improved document handling and signature storing #27
Conversation
|
can i ask some feedback on why is the "chaincode" layer implementing the whole "blockchainRef" object? this will become more confusing. as the idea of the "type" is for
Yes, additional Data such as "time" and stuffs can be further "recorded" if required. but the whole idea of the "type" is so that, for instance we implement an "API" to Read from network. the common-adapter knows how to route to the "correct" network. |
There was a problem hiding this comment.
Looks good to me.
@zkong-gsma I personally like the idea that all the adapters correctly implement the blockchainRef object instead of providing their own format which then needs to be modified by the common-adapter.
|
Let me copy the output example where you can see the BlockchainRef from GSMA-CPAS/BWRP-common-adapter#23 to here: The idea of returning the type from within the blockchain adapter and chaincode is that the requesting countepart e.g. the common adapter does not need know which kind of blockchain adapter it talks to (once there are more than one in the future). |
|
The idea that the “type” should be configured on the Common-adapter layer is that, it needs to know the “routing” to the correct network.
Especially for instance if we say. “GetSignature” API, which network are we going to “get it from”.
For instance, we want to run a parallel “2x” Hyperledger Node or channel. For whatever reason.
The “Common-adapter” will need to know which “adapter” to get the signature from.
From: Simon Schulz <notifications@github.com>
Sent: Tuesday, February 23, 2021 1:16 PM
To: GSMA-CPAS/BWRP-blockchain-adapter <BWRP-blockchain-adapter@noreply.github.com>
Cc: Zhen Kong <ZKong@gsma.com>; Mention <mention@noreply.github.com>
Subject: Re: [GSMA-CPAS/BWRP-blockchain-adapter] improved document handling and signature storing (#27)
“This email has been received from an external source – please review before actioning, clicking on links, or opening attachments”
Let me copy the output example where you can see the BlockchainRef from GSMA-CPAS/BWRP-common-adapter#23<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FGSMA-CPAS%2FBWRP-common-adapter%2Fissues%2F23&data=04%7C01%7Czkong%40gsma.com%7C499de90c488c4baf6ea808d8d7fd391b%7C72a4ff82fec3469daafbac8276216699%7C0%7C0%7C637496829875140556%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4lBDUtCWuSiKFIZ3%2F5rRwjjOBN4FnC8k1rEtkdYuip0%3D&reserved=0> to here:
{
"fromMSP": "ORG1",
"toMSP": "ORG2",
"payload": "ZGF0YTEyMzQ=",
"payloadHash": "4508767822a67b7a051a8fe50250897c38c044ab10d9070d740a05a21deb4499",
"blockchainRef": {
"type": "hlf",
"txID": "0xfe8948c4-ea59-4f21-b3c8-fddd18504e15",
"timestamp": "2021-02-22T16:21:10+01:00"
},
"referenceID": "698c452e861d42a1948aa8c1de33584e34f8b55064d797762c2b71b2eb420c82"
}
The idea of returning the type from within the blockchain adapter and chaincode is that the requesting countepart e.g. the common adapter does not need know which kind of blockchain adapter it talks to (once there are more than one in the future).
The common adapter can query any adapter it can connect to and will get a proper reply and can forward it.
The proposed implementation builds the full response on chaincode level so that the blockchain adapter does not need fiddle around with changing keys and create a new representation. This way it can simply forward the returned dataset.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FGSMA-CPAS%2FBWRP-blockchain-adapter%2Fpull%2F27%23issuecomment-784195147&data=04%7C01%7Czkong%40gsma.com%7C499de90c488c4baf6ea808d8d7fd391b%7C72a4ff82fec3469daafbac8276216699%7C0%7C0%7C637496829875140556%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=SloqcePZYz2cri%2B31CAU6a4%2FTEk7u4wNr5uhsk%2FcK3Y%3D&reserved=0>, or unsubscribe<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAEJMGRADZA266S2IXK47WBTTAOTCRANCNFSM4YAWLABA&data=04%7C01%7Czkong%40gsma.com%7C499de90c488c4baf6ea808d8d7fd391b%7C72a4ff82fec3469daafbac8276216699%7C0%7C0%7C637496829875150554%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=WQsKWWWHaojOtJMvIkmozZ8tcGqZ9TxPGeJmFlU2RPc%3D&reserved=0>.
.
|
|
Please provide a "branch" where We can start "common-adapter" integration please. |
The branch is already there: ssch-storeandsign |
My point is, If i develop and check/test against a "ssch-storeandsign"(a temporary branch) which will then be deleted later after you have perform a "PR", or at the same time a different "branch" in parallel is in the Pipe to merge into a "master"(final) branch. does that mean i have to again confirm/made changes if somehow it breaks functionality with the "master" branch? |
Sounds like you do not need a branch. You want something "stable". So you could pick the commit hash. E.g. |
|
BTW, kindly provide information that the "Webhook" subscription names has been updated from "STORE:DOCUMENTHASH" to "STORE:PAYLOADLINK" took me sometime to figure it out. |
|
It seems there is a BUG. If i subscribe using "STORE:DOCUMENTHASH" it says "error" If i subscribe using "STORE:PAYLOADLINK" it says another"error" |
|
Thanks. good find! I just updated this PR with a fix. You can use commit 29c85d6 for testing. |
|
Can i kindly ask the Reason of this change? it has broke everything on common-adapter. Original, and the new why are we adding an "additional" ":" to the "storageKey", this fundamentally changes all things. |
Can we have a feedback please. This is a big "change" that if we change it, we cannot go back. Currently it has bottle neck us from releasing. |
This change was part of the streamlining process. So far, there was no definition how concatenated strings could be represented. The idea was that having a delimiter permits to display the content of the string in a more transparent manner, i.e., it will be obvious where components of the string have been concatenated. The change was presented two or three weeks ago as part of the signature exchange process. It was also open for discussion on slack: https://blockchainwho-dxu1553.slack.com/archives/C013UJLJKQA/p1612969039018200?thread_ts=1612969018.017900&cid=C013UJLJKQA After merging the streamlined process into the wiki, it became part of the implementation. You can find the description here: https://github.com/GSMA-CPAS/BWRP/wiki/Document-Signature-Process |
I was wondering why the change in the storage key broke stuff in the common adapter as this should all be abstracted by the blockchain adapter. Is it just the test cases?
First of all, this was not implemented at first.
But that's how a PR works. You propose a change by using code. Usually this happens only based on a code proposal as this is the easiest way to review the changes in detail. For this PR we additionally presented the idea and inner workings beforehand by using diagrams and pseudocode on the meeting on 9th of February and in the wiki. When you submit a PR to a bigger opensource project it is quite common that your PR is not accepted. Sometimes you have to do changes in order to get it into the master, sometimes you can even fail if e.g. the community does not think this feature is necessary and the code is not used. Then the code is dropped - which happens every day. I could understand your complains if this would have been a silent push to master without further notice which is not the case. I would propose that we create a Wiki page where we start a discussion on how to work with PRs in the future. |
This is down to the "design" of the blockchain-adapter in the first place. Your "incoming" Notification is based on the "StorageKey". Especially the "Signature Notification" In the "StorageKey" form, we cannot associate it with any existing "object". Also as mentioned that a "storageKey" is a one way Hash, that we cannot decode back to "MSP" + ":" + "referenceId" to find out the associated Local Object. Also, since StorageKey is not return by the "GET /private-documents", when we "store" the object locally, we would have pre-generated and associate the "generated" From/To Storage Keys with the "Object". So when Signature Event arrives , with only "StorageKeys", we can compare. Lets argue that even if we do not "pre-generate"/"store" the StorageKeys, but generate on the Fly. Back to the point. The ":" delimiter do not give much useful advantage in the first place. And in the current situation, i don't feel like there is any space for discussion. I have put forward my reason that the ":" do not add any advantage or serve much purpose, and it seems that because it has been decided and coded, the next decision will then be "lets makes things simple", since its already in place. lets just use it.
I welcome that Approach. however all those highlighting "internal" changes. I admit That its my fault that I "did not spot" the difference of What is not proposed/discussing on the 9th are are additional changes to.
Yes, arguably the Update of the "entire" payload response was for a different ticket/issue. Still there is no discussion
So, if i have not voiced any of this. shouldn't that then qualify as a "silent" push to master? |
Ok we should find a fix for that. I created an issue here: #29
Was it accepted? no. not yet. again, this is a PR. This PR sums up several cleanup and inconsistency fixes. As mentioned before we did put a lot of effort into the diagrams to have everything clean and consistent (e.g. speaking of payloadHash etc everywhere).
I see a benefit in having it in there. You do not. |
We can start discussion some solution there.
If I had not provided any feedback and just adopt the change on common-adapter, would this then been accepted?
This is exactly highlighting the Point i am making. Solution has been "coded" prior to any discussion/suggestion/planning from the wider group. (earlier reference of JUST DO IT) So i have to look into the source code to just understand what changes has been made. Not a changes that has not been mentioned/agreed that i know where to look straight into. This is exactly how any why additional unnecessary "debugging" time was spent just to find out what has changed.
These are exactly the "discussion" that we should be having before a "change" to the "code" that now breaks the flow. as your self mention, "if I insist" (per-say) you can revert that. This is exactly the unnecessary "undo" we can avoid if we would have first discussed about the change. . The problem real problem i am highlighting has nothing to do with PR per-say. its more of the fact that a decision of change is made without additional input from the wider group and straight into a PR. and wait to hopefully get "approval". This is where the problem develops. Where if there is a "change" cannot be "agreed", (because it was never agreed in the first place) There will be a waste of effort to develop the code in the first place and "time" to debate. (it might a MAJOR change. not so much of a "rename") |
At the risk of repeating myself this is a PR. There is nothing to revert or undo. In my opinion a PR with a proposed code as a basis for a discussion is way better than just some loosely formulated text presented in a meeting. The diagrams are a bit better, but still, the best basis for detailed discussion is a proposed implementation. Throwing away code for a rework based on a discussion on that is no big deal. Take the code a better/clearer way of describing an idea. As said before this PR should have been ideally split into multiple smaller PRs. I am open for suggestions for improvement of the pull request handling. Maybe we have different understandings on what a PR is? So how do we proceed here? Maybe we can collect some more feedback from the wider group? |
|
@zkong-gsma, @csarthou: Any progress on the common adapter integration and testing? |
|
we are fine. It would help if you "freeze" the changes. Its hard for us to work toward something that keeps changing. do you have a "latest" version that we should be testing against. that will not get "Changed" again without any notice? |
You can refer to the following branch that keeps track of the PR state: The last change is from 14 days ago which added a bugfix for an issue you reported (see 29c85d6). Do you have an estimate for me when the integration is finished, we need to integrate a forecast into out sprint planning. |
are you waiting for us to "black box" testing as well? what is stopping this commit of finalizing?
similar to previous question. What is blocking your planning? you do not have a dependency on common-adapter. |
|
So are you okay with merging this to master? If you approve it, I can merge it to master. |
My only feedbacks are the ones already discuss, which are all the changes to the Northbound API Spec and behaviour which are already rejected. I have no feedback on any "internal" items. |
|
After the discussion from GSMA-CPAS/BWRP-development-setup#19 I just found out some feedback that i think need to be addressed. The Introduction of "storageLocation" based on will cause trouble when "revalidating" a Payload.. There are 3 "issues". 1) At no point In Any flow that we are checking the MOST important part of this solution. "The hash" value written onto the ledger (transaction) all the "HASH" validation are "offline" and its meaning less. BWRP-blockchain-adapter/server/hyperledger/blockchain_service.js Lines 247 to 273 in 29c85d6 The summary of Flow.
"where" is the problem Here? HOME" is sure of PARTNER having the exact Same copy of his Data. Even by then, When a Event is "triggered", the Common-adapter performs a So, why are we even "performing" step 4 Which is the KEY proof of the validity of this document. yet we are not checking against it? So we need the next step (item 2) 2) This is also a dependency from Case 1. 3) For Signature, Its expected that we want to split the "signature" by using composite key for Both MSP. Hence we are selecting using compositeKeys but with "explicit" "MSPS". We expects results from both HOME and PARTNER MSP. Storing the Hash value for a Document includes MSP creator. we will also need to know YET another "key" to be able to "find" the value from the network. which goes back to the discussion Currently, we only have "msps", we would then need to Attempt to "select" both MSPS and expects one of them to return a result. |
Good find! Thanks! Right now the Payloadlink is only checked during signature verification.
This way VerifySignatures |
I think there is some miscommunications here. I didn't mentioned any issue with signature verification. They are all in good hands. I am referring to Payload Verification, that we now need to also provide a "MSP" as a attribute to be able to verify. And we do not have a concreate "source" of "Msp" from the "object" to be used. |
Your quote refers to your issue 3). Issues 1+2 will be addressed by a fix to the chaincode PR which I will upload in some minutes. |
|
please see GSMA-CPAS/BWRP-chaincode@da3dc44 |
to my point. At this current stage . during a What issue 3) is referring to is Later Stage when a "Frontend" (webui) want to show the "Proofs" of if a "PAYLOAD" is valid. IE. web-ui performs a [missing feature], Read value/transaction from blockchian with "referenceId" = [HASH-CHECK] From the Web-UI. Show/display so, when a "web-ui" performs a |
|
Ok good point. Let's expose the function via the API. I will create a separate PR for this. For the fromMSP/toMSP issue on signature requests access: there is another issue that tracks this feature |
This implements #26
See https://github.com/GSMA-CPAS/BWRP/wiki/Off-chain-document-exchange for more info
Note: this breaks the api and requires the updated chaincode as well.
Please use the following tag for both: packaged_2021_02_21
NOTE2: this breaks the Rest API!
Please have a look at the api doc with regard to /private-documents POST & GET:
https://github.com/GSMA-CPAS/BWRP-blockchain-adapter/blob/ssch-storeandsign/api/doc/Apis/ContractApi.md#uploadprivatedocument
https://github.com/GSMA-CPAS/BWRP-blockchain-adapter/blob/ssch-storeandsign/api/doc/Apis/ContractApi.md#fetchprivatedocumentreferenceids