You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: _pages/garner.md
+15-3Lines changed: 15 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,15 +16,27 @@ sidebar:
16
16
17
17
## Overview
18
18
19
-
A Tor onion service that serves static files over HTTP.
19
+
A Tor endpoint for self-sovereign identity. It serves static files over HTTP to allow the retrieval of authenticated identity documents.
20
20
21
21
## Why is Garner Important?
22
22
23
-
[TBD: This page is currently a stub.]
23
+
Garner serves self-sovereign identity documents. It has four major advantages over use of `HTTPS` or even bare `tor`.
24
+
25
+
**Self-Sovereignty:** The ultimate goal of Garner is self-sovereignty. [XIDs](/xid/) allow users to have a truly self-sovereign identity that they can issue, hold, and redact as they see fit. Garner offers the next step, because it allows them to also serve their own identity documents.
26
+
27
+
**Accessibility:** All you need to do to run Garner to serve your identity documents is to generate a keypair and start up the server. This is a huge accessibility advance over HTML, which requires the setup of complex Apache config files and the acquisition of a certificate, all of which will be beyond the average user.
28
+
29
+
**Privacy:** Because Garner runs across the Tor network, everything is private. Your identity serving address is hidden (protecting any pseudonymous identities) and the requester's address is hidden. Perhaps most importantly, this makes the identity documents served through Garner censorship-resistance. As long as Tor is available, no attacker can prevent you from serving them or the requester from asking for them.
30
+
31
+
**Authentication:** Garner builts its Tor address from the private key you supply, which means that your running a Garner server (which other people connect to with the corresponding public key) implicitly verifies your control of that public key. This is very powerful authentication, because it's live: you controlled the private key when the server was started. Not only does this avoid the need for external dependencies like DNS or a Certificate Authority (CA), but it also steps around situations where a private key is actually stale (due to loss or rotation).
24
32
25
33
## How Does Garner Work?
26
34
27
-
[TBD: This page is currently a stub.]
35
+
A user runs the [garner CLI](https://github.com/BlockchainCommons/garner-rust) to create a keypair. They distribute the public key to people who they want to send identity documents to and keep the private key safe. They then use the private key to start up the Garner server, which generates a deterministic address based on the key. Users with the public key can then use their own version of server to access that server with the public key (or with the deterministic address once they know it). This allows them to download identity documents from the server that are implicitly authenticated and verified as belonging to the holder of the private key.
36
+
37
+
This allows the censorship-resistant self-sovereign distribution of identity documents. Its primary use case is serving [Gordian Envelope](https://developer.blockchaincommons.com/envelope/), including [XIDs](https://developer.blockchaincommons.com/xid/) and [Gordian Clubs](https://developer.blockchaincommons.com/clubs/). However, it can distribute any type of identity document including W3C DID documents and VC Controller documents.
38
+
39
+
Garner is purposefully very constrained. It is not a general-purpose web-server, but only a limited identity-document server. This is an intentional design philosophy to minimize its attack surface.
0 commit comments