Summary
- Update from the implementation team
- Open PRs and Issues
Recording from the call: <to be added>
|
Hyperledger is committed to creating a safe and welcoming community for all. For more information please visit the Hyperledger Code of Conduct. |
|---|
Welcome and Introductions
Announcements
Attendees
- Daniel Bluhm (Indicio PBC) <daniel@indicio.tech>
- Lynn Bendixsen(Indicio PBC) <lynn@indicio.tech>
- Char Howland (Indicio PBC) <char@indicio.tech>
- Christian Bormann(Robert Bosch GmbH) <ChristianCarl.Bormann@de.bosch.com>
Collaboration Channels
indy-did-method on Discord - https://discordapp.com/channels/905194001349627914/941708981825576960- Invitation: https://discord.gg/hyperledger
- indy-did-method repo using SpecUp
- Published specification: https://hyperledger.github.io/indy-did-method
Online Discussion (from Discord this week)
This Week's Discussion:
- Update from the implementation team
- Implementation Plan: https://hackmd.io/@dbluhm/did-indy-impl
- Ironing out validation details
- Early assessment of using config transactions for activating self-certification enforcement
- Findings to be distilled in a new section of Implementation Plan
- GitHub PRs for review
- Remove ATTRIB URL - merged
- Add version to document - merged
- Revocation Registry returned value clarification - merged
- (Draft) Resolvable JSON-LD DID Doc Examples - Moved to Sam Curren for further review and research.
- GitHub Issues for review
- Discussions:
- Question from Nathan George: are revocation registry entries and deltas returning the correct state proofs when resolved by URL?
- Since the process of resolving by URL includes mapping the URL back to traditional GET_REVOC_REG and GET_REVOC_REG_DELTA transactions, we're relatively confident that the proposed implementation is at least as correct as the original implementation.
- Daniel Bluhm and team to investigate more to make sure this is the case
- diddocContent Storage
- To be stored directly in ledger state as opposed to in a separate data store. Compare to claim def and schema transaction size.
- Somewhat arbitrary 10KiB size? To be configurable at some future date (along with other transaction size limits)?
- Decision: 10KiB seems good enough for now
- diddocContent Validation: @context validation requirements
- Is the context likely to change? What happens on new versions?
- Decision: relax the requirement in the spec; see the issue for more details.
- Indy object naming conventions permit whitespace and other characters that impact formatting as a URL
- Christian Bormann to open an issue describing the issue and propose clarifications in the spec
- Question from Nathan George: are revocation registry entries and deltas returning the correct state proofs when resolved by URL?
- Previous Meetings:
- Dealing with the Indy SDK while testing Indy Node and self certifying DIDs transition – from Daniel Bluhm
- For transaction creation, we can sidestep this problem without too much trouble. The general workflow is build transaction then prepare and send transaction. We simply insert into that workflow modifying the transaction before preparing and sending or just create a transaction object directly. The volume of transactions that we'd need to modify to test the new behavior is low enough that this is not burdensome. However, you could call this technical debt simply due to it being a special case that doesn't look the same as the other tests. I consider this an acceptable trade off in the short term. The changes to the ledger are also backwards compatible with the structures generated by the SDK meaning current deployments depending on the SDK will not be broken by updates to the ledger.
However, the new DID self-certification requirement is low key the biggest breaking change in compatibility with the SDK. All DIDs generated by the SDK and newly published on the ledger are considered invalid. This has implications for both the tests and current deployments. For one thing, all of the many tests (virtually all of them) dependent on the generation of a DID that can be written to the ledger break with the self-certification requirement.
- Ideas:
- Don't enforce self-certifying, possibly return self-certifying status (not, old version, new version), walking back the chain – but how would a proof of that be given?
- Alternative – return the sequence number of the self-certifying DID if in a chain
- Enforce as of a given time - config to enforce or not.
- Question - why enforce on the Node side? Those on the indy-sdk would have to update.
- The most we will do is optionally enforce this on Node. More likely we'll just not enforce it on indy-node.
- Don't enforce self-certifying, possibly return self-certifying status (not, old version, new version), walking back the chain – but how would a proof of that be given?
- Request: Investigate
- Ideas:
Anyone have thoughts on a migration plan? Do we make enforcement of self-certification configurable and allow each ledger to decide when to flip the switch? Is that something that should be configured through the config ledger or statically?
- Leftover from the last meeting (a long time ago...)
- DECISION NEEDED: Schema on NetworkB, Claim_Def on NetworkB; NetworkA goes away. Can a holder proof/verify from a credential?
- Decision: For now, Indy will only support Schema on the same ledger as Claim Defs, etc.
- DECISION NEEDED: Schema on NetworkB, Claim_Def on NetworkB; NetworkA goes away. Can a holder proof/verify from a credential?
- Dealing with the Indy SDK while testing Indy Node and self certifying DIDs transition – from Daniel Bluhm
- To Do:
- How far to take a DID Resolver in indy-vdr – decided: we want to add an indy did resolver API into indy-vdr
- Create an Indy HIPE that points to the spec.
- Define the backlog of tasks:
- indy-node
- indy-plenum
- indy-vdr
- universal resolver image