 All right, thank you, thank you all for attending. And yeah, so here's a project. Yeah, we did on implementing client-side security for the climate special interest group fabric application. So my name is Bertrand Rue. I come from actually the research background at a think tank based in Saudi Arabia. And this is work was done for the blockchain carbon accounting, which is a hyperledger lab project. Yeah, so essentially what we were trying that chief in this project was being able to assign fabric transactions. So, you know, private blockchain network using private keys that are stored externally. So that's not on the say the peers, the peer servers that are within the fabric network. So really providing client-side security. The technologies we use, so obviously fabric, building on the utility emissions channel, I'm built in no jays and type typescript for the BCA project. We also were considering working with a technology called trust ID, which is basically fabric, hyperledger fabric chain code, but I'll talk about later why we abandoned that. We also integrated our final solution into hyperledger cactus. Now this wasn't a requirement. It could have been implemented separately, but hyperledger cactus is a useful integration tool for cross-block chain or DLT compatibility. So we actually had a PR and implemented our final solution, which was a fabric, a new identity provider for fabric to manage these external client, on client key signing. We developed to manage this new identity provider. We developed a WebSocket server, which is basically just a node.js for both typescript for handling WebSocket upgrades, the identity. Finally, we had a client wallet. Originally again, we were going to find a way to use MetaMask and this is where the trust ID came in or MetaMask would be connected to fabric through trust ID for managing different DIDs, like those that are held in one's wallet. I'll explain again later why that was abandoned. And we ended up just building a node.js server-side WebSocket client. And finally, we used Docker to containerize some of the assistant components for testing and deployment. So yeah, the project objectives, as Yase stated, were to enable external signing of fabric transactions. This figure on the right of the screen just basically runs their decision tree for why you would want to use this kind of technology or why or why not? Do you need to store cheese on or off your peer network? Can you manage a central solution? Actually, one of my peer mentees per time who presented two days ago developed a similar solution to this, but using Vault, which is a central server-based solution for managing keys and key signing. Or do you really want to take your keys offline, which was the solution we were trying to develop here? And finally, if you want additional security, perhaps using an HSM so that your keys that are held by the client can never be exposed. They're sort of contained within this hardware device. So that was our objectives. The second objective for the project was really, how do we implement these custom X509 certificates? So the keys are the certificate is stored without the keys for use in the network. And finally, integrating this into the Blockchain Carbon Accounting application. So yeah, the first deliverable that we set out for this project was really to integrate trust ID with the Fabric Utility Missing Channel to access like an external client wallet, like MetaMask. Now we drop this and I'll explain in a bit why that was the case, but let me just get on to the other deliverable. So what we moved on to was building this identity server slash provider for Fabric using WebSocket and was packages the cactus feature. The third deliverable was, I'm not doing integration, this WSX509 credential type or provider, identity provider credential type that we created into the project. And finally, getting this WS wallet, so this server-side Node.js wallet set up to handle the external key storage, so secure storage of the private, the client's keys and the signing interacting with these Fabric transactions and of course, documentations with the justification and this decision trees for why would you such a system that I showed earlier. So yeah, getting back to this sort of abandoning the first deliverable of using trust ID. So the first phase of the internship, so the first couple of weeks or month, quickly realized that this solution was not ideal fit for our actual objective. So the reason was trust ID did not directly solve the problem that we had, which was using Fabric with offline private keys. It actually just sort of how it was a workaround because you were actually still the trust ID chain code still required these on peer keys. You're just adding additional key layer, for example, with a wallet like MetaMask that was bridged using trust ID. The other thing is MetaMask itself, this was just a side point, uses a type of digital signature algorithm that's not recognized by Fabric because it's not NIST approved. That's the SECP256K1 algorithm. So I learned how to develop and implement a custom identity provider as a full-scale solution for this problem of taking the keys and putting the keys into the hands of the external client. Built a solution that, in my opinion, can improve security for permission blockchain like Fabric for these permissioned entities that are using it. And I personally developed a deeper appreciation for test-driven deployment and creating nice TS code, TypeScript code. I'm not a computer science background. I do a lot of programming, but this experience was really enriching. I learned a lot. So the output was, finally, was this WDS identity, so no digestive server that creates these new identity sessions for the external client, that is the WS wallet, which is the crypto key store. We also dockerized the servers so that could be integrated with the beast that could be set up to run with the blockchain carbon accounting app. And of course, there was a PR that we had approved to Cactus to set up this connector for Fabric with the WSX509 credential identity type. So just final recommendations for future work, possibly extending features of the WS wallet. The certificates themselves that are created when you're enrolled with Fabric are stored in either with Fabric or in a third party. For example, Vault, which is a secure cloud-based storage. One could actually just store the certificates with the external client's wallet itself. That's just an option. Adding additional security features like approval for multiple transaction requests when you open a new WebSocket session and potentially using other frameworks, HSM integration and potentially using other frameworks apart from a Node.js server for WS wallet. For example, implementing it as a browser extension, similar to how MetaMask is set up or with a desktop app or even a mobile app. My mentee's decision on this project has actually taken the tools we've built and implemented it into this OpenTap's implementation of the BCI project. So I can just show you quickly. This is showing someone enrolling as an admin and this screen here is basically showing the WS wallet I set up, which is asking the client, this is the external client to input a password to unlock the key they have stored so they can interact with this blockchain carbon accounting application expressed here in this OpenTap's implementation using the BCI API, the blockchain carbon accounting API. Yeah, something else, this is just a side point is you don't really have to use Cactus to set up a WSX519 provider. We just did that because it's a great package. It's really useful, but some projects don't use Cactus. So it'd be cool to have these identity provider type accessible for those types of projects. Finally, some major insight gain, and I think this is a great quote that sums up a lot of the insights that some of the different mentees have mentioned was don't spend too much time on the solution, think a lot about the problem. And this is relevant in a lot of domains, but what I've realized in the open source community can be incredibly important to think this way because there are so many solutions to a given problem and you want to avoid settling on one before the problem and outcome is well-defined. This wasn't necessarily a huge issue for this project. Yes, we did have the challenge of figuring out of trust ID and MetaMask were really suitable tools. Fortunately, some of the mentors, particularly Khamash Nagar, really helped point that out and point me in the right direction to look for a better solution. And also one of the mentees, my peer mentees, Pritam who presented two days ago was also really helpful in this project. So the number one skill I would take away from this experience for the future is really exhaust the challenges to a solution before you start implementation. So yeah, thank you to Sai Kamlesh, also Peter from Cactus who really helped give some detailed review of the WS identity system that I set up on that PR. And of course, Pritam, I don't think you're on the call, but A.K. Zakhar, thanks for your help. And last but not least, Linux Foundation for making this happen. Thank you. Thank you very much, Bertrand, for presenting on your work and your journey of, you know, deciding, you know, really, yeah, spending a lot of time thinking about the problems rather than the solutions. So that's really, really, really insightful feedback. Thank you. And I do see, Si, can you come off of mute? Do you have anything to add? Or I also see, yes. Hi. Yes, I can hear you. Okay, yeah, no, I think this was a really great solution that in the end Bertrand came up with. We tried a lot of different options. And I think at some point, maybe we should separate this out into its own hyperledger labs project, because I think a lot of the other people working with Fabric could use this for client-side authentication and signing. So. Great. Any other mentors we'd like to add? Yeah, I mean, so actually I want to, because in the Fabric, this client-side identity is very challenging and this is a really challenging project where Bertrand actually really put lots of effort and other mentee like Pritham Singh, really did a very well job. And kind of integrating the hyperledger cactus and then adding this web socket layer for the identity layer. I think this is really interesting. Vaz comes out of this mentorship project. Thank you.