Removal of OOB and DID Exchange information #73
Conversation
These items are not longer neededSigned-off-by: Sam Curren <[email protected]>
|
LGTM, will await others review before deciding to merge |
|
|
||
|
|
||
|
|
||
| #### OutOfBand Protocol | ||
|
|
||
| Invitations are usually the first message passed between parties. They are passed out of band, such as in a QR code or a link that can either open in an app or in a browser containing getting started instructions. |
There was a problem hiding this comment.
Are the concepts in OOB invitations being moved elsewhere in the spec?
There was a problem hiding this comment.
Sort of. The ability to pass a message as an attachment isn't needed under the proposed 0RTT model.
There was a problem hiding this comment.
The OutOfBand protocol provides a common mechanism to correlate a "not DIDComm activity" to a DIDComm message. This concept isn't about 0RTT vs DID Exchange but rather about defining a common mechanism for this capability.
There was a problem hiding this comment.
Scenario: Alice has received an “invitation” (not in a DIDComm message) from Bob which then triggers Alice to send a DIDComm message to Bob.
OutOfBand defines an invitation format, goal/goal code, versioning information, and enables correlation based on the invitation message ID to a subsequent DIDComm message thread.
There was a problem hiding this comment.
By (not in a DIDComm message) I think you mean "Not in a DIDComm Encrypted message", but still in one of the standard formats in the spec? (example: URL/QR code, or another yet to be defined format?)
Invitation format: See the QR code PR for defined format. #74
Versioning Information: Only pertained to the handshake protocols, which are not needed given the presence of the from and from_prior headers.
Correlation based on message ID: Correlate with the message ID of the message sent.
Goal/Goal Code: There isn't currently a replacement for this, or actually for the 'I want to exchange DIDs for no declared reason'. I believe the answer to this is deeper and related to the discussion about the ux of a user accepting an invitation. I'm going to open an issue to discuss this particular topic.
There was a problem hiding this comment.
I think we've lost a cheap and sensible way to create an OOB invitation with explicit didcomm parameters (eg. no public DID).... see my comments here: #33 (comment)
| @@ -2,254 +2,7 @@ | |||
|
|
|||
| A Connection is the practical application of a relationship in DID Communication. Having a connection means that each party in the relationship has a DID for the other parties, and parties can communicate securely using the keys and endpoints within each DID Document. | |||
|
|
|||
| In order to establish a new connection, we use the OutOfBand Protocol and the DID Exchange Protocol. | |||
| In order to establish a new connection, Simply exchange a new message between parties. Knowing the DID of the other parties does not indicate any level of trust. Using the connection to establish a foundation of trust is the next step. | |||
There was a problem hiding this comment.
In order to establish a new connection
At what point is the connection considered established by each party? Is it when the party receives a message back from the other party? (does the act of sending a message to a new DID constitute a pending connection until a message is returned?)
There was a problem hiding this comment.
This is a great question. I've been spending some time considering our mental models around connections. More on this to come.
There was a problem hiding this comment.
More thoughts on this, after discussion in both the Aries WG call and the DIDComm WG call today.
The historical context of 'established' is very binary: a connection is either 'established' or it isn't. I believe the right answer is closer to this: When you receive a message from the other party, you know their information about how to contact you is accurate. When they reply to something you sent, you know your information about how to contact them is accurate.
|
|
||
| ##### 1. Exchange Request | ||
|
|
||
| The exchange request message is used to communicate the DID document of the _invitee_ to the _inviter_ using the provisional service information present in the _invitation_ message. |
There was a problem hiding this comment.
I assume this particular purpose of the DID Exchange Protocol is obsoleted by usage of initial-state.
I am wondering about the nuance of peer DIDs and initial-state after the connection is considered established. Should initial-state continue to be sent after that point?
There was a problem hiding this comment.
I think yes, though I think initial-state might not be the right term for that.
There was a problem hiding this comment.
If the parties have an implicit connection establishment model (on top of the 0RTT any message model), then perhaps they could choose to stop sending initial-state once established. Without knowledge that the other party has persisted then, yes, I guess they would have to include with every message.
There was a problem hiding this comment.
Agree. How the further changes to a did:peer did are communicated to the various parties is something that the method will need to define. Perhaps deltas a communicated in a query param as well, and dropped upon confirmation of receipt.
| { | ||
| "@id": "5678876542345", | ||
| "@type": "https://didcomm.org/didexchange/2.0/request", | ||
| "~thread": { "pthid": "<id of invitation>" }, |
There was a problem hiding this comment.
The correlation to invitations is a useful concept. I am generally curious how the invitation concept is moving around. (also above comment: https://github.com/decentralized-identity/didcomm-messaging/pull/73/files#r450510409)
There was a problem hiding this comment.
answered in above comment. tldr; You can still correlate to the message ID that is passed.
There was a problem hiding this comment.
@TelegramSam can you point to the verbiage that describes the field used to indicate the thread's ID?
There was a problem hiding this comment.
It's not in the DIDComm JWM Profile
There was a problem hiding this comment.
Submitted PR #102 to add threading
|
I would first like to see the alternative in detail before actually removing this content. |
| @@ -2,254 +2,7 @@ | |||
|
|
|||
| A Connection is the practical application of a relationship in DID Communication. Having a connection means that each party in the relationship has a DID for the other parties, and parties can communicate securely using the keys and endpoints within each DID Document. | |||
|
|
|||
| In order to establish a new connection, we use the OutOfBand Protocol and the DID Exchange Protocol. | |||
| In order to establish a new connection, Simply exchange a new message between parties. Knowing the DID of the other parties does not indicate any level of trust. Using the connection to establish a foundation of trust is the next step. | |||
There was a problem hiding this comment.
I am also curious about scenarios where a sender wants an established connection prior to some action/message/protocol. In some cases, they may wish to confirm that the recipient is able to decrypt their messages; that the route is working; and that the recipient can respond with authenticated messages; (and authenticate the DID). For example, during issuance or (generally) authentication scenarios.
In essence, I am curious if there are any generic aspects of a more established connection that end up in the spec vs being left up to higher layer messages/protocols.
There was a problem hiding this comment.
I think that decision is up to us - which components are so core that they need to be in the spec, and which are better left to higher layers? I consider this to be very unresolved as yet.
|
|
||
| The _inviter_ will then craft an exchange response using the newly updated or provisioned information. | ||
|
|
||
| ###### Request Errors |
There was a problem hiding this comment.
I am curious about the difference in errors originating from OOB/DID Exchange vs the DIDComm v2 model?
There was a problem hiding this comment.
Can you pick an example to discuss?
There was a problem hiding this comment.
If I were to generalize the thought: How do we differentiate between a protocol-layer errors vs lower-layer concerns that were previously in these pre-step connection protocols. As an example, an unsupported DID method happened to be used (or unsupported key type or unsupported endpoint, etc).
Of course there is also possibilities such as unsupported protocols (or versions), but these would be cases that could happen regardless.
There was a problem hiding this comment.
I don't believe OOB has anything in the spec about any of the errors you mentioned. Those are certainly important to think about, but I don't think there is a difference there between OOB/DIDExchange and 0RTT.
|
@TelegramSam on the last didcomm wg call, people agreed to put OOB in its own section. People were also more in favour of naming |
|
Updated all those items in the other PR. |
| * The [`~thread`](../../concepts/0008-message-id-and-threading/README.md#thread-object) decorator MUST be included: | ||
| * It MUST include the ID of the parent thread (`pthid`) such that the `request` can be correlated to the corresponding `invitation`. More on correlation [below](#correlating-requests-to-invitations). | ||
| * It MAY include the `thid` property. In doing so, implementations MUST set its value to that of `@id` on the same request message. In other words, the values of `@id` and `~thread.thid` MUST be equal. | ||
| * The `label` attribute provides a suggested label for the DID being exchanged. This allows the user to tell multiple exchange requests apart. This is not a trusted attribute. |
There was a problem hiding this comment.
We're losing the label feature... what's the replacement?
There was a problem hiding this comment.
It seems that was missing from the OOB PR when it was approved. I think the best replacement of the label in an OOB invitation would be in the form of a PR to out_of_band.md.
There was a problem hiding this comment.
Discussed on today's call: we need to push in a PR to the OOB text to add the label
|
+1 to merge from me |
|
For those that want to validate a connection is established prior to another action, we will still need a protocol to do so. Related: #81 |
|
Regarding the usage of a ping protocol to enable an explicit RT at connection establishment. In addition to using an authenticated RT ping, the other aspect is to enable linking that ping to an OOB request (e.g., stating the parent thread). This enables the Party to (A) know to respond to the ping; and (B) tie together the authenticated messages to an initial OOB action. |
See #95 |
|
|
||
| * The `@type` attribute is a required string value that denotes that the received message is an exchange request. | ||
| * The [`~thread`](../../concepts/0008-message-id-and-threading/README.md#thread-object) decorator MUST be included: | ||
| * It MUST include the ID of the parent thread (`pthid`) such that the `request` can be correlated to the corresponding `invitation`. More on correlation [below](#correlating-requests-to-invitations). |
There was a problem hiding this comment.
parent thread will need to be defined elsewhere in the spec.
Given the move to zero round trip models, these items are not longer needed.
Signed-off-by: Sam Curren [email protected]