Hi,
On behalf of the Apache Milagro (incubating) community, I'd like to
announce the release of Apache Milagro Decentralized Trust Authority
(D-TA) 0.1.0 Incubating (alpha release)
DESCRIPTION SUMMARY:
The Apache Milagro (Incubating) Decentralized Trust Authority (D-TA) is
a collaborative key management server. It has two primary functions:
-Issue shares of identity-based Type-3 pairing secrets for initializing
zero-knowledge proof multi-factor authentication (ZKP-MFA) networks of
clients and authentication servers.
-Safeguards shares of generic secrets, acting independently but in
conjunction with other D-TA nodes, for the benefit of other D-TA nodes.
In the use case where it issues shares, the D-TA holds nothing except
for its Master Secret and acts as a distributed private key generation
server. In the use case where it is safeguarding shares of secrets, it
is up to the application developer to implement back-end application
logic to hold those shares securely. Examples include using Hardware
Security Modules (HSMs) via an on-board PKCS#11 implementation to create
a realm of key encryption keys, or multi-party computation through BLS
signature aggregation.
RELEASE RATIONALE SUMMARY:
By default, the D-TA allows requests from a Principal's D-TA for an
secp256k1 public key from a Fiduciary D-TA and then to subsequently
allow the Principal to request its corresponding private key. Whilst
this may have utility on its own, the Milagro community's intention is
to extend the capability of the server over time to meet many key
generation, key storage and distribution use cases. This will be
achieved using the D-TA's plugin architecture, and to this end, the
initial release includes two plugins to demonstrate the D-TA's
extensibility.
Subsequent releases will enable the D-TA to issue Type-3
pairing/identity based secrets for "M-Pin" clients and servers ("M-Pin"
is a zero-knowledge authentication protocol in the milagro-crypto-c
library that also facilitates multi-factor authentication). In parallel
with this will be a rewritten release of the Milagro MFA Authentication
server (the original authentication server was conflated with the D-TA
function limiting its security efficacy).
The Milagro community is publishing this release now to elicit feedback
from a wider community that may have interest in an open source,
decentralized key generation, storage and distribution solution. Our
intention is to then to release a series of enhanced versions
culminating with a production-ready GA version.
Source distributions for both can be found here:
http://milagro.apache.org/docs/downloads/
For a full product description and release rationale, please see the
release notes here:
https://github.com/apache/incubator-milagro-dta/releases/tag/0.1.0
A detailed overview and usage guide can be found in the documentation:
http://milagro.apache.org/docs/d-ta-overview/
Please refer to the repo's README for build and test instructions. Note
that these instructions, the build scripts and dockerfile all describe
installation from the GitHub repositories and not from the official
signed release archive. This will be addressed in the next release.
Vote result thread:
https://lists.apache.org/thread.html/38c7845d4f56b2396505e8c697adee5d8d5745942381141aaa488eff@%3Cgeneral.incubator.apache.org%3E
Many thanks to all our contributors and mentors and to the IPMC for
their input and guidance.
John McCane-Whitney
Director of Product at Qredo Ltd
T: +44 7966 490687
Kemp House
152 – 160 City Road
London
EC1V 2NX
https://qredo.com
Apache Milagro (incubating) is an effort undergoing incubation at The
Apache Software Foundation (ASF), sponsored by the Apache Incubator.
Incubation is required of all newly accepted projects until a further
review indicates that the infrastructure, communications, and decision
making process have stabilized in a manner consistent with other
successful ASF projects. While incubation status is not necessarily a
reflection of the completeness or stability of the code, it does
indicate that the project has yet to be fully endorsed by the ASF.
