Roadmap: AnonCreds objects signed by a key controlled by the object publisher

[Reccetech]

In the current implementation of Anoncreds, supporting the Indy patterns, there is the need for a service like a ledger to help govern and enforce things like bindings between Issuers and their associated objects like schemas or creddefs through tools like DID URLs.

Looking forward at the roadmap I would advocate a model where objects contain a clear reference to their owner (i.e. an Issuer DID) that are then signed by a signature associated a public key associated with the owner (i.e. in their DID document). To me this would allow objects to be more self-contained & self-asserting and remove the need for centralizing services to manage and govern their creation and lifecycle.

In terms of implementation I have heard some comments that moving forward the definition of objects would increasingly be left to individual object methods. I would posit that having individual object methods specify objects like schemas & creddefs might make interop challenging - which to me has been one of the key strengths of the Indy/Aries community. As such I would suggest that any AnonCreds 2.0 work should continue to profile what these objects should look like for a non-Indy (perhaps BBS+?) world. Of course individual object methods can continue to specify their own CRUD operations around said objects. Perhaps this was always the plan :)

Feedback appreciated.

[rodolfomiranda]

A nice approach proposed by cheqd is DID-Linked Resources Specification that is being defined at ToIP Utility Foundry Working Group. The metadata can include the signature of the publisher DID as an enforcement and a prove that the object belongs to the declared publisher.