# XXX: DID:Indy Method - Author - Start Date: 2020-02-05 ## Status - Status: [PROPOSED](/README.md#hipe-lifecycle) - Status Date: 2021-09-02 - Status Note: ## Summary This HIPE describes the implementation of the did:indy concerning indy-node and indy-vdr according to the did:indy specification. For motivation and more information please refer to the did:indy specification. ## Transaction format - Needs new protocol version - ## Indy Node / Plenum ## Indy VDR API ## Reference ## Drawbacks ## Rationale and alternatives ### Get specific version https://github.com/hyperledger/indy-node/blob/master/docs/source/transactions.md#common-structure ``` { "ver": <...>, "txn": { ... }, "txnMetadata": { "txnTime": <...>, "seqNo": <...>, "txnId": <...> }, "reqSignature": { ... } } ``` ## Indy Node and Indy Plenum ### Write NYM We need to adapt the schema of a write nym operation to include the optional `diddoccontent` attribut. The schema definition is part of [Plenum](https://github.com/hyperledger/indy-plenum/blob/5960118788c1a580cd271c50b920ac15b1497495/plenum/common/messages/client_request.py#L55) Should we adapt the existing class ``` class ClientNYMOperation(MessageValidator): schema = ( (TXN_TYPE, ConstantField(NYM)), (ALIAS, LimitedLengthStringField(max_length=ALIAS_FIELD_LIMIT, optional=True)), (VERKEY, VerkeyField(optional=True, nullable=True)), (TARGET_NYM, DestNymField()), (ROLE, RoleField(optional=True)), (DIDDOC_CONTENT, JsonField(max_length=JSON_FIELD_LIMIT(optional=True)), ) ``` or add another class? ``` class ClientNYMOperationV2(MessageValidator): ``` I don't see a reason currently to add another class. `JSON_FIELD_LIMIT` is used for the raw content of an ATTRIB tx and is set [here](https://github.com/hyperledger/indy-plenum/blob/f812a72197bc0740d4c6b75b796beff8f88c73f9/plenum/config.py#L316) to 5*1024 It seems that we don't need to adapt the [`update_state` function](https://github.com/hyperledger/indy-node/blob/master/indy_node/server/request_handlers/domain_req_handlers/nym_handler.py) An open question would be if store the diddoccontent directly or use dedicated store as is done in the attrib case. #### Validation ### Get NYM No changes required? Do we need new type/schemas of new version? ### GET DIDdoc by timestamp We can roughly follow the process outlined in RevocRegEntry 1. Define get nym request and handler with additional timestamp [New schema](https://github.com/hyperledger/indy-node/blob/78bb325121be212f4dc729998d713dbbcde78bee/indy_common/types.py#L67) with ` (TIMESTAMP, IntegerField(optional=True))`and [enhanced logic](https://github.com/hyperledger/indy-node/blob/78bb325121be212f4dc729998d713dbbcde78bee/indy_node/server/request_handlers/read_req_handlers/get_nym_handler.py#L17) to do the following 3. Use `NymHandler.make_state_path_for_nym(nym)` as defined [here](https://github.com/hyperledger/indy-node/blob/78bb325121be212f4dc729998d713dbbcde78bee/indy_common/state/domain.py#L33) 4. Implement `get_nym_by_timestamp(timestamp, path_to_nym_entry)` similar to [_get_reg_entry_by_timestamp(self, timestamp, path_to_reg_entry)](https://github.com/hyperledger/indy-node/blob/78bb325121be212f4dc729998d713dbbcde78bee/indy_node/server/request_handlers/read_req_handlers/get_revoc_reg_delta_handler.py#L128). More about timestamp storage can be found [here](https://hyperledger-indy.readthedocs.io/projects/plenum/en/latest/storage.html#timestamp-storage) ### Get DIDdoc by version (==seqNo) There seems to be no direct mapping between seqNo and state. Hence, I see the following options: 1. Introduce a new mapping `seqNo -> state` and add an optional seqNo attribute to the get nym request. 2. Use `GET_TXN(seqId)` internally, use `state_root_hash` which is part of the `state_proof` block to `get_value_from_state`. (Not sure if this the correct state root ([More info](https://github.com/hyperledger/indy-plenum/blob/5960118788c1a580cd271c50b920ac15b1497495/plenum/server/request_handlers/get_txn_handler.py#L43))) 2. Use `GET_TXN(seqId)` internally, get the timestamp from this TX and use `get_nym_by_timestamp` ### Noteworthy - NYM tx is defined in [Plenum](https://github.com/hyperledger/indy-plenum/blob/master/plenum/common/transactions.py) not indy node - There's a cache implementation to get verkey/role of a given nym https://github.com/hyperledger/indy-node/blob/master/indy_node/persistence/idr_cache.py - There's a dedicated attribute (key-value) store. Only hashes are stored in the ledger. See https://github.com/hyperledger/indy-node/blob/78bb325121be212f4dc729998d713dbbcde78bee/indy_node/server/node.py#L252 However, this seems not to be used ?! - There is already observer related code in [Plenum](https://github.com/hyperledger/indy-plenum/tree/f812a72197bc0740d4c6b75b796beff8f88c73f9/plenum/server/observer) ## Interesting Sources - Talk: [Understanding the Hyperledger Indy Distributed Ledger - Alexander Shcherbakov, Evernym ](https://www.youtube.com/watch?v=ncdvaJrOm_Q)[Slides](https://de.slideshare.net/SSIMeetup/the-hyperledger-indy-public-blockchain-node) - [How storage works](https://github.com/hyperledger/indy-plenum/blob/master/docs/source/storage.md) ## ToDos and Open Questions -[ ] Update Transactions documentation -[x] How is get revocation registry state implemented? - https://github.com/hyperledger/indy-node/blob/78bb325121be212f4dc729998d713dbbcde78bee/indy_node/server/request_handlers/read_req_handlers/get_revoc_reg_delta_handler.py#L128 -[ ] Check how TAA request deals with (protocol) version update -[ ] Do we need to add diddoccontent [here](https://github.com/hyperledger/indy-node/blob/master/indy_common/txn_util.py) -[ ] What's static and dynamic validation in request handlers? /indy_common/constants.py Line 104 allOpKeys add diddoccontent ? * What's the Identity class? Where is used? Do we need to change it? https://github.com/hyperledger/indy-node/blob/master/indy_common/identity.py - Plenum DidIdentity https://github.com/hyperledger/indy-plenum/blob/master/plenum/common/signer_did.py * Do we need to register new handlers? indy_node/test/nym_txn/test_nym_resend.py::test_nym_send_twice FAILED [ 98%] indy_node/test/nym_txn/test_nym_resend.py::test_nym_resend FAILED [ 98%] indy_node/test/nym_txn/test_send_nym_validation.py::testSendNymSucceedsForUuidIdentifierAnsdk_pool_handlemittedVerkey FAILED [ 98%]