README
¶
Comparator
The Comparator serves as an adapter for the Confidential Storage Hub (CSH).
It abstracts the lower-level details required to operate the CSH as well as the HTTP signature and ZCAP-LD authentication and authorizations schemes used to protect resources in the CSH, and works in conjunction with the Vault Server.
How it works
See the OpenAPI spec.
Authorizations
When a user authorizes a third party to perform a comparison on a Vault Server document:
- An authorization for the CSH to read the document is requested from the Vault Server, resulting authorization tokens
- A "query" resource is configured at the CSH with the authorization tokens, resulting in an opaque handle
- A new authorization token is created allowing the third party to use that opaque handle
Comparisons
Users can request comparison between two or more Vault Server documents. The result is always either true or false.
Comparison Operators
The EqOp operator reports back whether the contents of two or more Vault Server documents are equal or not.
The precise semantics around "equality" are defined by the Confidential Storage Hub.
Example:
{
"type": "EqOp",
"args": [
{
"type": "DocQuery",
"vaultID": "did:example:123",
"docID": "batphone",
"docAttrPath": "$.nxx", // compares an attribute of the document
"authTokens": {
"edv": "Ou8DH43g65seMXMhEyW0",
"kms": "aGV4v8iPqxtGQzZNxV6l"
}
},
{
"type": "AuthorizedQuery",
"authToken": "3x44Z7ORNCz7nrRsjnhL"
}
]
}
Extractions
Users can request the plaintext extractions of one or more Vault Server documents using Query objects.
Note: only
AuthorizedQueryis suppported at the moment.
Example request:
{
"queries": [
{
"type": "AuthorizedQuery",
"authToken": "3x44Z7ORNCz7nrRsjnhL"
},
{
"type": "AuthorizedQuery",
"authToken": "inaVwUzgcfw5PjyIRmww"
}
]
}
Contributing
Thank you for your interest in contributing. Please see our community contribution guidelines for more information.
License
Apache License, Version 2.0 (Apache-2.0). See the LICENSE file.
Documentation
Source Files
Directories