Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: rename master secret to link secret #153

Merged
merged 2 commits into from
Mar 24, 2023

Conversation

berendsliedrecht
Copy link
Contributor

Signed-off-by: blu3beri [email protected]

@berendsliedrecht berendsliedrecht force-pushed the link-secret branch 2 times, most recently from 0d7cfa2 to fb91d13 Compare March 20, 2023 11:58
Comment on lines 14 to 17
#[serde(alias = "blinded_ms")]
pub blinded_ls: ursa::cl::BlindedCredentialSecrets,
#[serde(alias = "blinded_ms_correctness_proof")]
pub blinded_ls_correctness_proof: ursa::cl::BlindedCredentialSecretsCorrectnessProof,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This adds compatibility for both blinded_ms and blinded_ls if the spec changes this field.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This does however create the output of blinded_ls and not blinded_ms anymore.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Didn't think about the credential request. Not sure if we should change it now, as it's two more fields to update :/ and that we need to support both ways for backwards compatibility

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With alias we support both for incoming data models, but we always output with ls.

I mainly changed it because blinded_ms that refers to a link secret feels weird.

Do you think the implications outweigh the naming convention?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah I think so. There's a reason why it wasn't changed in code, but the name was changed to link secret. I just thought it was only an API thing, and forgot about the credential request. I think for the API we can still use link secret, but keep this as ms. Then we link to the spec, which explains master secret was used previously, but it's now link secret?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh that's a difficult one, I would really like it to be ls. Changing it later would be a breaking change and it feels like an oversight. If we could do it later without a breaking change, I am 100% to just leave it for now.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Anoncreds v1 is expected to keep compatibility with what has been done, so it's not likely to change this field. At least not in a breaking manner.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I reverted it back to ms as it will likely not change in the spec (sadly :( ).


#[derive(Serialize, Deserialize)]
pub struct LinkSecret {
pub value: MasterSecret,
Copy link
Contributor Author

@berendsliedrecht berendsliedrecht Mar 20, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The structure is still:

{
  "value": { "ms": "BIGNUMBER" }
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it needed to keep this structure? I didn't see it referenced in the spec and I think it would be a good opportunity to simplify it to avoid confusions (IMO it should be simply a plain string)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's internal so I don't think it matters. Changing this should be doable with serde remote, but will be done if it's required.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it does matter, because when dealing with the library we usually call load or toJson, which in this case is misleading because we don't have any reference regarding how the expected format should be. In mi opinion these methods do make sense for standardized fields (i.e. the ones whose structure is clearly stated in AnonCreds spec).

As a direct user of this library, I can think of treating it as an opaque string and don't care about it's internal structure. However, if I want to use a Link Secret generated by other means or if I want to use one generated here for another purpose I wouldn't expect it to be a JSON object with such particular structure.

It feels more natural and logic to me if this load that receives a string would simply receive the Link Secret value instead of a JSON structure. Likewise, the toJson that outputs a string might become toString.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it does matter, because when dealing with the library we usually call load or toJson, which in this case is misleading because we don't have any reference regarding how the expected format should be. In mi opinion these methods do make sense for standardized fields (i.e. the ones whose structure is clearly stated in AnonCreds spec).

As a direct user of this library, I can think of treating it as an opaque string and don't care about it's internal structure. However, if I want to use a Link Secret generated by other means or if I want to use one generated here for another purpose I wouldn't expect it to be a JSON object with such particular structure.

It feels more natural and logic to me if this load that receives a string would simply receive the Link Secret value instead of a JSON structure. Likewise, the toJson that outputs a string might become toString.

I agree with the structure feeling incorrect from a to/from json perspective. But fromJson taking a string as input feels very inconsistent with the API and every other implementation.

I think reworking the structure to this:

{
   "link_secret": "BIGNUMBER"
}

would be good. I think avoiding the link_secret in the JSON, by using a fromString method, would only cause confusing with regards to the rest of the API.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't we just pass the value as string and ditch the whole MasterSecret object?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could, but we would need some logic in the wrapper which I would like to avoid. I will try to make something that would work for that, but it will take some time.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To me that structure is certainly better (although I'd prefer to keep the value field naming) but still a problem if not documented and, as the rest of the JSON structures used in the library are stated at the spec, it is as inconsistent as my solution for loading from strings.

I still don't see why do we need to input and output a JSON if the Link Secret itself is not a JSON. In the spec is referred to it as a sufficiently random unique identifier, which gives me the idea that it is a string. I would say that is more like a nonce than other objects using in the library.

Actually I don't know why Nonce and MasterSecret were treated differently, since both structures are calling Ursa much in a similar way. If you look at data_types/nonce.rs you'll see that they are doing pretty much the same thing as I'm proposing here about using strings. Ok, I admit it: maybe that's for another PR or further discussion in #138 😄

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since the link secret is not an anoncreds object, I will deal with it like that. Which means basically treating it like a string.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Latest changes now include dealing with the link secret as a sting in decimal layout (like in the datamodels).

@berendsliedrecht berendsliedrecht force-pushed the link-secret branch 6 times, most recently from 0936b2c to cfae932 Compare March 22, 2023 09:31
@TimoGlastra
Copy link
Member

@blu3beri is this ready-ish to merge or is there any outstanding disucssions here?

@berendsliedrecht
Copy link
Contributor Author

@blu3beri is this ready-ish to merge or is there any outstanding disucssions here?

Code is good, but yarn is acting very weird in the javascript tests, not sure what is going on there.

Copy link
Member

@TimoGlastra TimoGlastra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See comment from ariel also

wrappers/python/anoncreds/__init__.py Show resolved Hide resolved
wrappers/python/demo/test.py Outdated Show resolved Hide resolved
@berendsliedrecht berendsliedrecht force-pushed the link-secret branch 2 times, most recently from bb21142 to 5a31014 Compare March 24, 2023 08:57
@berendsliedrecht berendsliedrecht merged commit 32009f6 into hyperledger:main Mar 24, 2023
@berendsliedrecht berendsliedrecht deleted the link-secret branch March 24, 2023 11:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants