This repository contains a C++ API for use with the State Space reference implementation of the IAB PrivacyChain Technology Specification. The implementation herein is optimized to perform with Hyperledger Fabric v1.4. That is the core dependency of the State Space reference implementation of the IAB PrivacyChain Technology Specification.
The main body of documentation for the State Space reference implementation of the IAB PrivacyChain Technology Specification can be found with the packaging. The overview and administrative declarations herein are necessarily summary in nature. The declarations and definitions in the packaging area are complete and should be interpreted as superceding these when the two are in conflict.
This repo supports the State Space reference implementation of the IAB PrivacyChain Technology Specification.
A summary overview is as follows:
- IAB PrivacyChain, contains
- Specification Documents
- Runbooks, Operation Documents
- Project Governance Documents
- Reference Design
- State Space reference implementation of the IAB PrivacyChain Technology Specification
- Packaging, the packaging, the top-level repository.
- Apanolio, a "Northside" API Service, as a macroservice, in Apache HTTPd.
- Montara, a "Northside" API Service, as a microservice.
- Tooling, some operability tooling.
- Testing, some testing and performance assessments.
- PrivacyChain C++, part of the "Southside" service components.
- Hyperledger Fabric C++, part of the "Southside" service components.
- Hyperledger Fabric, the upstream.
- Background
- Dependencies
- Installation
- Configuration
- Build
- Usage
- Security
- Contribute
- Maintainers
- License
The IAB PrivacyChain provides an API service and a distributed, blockchain platform, based on a shared, immutable, distributed ledger (a database). This ledger (database) ensures that participants in a PrivacyChain have a single, consistent, up-to-date view to a consumers consent choices. The system consists of two components, the "Northside" or "Northbound" service interface and the "Southside" or "Southbound" service interface. This repository provides portions of the "Southbound" interface towards the Hyperledger Fabric database.
The "Northside" Services or "Northbound" API offers a REST API to create, update and revoke consent records pertaining to a data subject. The current generation of API is specified in PC-11 REST API.
Examples of components implementing this interface are Apanolio and Montara.
The "Southside Services" or "Southbound Interface" offers database access to a number of database technology. The expected and preferred database technology, of course, is the distributed shared ledger database of the Hyperledger Fabric.
This repo provides a client library (a.k.a. a "software development kit") which implements the soutbound interface into Hyperledger Fabric. It requires the Hyperledger Fabric C++ SDK. The components in this repository provide domain-specific interfaces to the underlying database. These features include schema versioning and evolution as well as the ability to process different consent representations. The current consent representation is the IAB Transparency and Consent Framework as encoded for Version 1.1.
The configuration step will check for many but not all required packages and operating system features. There is a list of known package-dependencies which you will need to install beyond your base operating system.
Generally, the dependencies are among:
- The Hyperledger Fabric database and its Public Key Infrastructure (PKI) services.
- Various components of the Tunitas system; e.g. the Basic Components.
- A modern (C++2a) development environment.
- A recent Fedora, but any recent Linux distro should suffice.
The State Space project was developed on Fedora 27 through Fedora 30 using GCC 7 and GCC 8 with -fconcepts and at least -std=c++1z. More details on the development environment and the build system can be found in temerarious-flagship.
You may install this repo and its dependents by running the following command:
git clone https://github.com/yahoo/PrivacyChain-sdk-c++.gitThis will create a directory called PrivacyChain-sdk-c++ and download the contents of this repo to it.
You may find that your organization or your operating system does not allow punctuation in repository names. The available resource may therefore be named PrivacyChain-sdk-cxx. Use your good judgement.
The expected application for the PrivacyChain-sdk-c++ repo is as a submodule of a larger build of the State Space reference implementation of IAB PrivacyChain Techology Specification. The configuration, build, and installation intructions herein pertain only to maintenance operations on this repository. The configuration steps for the full project are with the State Space packaging.
The customary installation location for the State Space components supporting IAB PrivacyChain is /opt/iab/privacychain but you may configure the build to use some other location.
The build system is based upon GNU Autotools.
The configuration of the repo consists of two steps which must be done once.
./buildconf./configure
The first step performs some crude assessments of the build environment and creates the site-specific configure'. Of course configure --helpwill explain the build options. The general options toconfigure` are widely documented.
The buildconf component is boilerplate and can be updated from temerarious-flagship as needed. The Tunitas Build System should be available in /opt/tunitas and the template at /opt/tunitas/share/temerarious-flagship/bc/template.autotools-buildconf
The simplest configure-compile-install recipe is:
./buildconf &&
./configure &&
make all &&
make check &&
make install &&
echo OK DONEThis package produces libraries (a.k.a. a software development kit). It must be used with other components to make a complete system.
The packaging contains more detail on how to build the whole system as well as instructions for packaging and deployment of such a system not bare metal or in containers.
This project does not have any specific security concerns. As always, the integrity of the build process is a requirement for the integrity in the deployment and operations phases.
The documentation on the Security Model of Hyperledger Fabric should be consulted prior to deployment. Additional background information on the Certificate Authority system of Hyperledger Fabric (v1.4) can be found in the general documentation.
As always, before you deploy code into a production-facing environment you should review access and capability grants which have been established for your installation.
Please refer to contribution instructions for information about how to get involved. We welcome issues, questions, and pull requests. Pull Requests are welcome.
Current work with modern-generation tooling, e.g. circa Fedora 36+ and GCC 12+, is occurring around the v0.2-themed feature branches.
- Wendell Baker wbaker@yahooinc.com
- The State Space Team at Yahoo state-space@yahooinc.com
The IAB PrivacyChain Engineering Working Groupis no longer active.
You may contact us at least at state-space@yahooinc.com
This project is licensed under the terms of the Apache 2.0 open source license. Please refer to LICENSE for the full terms.