Versions Compared

Old Version 2

changes.mady.by.user Paul

Saved on

compared with

New Version 3

changes.mady.by.user Stephen Curran

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Summary

Excerpt
  • ATTRIBs – 0/1 or 0/N ATTRIBs?  How do we resolve this issue?
  • How to represent Indy Ledger Objects as DIDs?

Recording from the call: 

Hyperledger is committed to creating a safe and welcoming

community for all. For more information

please visit the Hyperledger Code of Conduct.

Welcome and Introductions

...

Attendees

Collaboration Channels

...

  • See HackMD Document for most of what we have discussed
  • To find networks we will require at least the first and perhaps the second of these approaches, while the rest are suggested:
    • Config files for one or more known networks
    • A mechanism for a ledger operator to register discovery information for other ledgers (aka "human gossip")
      • A DID/DIDDoc on a ledger will contain cross-registry information
      • A mechanism is needed for finding the DID(s) that contain the registrations – ideas have been put forward - a DID Name Directory (DND) is the likely approach.
      • Document about the DND and DNR records
    • Decentralized registries based on verifiable credentials
    • Other registry mechanisms, such as the DDNR proposal
    • The DID Method Spec will include a reference to a repo (likely) "indy-did-networks" within Hyperledger that will be a lightly managed, structured repository of folders per Indy network with at least the config file(s) for the networks. Use of the repo is voluntary, but provides a convenient way for networks to publish information about the network. Maintainers will be selected from the community and should exhibit a light hand in accepting PRs, being concerned mainly with structure of the data (not content) and that contributors are not being malicious about updating the information of other network operators. The Hyperledger governance structure may be used for disputes as appropriate. This is not a replacement for the Governance that a specific network should implement.
  • NYM + ATTIBSATTRIBs
    • A DIDDoc will be dynamically generated from the NYM and related ATTRIBs by the ledger and returned via a transaction 
    • The NYM is the controller (per the DID Spec) of the DIDDoc, and as such, MUST be in the "verificationMethod" and possibly the "controller" element of the DIDDoc
    • Nice to have in the future is that NYM control be extended to support multi-sig scenarios such as multiple public keys and perhaps "N of M" signatures for updates. If and when these features are added, the capabilities would be appropriate reflected in the generated DIDDoc.  The ATTRIB-based elements of the DIDDoc would not be used for that. 

...

Continuing from the last discussion on transforming NYM and ATTRIB data to get the DIDDoc

  • Primary question: Assuming the ledger generates the DIDDoc from the NYM and zero or more ATTRIBs (see HackMD document and assumption above), should there be just a single ATTRIB that has the entire document minus the data that comes from the NYM, or should there be a number of ATTRIBs that generate snippets of the DIDDoc, or both? From the discussion:
    • Snippets would be at the DID Core elements level or at the DID Registry elements level.  Examples of the latter is in the hackmd document.
  • NYM to DIDDoc:
    • KeyAgreement or not
    • Should the ATTRIB include additional keys?
    • Should the ATTRIB include anything related to the NYM items?
  • Representing other ledger objects as DIDs.And existing ledger objects.ATTRIB vs ATTRIBs
  • Already agreed on: ledger serves the DID doc
  • Agree on the NYM + 1 ATTRIB solution due to given motivation:
    • NYM shall comprise of all security-relevant data, ATTRIB is for user → therefore ATTRIB can contain all the diddoc information that is not relevant to the security of the DID, the ledger must not need care too much
    • Indy resources
    • DIDdoc content might change too often in the near future and changeing the Indy DID Method might be too much trouble
  • draft ideas:
    • in the first version: verkey is the only verificationMethod, therefore ATTRIB shall not use verificationMethod (for simplicity)
    • NYM generates context, id, verificationMethod
    • ATTRIB shall not have id or verificationMethod
    • contexts are merged with ATTRIB
    • everything else from ATTRIB should be merged
  • ability to update the DID should be taken from NYM only, not the DIDdoc
  • in the future we will need other signature schemes
    • NIST curves are not preferred
    • post-quantum security will get relevant therefore this needs to be done anyway
  • in the future our verificationMethod might define a "type" referenced in the DID registries and we would include a context, this might become necessary when more complicated rules get put into NYM

Future Discussions:

  • Request for Markus Sabadello to provide guidance on aligning the "NYM as controller" concept (above) with and the DID Core specifications concept of a controller.
  • ATTRIB transformations to generate a DIDDoc
  • DNR and DND discussions
  • Structure for Indy specific objects returned as DIDs
    • What is the DID?
    • What is the DIDDoc format?
    • Existing objects – backwards compatibility
      • DID vs. DID URL – how could that be done?

...