Feature. Create Public DID from aca-py #150
Comments
|
I need this now and am happy to contribute it. I propose adding the following abstract method to @abstractmethod
async def register_nym(self, did: str, verkey: str, role: str = None):
"""
Register a nym on the ledger.
Args:
did: DID to register on the ledger.
verkey: The verification key of the keypair.
role: For permissioned ledgers, what role should the new DID have.
"""I would expose it as an endpoint in the On a slightly different topic, I also need to expose the ledger methods for As I said, I am going to do this anyway, but would prefer to contribute it meaningfully than just maintain a separate fork. Just looking for the okay that this proposal is good. |
|
Awesome! I'll ping @andrewwhitehead and @nrempel to take a look at this idea and provide feedback. Love getting contributions from a broader community. FYI @jljordan42 |
|
On second thoughts, I think that |
|
What is the use case for |
|
At the moment, ACA won't start unless it can verify that it's DID is on the ledger. Thus, every agent needs to have someone register their DID/verkey for them independently before they can even start the agent. Generally, the only reason the ledger exists is to stake a point-in-time claim to a DID and register its endpoint. Use case: suppose that we want our users to have their own cloud agents and registered DIDs. And the process should be automated. We could run a separate web server endpoint that calls Indy-SDK directly to allow registration (via API key) of those agents to the ledger on startup to improve the UX for our customers. But then we are duplicating functionality that already exists in ACA. I think it is better to deploy a custom controller for the corporate endpoint that allows customers to register DIDs from their agents. That controller would (internally) call the ACA endpoint to register a NYM for the individual. Then, later, when the product is whitelabeled/resold, others can deploy their corporate controllers backed by the same ACA. The main reason is that it seemed wasteful for me to call Indy-SDK in separate python code and go to the trouble of setting up ledger pools, wallets, etc. from the corporate side. Another point is that ACA is eventually intended to be blockchain agnostic. It is possible that someone would deploy their own Indy/other ledger where there are many The use case for sign/verify functionality is with provenance chains. We could build that into ACA directly, but the exact format of the JSON object will be different depending on the use case. But, for example, we could require: {
"...": "...",
"did": "did:method:...",
"priors": [{"did": "did:sov:...", "signature": "..."},{"did": "did:other:...", "signature": "..."}],
"signature": "..."
}Then a single method could be exposed that verifies provenance for the entire packet. First, it checks the highest-level signature against the verkey for the There will likely be many other use cases for lower-level access to signatures and verifications. It is a trade-off as to whether they should be implemented in ACA or by the specific application that is using them. Since the private keys for signing things are stored in the wallet in ACA, there isn't really a good way to support custom signature-based stuff without exposing these methods. |
|
FYI - An ACA-Py agent does not have to have a DID on the ledger. In the Alice-Faber example, Alice does not have a public DID. |
|
In my development, when I don't register the DID on the ledger, I get an unhandled exception here: https://github.com/hyperledger/aries-cloudagent-python/blob/master/aries_cloudagent/config/ledger.py#L92 Which usually looks something like this: |
|
@andrewwhitehead - your comment about not exposing other methods vs. task-based functionality is confusing to me. If the agent interfaces with the ledger, but the controller is the one that knows what the applications requirements are, how else are we to control the agent to take actions other than to use the admin API. For example, to revoke a credential, there is not an exchange required between the issuer and holder - just the issuer acting unilaterally. In that case, I would expect the controller to use the admin interface to trigger the revocation calls. Am I missing something? And if that use case is OK, why not the controller telling the agent to create a DID (assuming it knows how--which I agree is tricky with authors and endorsers...). |
What startup parameters are you using? Perhaps the --seed parameter? We think that is the issue with the start up. |
|
Yes, I am using the seed parameter. Though, in thinking about it further, I think I was initially able to do lots of things without setting the seeded DID to be public. I was experimenting with the OpenAPI and two agents a while back. Then, I needed a public DID to do something, so I set it using the OpenAPI endpoint. I would recommend adding a check into the Sorry for this side-topic in this thread... On the main thread topic, I coded up the |
|
Hi @rosenbrockc where you able to solve that issue? aca-py start --wallet-name Steward --wallet-key Steward --wallet-type indy --genesis-file /<PATH_TO_GENESIS_FILE>/docker_pool_transactions_genesis --ledger-pool-name local_pool --inbound-transport http 127.0.0.1 8001 --admin 127.0.0.1 9001 --endpoint http://127.0.0.1:8001 --outbound-transport http --log-level DEBUG --admin-insecure-mode --seed 00000000000000000000000000000001 But then getting the same error :- aries_cloudagent.config.base.ConfigError: Ledger rejected transaction request: client request invalid: could not authenticate, verkey for 4cLztgZYocjqTdAZM93t27 cannot be found What am I doing wrong? |
|
You need to create the DID on the ledger before you run aca-py. |
Currently in order to create schema and crew_defs on an Indy ledger the demos for the aca-py suggest using the von-network browser web interface for creating the public DID. A useful feature would be to provide this capability in the OpenAPI interface for aca-py. This makes the aca-py agent more self contained.
The text was updated successfully, but these errors were encountered: