Bloxberg: Proof of concept for integration with CaosDB

Scope

This very first poc (proof of concept) will provide two actions to users:

1. Request a Bloxberg proof of existence for an entity and store it into CaosDB as a certificate record.
2. Take the certificate record and verify it. Not in the Bloxberg API yet.
   • Workaround: Generate JSON from certificate record which can then be used manually for verification.

The hash to be signed by Bloxberg is generated from:

• CaosDB server URL
• versioned ID of the entity
• a serialization (XML representation) of the entity
  • peppered to prevent fingerprinting attack

The generated certificate record will consist of:

• The information needed to generate the hash:
  • Server URL, versioned ID
  • Pepper
• A reference to the certified entity (already included above?)
• Necessary (and other useful) information to verify the certificate with bloxberg.org
• Metadata of the Bloxberg transaction, like time.

Out of scope

This poc does not deal with the following topics. If there is sufficient public interest, they should be implemented at a later stage.

• Certifying more than one entity.
  • A user-friendly way to select "connected" entities.
• Storing the serialization (for when the serialization might change in the future).
• Integration into the WebUI or the server.
• Extensive error handling.
• Make Bloxberg server configurable

Definition of Done

• It is possible to create and store a certificate record for an entity.
• It is possible to create a verifiable JSON from a certificate record.