Cordite Network Map
An open source Corda Network Map implementation
The Network Map design in Corda 3 has been a significant and very useful change. By defining a formal protocol, it has opened the possibility for compatibility zone operators to govern their zones in a manner suitable for their operations. If you’re interested to learn more, I highly recommend Mike Hearn’s excellent article:
We did this because we recognised that many teams, like ours, need an implementation they can use in their networks. The lack of one can sometimes be an impediment to the Corda adoption journey.
We’ve also added an innovation to help our journey towards greater decentralisation. More about this later.
The service is being used in the Cordite test networks and has been stable for a few months. The code quality, test coverage, and documentation is now suitable for open source distribution.
“cause nothing compares to U”
The Cordite Network Map Service (Cordite NMS for short) implements the Corda Doorman certification protocol used to acquire the identity of the node for the compatibility zone.
It also innovates with a new certification protocol that we call CertMan. This allows for a node operator to register the node’s identity using a pre-existing EV PKI certificate. DV and OV certificates can also be used, depending on the configuration of the service.
How CertMan works
CertMan assumes that most organisations have acquired their own certificates to enable secure communications for their digital services. Assuming this is the case for your organisation, CertMan will issue Corda nodes certificates (as a set of JKS files) in exchange for a proof of ownership against the organisation’s certificate. These certificates can be issued indirectly from a number of well-known root certificate authorities (CAs). There are options to choose the exact set of trusted root CAs, for example, whether to bypass the PKIX verification, to turn off strict EV certificates, and more.
Here’s a generalised sequence for using CertMan: