CIP-0096? | On-chain dApp Certification Metadata #499
Conversation
Initialization of CIP-123 for On-chain Certification Metadata Standard. This CIP proposes a way to record certification and audits on-chain with mechanisms to: - check the origin of the certification/audit - anchor the on-chain certificate to off-chain metadata - link certificates to registered DApps that used CIP-72 - link certificates to deployed version of DApps
rphair
changed the title
|
Thanks @RSoulatIOHK & other authors for the really well developed proposal. We probably won't be ready for the number It would also help to avoid confusion if you could rename the CIP folder to something that doesn't have a number in it (e.g. |
rphair
added
the
Category: Metadata
This comment was marked as resolved.
This comment was marked as resolved.
|
no worries @RSoulatIOHK - leaving the number assignment to the editors: https://github.com/cardano-foundation/CIPs/tree/master/CIP-0001#1a-authors-open-a-pull-request ... comes mainly from popular collisions of self-assigned numbers causing editorial & community difficulties. The tendency to favour small-straight and "yahtzee" numbers can also lead to breaches of a mostly chronological order. The number assignment has also accommodated the sentimental value for birth years for honorary figures in Cardano's symbolism and roadmap. All this is in lore rather than the text of CIP-0001 but maybe we should be more explicit about it. I can also understand the tendency of working groups to give a CIP draft a memorable identifier (e.g. 123) and hope that over time some general, non-numerical means of identifying these works in progress can be adopted. 🤓 |
|
@matiwinnetou maybe you would review based on your work in #393? |
There was a problem hiding this comment.
Hey @RSoulatIOHK (and other authors),
I am quite a fan of this proposal! I believe it works nicely with the approach of CIP-72?. Furthermore I believe this addresses CPS-01?: by allowing for discoverable, and verifiably correct certification metadata, whilst offering a mechanism for trust.
See my review comments. :)
Co-authored-by: Ryan Williams <44342099+Ryun1@users.noreply.github.com>
rphair
changed the title
Now the json examples are valid against the schemas and the schemas no longer have errors.
Co-authored-by: Robert Phair <rphair@cosd.com>
There was a problem hiding this comment.
@RSoulatIOHK since cd2e166 said Addressed the last remaining comments I went back to check since I am looking to give this an endorsing review after all the great progress in the last couple of months (p.s.: and also today). 👏
I've resolved the majority of comments that appear fixed, but according to my reckoning these issues still remain at the time of your last commit:
Thank you @rphair for your great review!
There was a problem hiding this comment.
thanks @RSoulatIOHK for resolving 2 of the 3 questions with ec444bf, but please how is this question answered? #499 (comment)
I'm not sure if I understood the question. I can something about having the contract addresses as mandatory fields in both registration and certification so that when signing a transaction, a wallet could give assurance to a user that they are interacting with a certified version of a Dapp. Would that answer the question? I can even try to draw that in a time diagram to illustrate. |
|
thanks @RSoulatIOHK, that sounds to me like it would be helpful to add, but @Ryun1 works regularly with these types of wallet interactions & it was his question so I believe he's the best choice to clarify his question & accept your answer. 🤔 |
|
Thanks @rphair @RSoulatIOHK, I have responded to #499 (comment). |
There was a problem hiding this comment.
84a37f4 takes care of the last question #499 (comment) so I believe this is fully reviewed now... great work everybody 😎
|
Thanks @MIxAxIM for dropping in to discuss this at today's CIP editor's meeting. We noted that there is a (currently rough draft) certification document but that including it, or any on-chain implementations of it, would not be required to merge this with Any more rigorous definitions of certification levels that evolve in the course of implementation can be included in a future PR which defines this CIP as One pending item (cc @RSoulatIOHK) that came up at the meeting is how to handle versioning. Consensus (cc @Ryun1) was to try to define certification schema versions in different files (by version ID {1, 2, ...}) like we have for CIP-0072: https://github.com/cardano-foundation/CIPs/tree/master/CIP-0072 (files { |
|
@RSoulatIOHK @MIxAxIM thanks & the last update works just as well as in CIP-0072. One thing we may have missed in CIP-0072 (cc @ehanoc @matiwinnetou) which could be a problem again here: The schema files are duplicated between the CIP text and the associated
Could I propose that these schemas simply be linked rather than included inline (like in CIP-0060)? And could the CIP-0072 authors consider doing the same in a near term PR? @Ryun1 @KtorZ I can imagine there might be reasons to include the whole schemas inline and would like to review them if so. Pending this one issue it looks like this CIP has met all challenges so far and we might even consider merging it at the next meeting (apply |
Removed the Schemas from the readme. Added links to the schemas files. Added a JSON example for the onchain. Fixed the subject value in the examples.
|
Thanks for the suggestions. I linked to the schemas files but kept the examples in the text. I like the idea, I think it makes it clearer for the reader that just wants to see what is proposed but doesn't have the need to really dive into the schemas. |
Abstract
Certification is the process of providing various kinds of assurance of DApps through the provision of verifiable, trustworthy metadata linking to relevant evidence of assurance, such as audit reports, test run data, formal verification proofs etc.
Currently, certification does not have a standardised way to be stored and presented to all stakeholders (DApp developer, DApp stores, end-users, auditors, ...) in an immutable, persistent and verifiable way.
This CIP descibes a standardised method for certificates to be published and stored on-chain and for stakeholders to be able to verify the different claims of this certificate.
This proposal describes how certification metadata can be designed for DApp registration. It first describes the requirements for DApp certification, and then sets out the options for its inclusion in CIP-72.
(rendered proposal in branch)