sakia issueshttps://git.duniter.org/clients/python/sakia/-/issues2018-09-05T11:56:52+02:00https://git.duniter.org/clients/python/sakia/-/issues/616Add a way to include identity proofs in the blockchain2018-09-05T11:56:52+02:00insoAdd a way to include identity proofs in the blockchainFollowing this post : https://forum.duniter.org/t/presentation-membre-tortue/1867/9?u=inso
This is a feature to consolidate the WoT with external proofs, like from centralized institutions like states.
I imagine the feature as the ...Following this post : https://forum.duniter.org/t/presentation-membre-tortue/1867/9?u=inso
This is a feature to consolidate the WoT with external proofs, like from centralized institutions like states.
I imagine the feature as the following :
- The user enters informations depending on his identity card in a dialog. For example, with a french id card, the dialog should be required to enter the following informations :
```
Type: IDCARD
Version: 1
State: France
Numero: [Number of the idcard]
Nom: [Name]
Prenom: [Nickname]
Naissance: [Date of Birth]
Ville: [City]
Expiration: [Expiration date]
```
Note : The fields would probably change depending on the state issuing the IDCard.
All the fields values should be uppercased with no special character. This text would then be hashed. A tx would be sent to himself, with the comment field fill with :
```
IDTYPROOF:IDCARD:XHX(Hash)
```
Then, when an identity requires certification in real life, the other one can ask him to check for his idcard. The software compares the hash of the card shown by the identity with the hash present in the blockchain.
- If the hashes are the same, then for sure he is the same who published the identity
- If the hash is different, there is a problem, and the identity should not be certified
The scenario is useful against sybil attacks. To try to get certifications on a second identity, the attacker needs another idcard. With the same idcard, the software will detect a hash colliding with his previous identity, and he would be discovered.
We should then provide multiple kind of documents to be able to provide multiple proofs when being certified by someone we do not know a lot. The documents required by a given community could change, but should be the same for everyone willing to join a given WoT.futurehttps://git.duniter.org/clients/python/sakia/-/issues/539Monitor dependencies to maintain maximum security2018-09-05T11:56:51+02:00insoMonitor dependencies to maintain maximum security*Created by: vtexier*
We can use this solution to monitor security risks in python dependencies :
https://requires.io
*Created by: vtexier*
We can use this solution to monitor security risks in python dependencies :
https://requires.io