-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Relation between the did id and the issuerId
in the anoncreds resources?
#2
Comments
I think it would be simpler to keep original object structure (including their issuerId) in the hosted resource. But I agree with you that it will be good for resolvers to do the matching between the DID resolved and the issuerId of the objects. @PatStLouis do you remember any reason why we left this particular point open other than simplicity? BTW @TimoGlastra opened some good points for discussion here, it would be nice if you can review them! |
My PoC implementation was directly derived from the spec. @TimoGlastra the schema issuer may be different than the cred def issuer. Multiple issuers could publish a cred def from a common schema published by an I think the verification between the did:web and the
I'm against resolvers injecting data as this can create interop issues. This is a problem with did:indy resolvers and did:key resolvers. If it was up to me I would get rid of the schema resource entirely and just include this information in the cred_def 🤷 |
Thanks for the input @PatStLouis. I agree that the cred def issuer and schema issuer don't have to be the same. The thing I'm concerned about is e.g a schema with the following content: {
"issuerId": "did:web:usa.gov",
"name": "Example schema",
"version": "0.0.1",
"attrNames": ["name", "age", "vmax"]
} while the schema id is: There should be a relation between the schema/cred-def and the did it is linked to. With did:cheqd and did:indy this is handled by the blockchain (cheqd with did-linked resources, while for indy anoncreds support is baked into the blockchain)
I see this more as a specification issue in that case. For did:cheqd we on purpose don't store the In the Credo implementation I now made a PR to always ensure the |
Maybe it would also be interesting to look at signing of the anoncreds objects with your did:web? That way the anoncreds object is undeniably linked and published by a did? |
I see what you mean, in this case yes there should be a check for this, the Signing these resources is also interesting. |
The anoncreds resources in the example contain an
issuerId
. Should there be some verification between thedid:web
and the value ofissuerId
?Or should maybe the
issuerId
be omitted from the hosted resource, and inject by the resolver? So there's no way to spoof theissuerId
of a resource?The text was updated successfully, but these errors were encountered: