Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add indynamespace for ledger id for anoncreds #965

Merged

Conversation

morrieinmaas
Copy link
Contributor

Signed-off-by: Moriarty [email protected]

@codecov-commenter
Copy link

codecov-commenter commented Jul 26, 2022

Codecov Report

Merging #965 (0cc57ab) into 0.3.0-pre (5e9e0fc) will increase coverage by 0.01%.
The diff coverage is 95.91%.

@@              Coverage Diff              @@
##           0.3.0-pre     #965      +/-   ##
=============================================
+ Coverage      88.27%   88.28%   +0.01%     
=============================================
  Files            639      640       +1     
  Lines          15170    15202      +32     
  Branches        2566     2467      -99     
=============================================
+ Hits           13391    13421      +30     
- Misses          1681     1776      +95     
+ Partials          98        5      -93     
Impacted Files Coverage Δ
...ntials/formats/indy/IndyCredentialFormatService.ts 87.43% <ø> (ø)
packages/core/src/modules/ledger/IndyPool.ts 78.57% <0.00%> (-1.92%) ⬇️
packages/core/src/modules/ledger/ledgerUtil.ts 100.00% <ø> (ø)
packages/module-tenants/src/TenantsModule.ts 100.00% <ø> (ø)
...re/src/modules/dids/methods/sov/SovDidRegistrar.ts 100.00% <100.00%> (ø)
.../repository/AnonCredsCredentialDefinitionRecord.ts 100.00% <100.00%> (+18.18%) ⬆️
...c/modules/indy/repository/AnonCredsSchemaRecord.ts 100.00% <100.00%> (+18.18%) ⬆️
packages/core/src/modules/ledger/LedgerApi.ts 97.61% <100.00%> (+0.39%) ⬆️
...e/src/modules/ledger/services/IndyLedgerService.ts 70.53% <100.00%> (+0.28%) ⬆️
packages/core/src/utils/index.ts 100.00% <100.00%> (ø)
... and 43 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@morrieinmaas morrieinmaas marked this pull request as ready for review July 26, 2022 12:30
@morrieinmaas morrieinmaas requested a review from a team as a code owner July 26, 2022 12:30
@morrieinmaas
Copy link
Contributor Author

closes #944

Note to self: update docs when all review feedback is addressed.

Copy link
Contributor

@TimoGlastra TimoGlastra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great @morrieinmaas! I'm not sure on the direction of adding the unqualified identifiers and methods to the repositories and records. As descried in #944 the records would be stored with the qualified indy dids that would overwrite the unqualified indy dids:

add fully qualified identifier to the anon creds (schema|credential definition) records (replace the non qualified identifier before storing and after retrieving it). For indy we use the did:indy spec identifiers to store.

  • Note: Records stores fully qualified identifier as identifier.
  • Need to transform unqualified to qualified before storing or querying
  • Need to transform qualified to unqualified after retrieving

Was there a specific reason why you deviated from the described approach?

docs/getting-started/ledger.md Outdated Show resolved Hide resolved
docs/getting-started/ledger.md Outdated Show resolved Hide resolved
docs/getting-started/ledger.md Outdated Show resolved Hide resolved
packages/core/src/modules/ledger/IndyPool.ts Outdated Show resolved Hide resolved
packages/core/src/modules/ledger/IndyPool.ts Outdated Show resolved Hide resolved
@berendsliedrecht
Copy link
Contributor

This is great @morrieinmaas! I'm not sure on the direction of adding the unqualified identifiers and methods to the repositories and records. As descried in #944 the records would be stored with the qualified indy dids that would overwrite the unqualified indy dids:
Was there a specific reason why you deviated from the described approach?

I am partly to blame for this and I am certain that there is a better way to do it but here was my reasoning:

  1. We never store the unqualified identifier, we just add id as a tag to query by credentialDefinitionId or schemaId.
  2. When we have one of those identifiers we do not have the namespace and querying by qualified identifier is impossible then.
  3. Converting to only support qualified identifiers would simply swap the usafe of (find|get)byunqualifiedXXXto (find|get)byqualified in the repository and instead of getting the unqualifiedIdentifier on the record you now get the qualifiedIdentifier on the record.

Swapping the identifier to qualified before storing and after retrieving I think comes with inherent issues. Every possible way of updating/adding/getting in the repository has to be checked and changed and will cause "weird" code.

I am 10000% open for better implementations. This to me however looked like the quickest way to later convert to qualifiedIdentifiers but I would not be suprised if I overcomplicated things here. :)

@TimoGlastra
Copy link
Contributor

Also after thinking about it a bit more this doesn't seem to follow the indy did method specification for schema / credentials definitions ids:
https://hyperledger.github.io/indy-did-method/#did-urls-for-indy-object-identifiers

@TimoGlastra
Copy link
Contributor

@blu3beri I'm not on the same page with you on this one. The goal of the AnonCreds records is to make them generic already, so we can get away from the endless unqualified legacy indy dids issues. By replacing the id before storing on the object itself, we make the id already follow the did:indy specification. The nice thing is, once we add support for did:indy it will just work and we won't have to transform the records anymore because we're already following the spec. So I would argue strongly against any tags or properties that have to do with unqualified dids.

If we have the unqualified schema/cred def id and the namespace we can transform that into the did:indy qualified shcema/cred def id and find it by the qualified id. if we have the qualified id we can reduce it to an unqualified id.

As an example the steps of creating / retrieving a schema:

  1. Construct qualified indy did schema id from the input parameters:
  • name: myschema, version: 1.0.0, did: 1234. pool: { id: 'test', indyNamespace: 'test' }
  • qualified indy did: did:indy:test:1234/anoncreds/v0/SCHEMA/myschema/1.0.0
  1. Query for existing anon creds schema record where id tag is did:indy:test:1234/anoncreds/v0/SCHEMA/myschema/1.0.0
  2. a record exists:
  • Transorm qualified indy did schema id into uqualified schema id 1234:2:myschema:1.0.0
  • Replace id property on record schema with unqualified shcema id
  • return record
    3b Record does not exist
    • Create schema using indy sdk
    • Create record, replace id with qualified indy did schema from step 1 before returning
    • Store record with qualified did
    • Return schema with unqualified did

Maybe I'm not fully understanding what you're saying, but I don't see the need for these properties?

@berendsliedrecht
Copy link
Contributor

@blu3beri I'm not on the same page with you on this one. The goal of the AnonCreds records is to make them generic already, so we can get away from the endless unqualified legacy indy dids issues. By replacing the id before storing on the object itself, we make the id already follow the did:indy specification. The nice thing is, once we add support for did:indy it will just work and we won't have to transform the records anymore because we're already following the spec. So I would argue strongly against any tags or properties that have to do with unqualified dids.

Yeah I agree with you. I could not really find a way to retrieve a anoncredsrecord ONLY via the qualified identifier when we do not know the namespace (if this is even required). If, in every context, we are aware of the namespace, 100% remove every reference to unqualified identifiers.

If we have the unqualified schema/cred def id and the namespace we can transform that into the did:indy qualified shcema/cred def id and find it by the qualified id. if we have the qualified id we can reduce it to an unqualified id.

As an example the steps of creating / retrieving a schema:

  1. Construct qualified indy did schema id from the input parameters:

Where do we get these input parameters from?

Maybe I'm not fully understanding what you're saying, but I don't see the need for these properties?

Yeah I don't think it was the best explanation, and I probably don't understand the exact situation we are in. Where we use unqualified or qualified and what we get back from the ledger.

@TimoGlastra
Copy link
Contributor

Where do we get these input parameters from?

From the api, except for the pool, currently that is always the first one. Later on we can allow to specify the qualified did you'd like to use to register it and we can extract it from the qualified did

@berendsliedrecht
Copy link
Contributor

From the api, except for the pool, currently that is always the first one. Later on we can allow to specify the qualified did you'd like to use to register it and we can extract it from the qualified did

Ahh okay now I think I fully understand it. I assume with first one you mean ledger in your configuration?

@morrieinmaas
Copy link
Contributor Author

wow. thx for all the feedback guys🙏🚀. Really nice to have hit some hot topic that triggered a good discussion. I'll have a proper read through and will reply more in depth tomorrow

@morrieinmaas
Copy link
Contributor Author

@blu3beri I'm not on the same page with you on this one. The goal of the AnonCreds records is to make them generic already, so we can get away from the endless unqualified legacy indy dids issues. By replacing the id before storing on the object itself, we make the id already follow the did:indy specification. The nice thing is, once we add support for did:indy it will just work and we won't have to transform the records anymore because we're already following the spec. So I would argue strongly against any tags or properties that have to do with unqualified dids.

If we have the unqualified schema/cred def id and the namespace we can transform that into the did:indy qualified shcema/cred def id and find it by the qualified id. if we have the qualified id we can reduce it to an unqualified id.

As an example the steps of creating / retrieving a schema:

1. Construct qualified indy did schema id from the input parameters:


* name: myschema, version: 1.0.0, did: 1234. pool: { id: 'test', indyNamespace: 'test' }

* qualified indy did: `did:indy:test:1234/anoncreds/v0/SCHEMA/myschema/1.0.0`


2. Query for existing anon creds schema record where id tag is `did:indy:test:1234/anoncreds/v0/SCHEMA/myschema/1.0.0`

3. a record exists:


* Transorm qualified indy did schema id into uqualified schema id `1234:2:myschema:1.0.0`

* Replace id property on record schema with unqualified shcema id

* return record
  3b Record does not exist
  
  * Create schema using indy sdk
  * Create record, replace id with qualified indy did schema from step 1 before returning
  * Store record with qualified did
  * Return schema with unqualified did

Maybe I'm not fully understanding what you're saying, but I don't see the need for these properties?

Ahh thx for the exmaple @TimoGlastra - I was missing some info there which is also why you correctly were puzzled about this part. I was following this instead but I get it now

@morrieinmaas
Copy link
Contributor Author

Thanks for the feedback @TimoGlastra

@morrieinmaas morrieinmaas force-pushed the feat/indyNameSpace branch 2 times, most recently from d92fdd4 to 78e6123 Compare August 10, 2022 06:36
@TimoGlastra TimoGlastra mentioned this pull request Aug 11, 2022
@TimoGlastra TimoGlastra force-pushed the 0.3.0-pre branch 3 times, most recently from f2e61d8 to f38ac05 Compare August 26, 2022 19:09
Moriarty added 8 commits August 29, 2022 16:52
adds refactor and addresses discussion/code review feedback

Signed-off-by: Moriarty <[email protected]>
refactor and fix a few debugged issues

Signed-off-by: Moriarty <[email protected]>
Signed-off-by: Moriarty <[email protected]>
Signed-off-by: Moriarty <[email protected]>
@TimoGlastra
Copy link
Contributor

Ah damnit, the Github UI signoff feature is broken. S

packages/core/src/utils/indyIdentifiers.ts Outdated Show resolved Hide resolved
packages/core/src/utils/indyIdentifiers.ts Outdated Show resolved Hide resolved
packages/core/src/utils/indyIdentifiers.ts Outdated Show resolved Hide resolved
packages/core/src/utils/indyIdentifiers.ts Outdated Show resolved Hide resolved
@berendsliedrecht
Copy link
Contributor

Not sure why it resubmitted my previous comments...

@morrieinmaas
Copy link
Contributor Author

Thanks for the feedback @TimoGlastra 🙏 (and sorry for this being less straight-forward than could be 😅)

Moriarty added 2 commits August 31, 2022 13:41
…ries-framework-javascript into feat/indyNameSpace

Signed-off-by: Moriarty <[email protected]>
packages/core/src/modules/ledger/LedgerApi.ts Outdated Show resolved Hide resolved
packages/core/src/modules/ledger/LedgerApi.ts Outdated Show resolved Hide resolved
packages/core/src/utils/indyIdentifiers.ts Outdated Show resolved Hide resolved
packages/core/src/utils/indyIdentifiers.ts Outdated Show resolved Hide resolved
Comment on lines 90 to 92
} else if ('schemaSeqNo' in credDef) {
seqNo = credDef.schemaSeqNo
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where does schemaSeqNo come from? I don't think this is still used?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is used to create the anonCreds trunk ${did}/anoncreds/v0/CLAIM_DEF/${seqNo}/${credDef.tag} so that's needed I reckon. Maybe I'm missing sth here though?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think the schemaSeqNo is defined anywhere? It's added to the signature of this method, but I think we shouldn't add custom properties to existing objects.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm ok fair enough. was thinking to do it this way to safe a call to getSchema but rather just have it at hand directly. Maybe you have another/better idea?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where do we get the scheqSeqNo from?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe it can be a separate property that we pass separately to this method and store separately?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we get it from CredentialDefinitionTemplate.schema.seqno which is the type in ledgerApi registerCredentialDefinition

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe it can be a separate property that we pass separately to this method and store separately?

yeah that might be possible. Unsure right now where to store that then tho -I'll have a think

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@TimoGlastra this is the one bit I'm actually unsure how to do better. Happy to implement suggestions.

Otherwise all feedback addressed

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@TimoGlastra if you have some time maybe we can work this out (together) and get this merged

Moriarty and others added 2 commits September 22, 2022 18:59
@TimoGlastra
Copy link
Contributor

@morrieinmaas added a PR to resolve my comment. It seems DCO is failing. Could you squash all commits into one so we can merge?

@berendsliedrecht
Copy link
Contributor

@morrieinmaas added a PR to resolve my comment. It seems DCO is failing. Could you squash all commits into one so we can merge?

We can use the "set dco to pass" and squash when we merge. No need to squash before hand.

@TimoGlastra
Copy link
Contributor

Yes that makes sense @blu3beri :-)

@morrieinmaas
Copy link
Contributor Author

ALright, thx. Anything else that needs doing then?

@TimoGlastra TimoGlastra merged commit df3777e into openwallet-foundation:0.3.0-pre Oct 7, 2022
genaris pushed a commit to 2060-io/aries-framework-javascript that referenced this pull request Oct 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
5 participants