlls archive;
+                #red:<b>.Net Wrapper
+                Master/RC Publishing;
+                note right: Not implemented yet\nSee IS-306
+            }
+        fork again
+            partition "MacOS Publishing" {
+                #red::Skip;
+                note right: Not implemented yet\nSee IS-6
+            }
+        fork again
+            partition "iOS Publishing" {
+                #red::Skip;
+                note right: Not implemented yet\nSee IS-100
+            }
+        end fork
+    else (no)
+        :<b>Skip publishing;
+    endif
+}
+
+partition "Acceptance Testing" {
+    if (BRANCH_NAME == "rc") then (yes)
+        :Notify QA about new artifacts to test;
+        :Acceptance testing by QA;
+    else (no)
+        :<b>Skip Acceptance Testing;
+    endif
+}
+
+partition "Releasing" {
+    if (BRANCH_NAME == "rc" && Acceptance tests passed) then (yes)
+        :<b>Libindy
+        Move RC debs to Stable repo;
+        :<b>Libindy
+        Move RC rmps to Stable repo;
+        :<b>Libindy
+        Move RC dlls archive to Stable repo;
+        :<b>Python Wrapper
+        Publish Stable to PyPi;
+        :<b>Java Wrapper
+        Build and publish Stable to Maven Central;
+    else (no)
+        :<b>Skip Releasing;
+    endif
+}
+
+partition Notification {
+    :Notify team about pipeline result;
+}
+
+stop
+
+@enduml