Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Roadmap: AnonCreds objects signed by a key controlled by the object publisher #102

Open
Reccetech opened this issue Nov 8, 2022 · 1 comment

Comments

@Reccetech
Copy link

In the current implementation of Anoncreds, supporting the Indy patterns, there is the need for a service like a ledger to help govern and enforce things like bindings between Issuers and their associated objects like schemas or creddefs through tools like DID URLs.

Looking forward at the roadmap I would advocate a model where objects contain a clear reference to their owner (i.e. an Issuer DID) that are then signed by a signature associated a public key associated with the owner (i.e. in their DID document). To me this would allow objects to be more self-contained & self-asserting and remove the need for centralizing services to manage and govern their creation and lifecycle.

In terms of implementation I have heard some comments that moving forward the definition of objects would increasingly be left to individual object methods. I would posit that having individual object methods specify objects like schemas & creddefs might make interop challenging - which to me has been one of the key strengths of the Indy/Aries community. As such I would suggest that any AnonCreds 2.0 work should continue to profile what these objects should look like for a non-Indy (perhaps BBS+?) world. Of course individual object methods can continue to specify their own CRUD operations around said objects. Perhaps this was always the plan :)

Feedback appreciated.

@rodolfomiranda
Copy link
Contributor

A nice approach proposed by cheqd is DID-Linked Resources Specification that is being defined at ToIP Utility Foundry Working Group. The metadata can include the signature of the publisher DID as an enforcement and a prove that the object belongs to the declared publisher.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants