kilt-node icon indicating copy to clipboard operation
kilt-node copied to clipboard

Published 20 hours ago verified publisher icon KILTprotocol

feat: asset DIDs and public credentials

Open ntn-x2 opened this issue 2 years ago • 2 comments

fixes KILTProtocol/ticket#2029

This PR introduces the following components:

  • A new crates folder which contains additional crates we work on and might want to offer to the community. In this case, the hope is that the Asset DID crate would be migrated to the Substrate repo eventually
  • A new public-credentials pallet which stores credentials issued to assets as defined in the draft
  • A new RPC module to fetch either a single credential entry (i.e., block number + deposit info) for a given (subject and root hash), or all credentials (i.e., a vector of(root hash, credential entry) for a given subject.

Pallet

The new pallet exposes the following extrinsics:

// Internally calls authorization::add() and fails if that call fails
fn add(credential: InputCredential);
// Internally calls authorization::remove() and fails if that call fails
fn remove(claim_hash: Hash, ac: Option<AccessControl>);
// Internally calls authorization::reclaim_deposit() and fails if that call fails
fn reclaim_deposit(claim_hash: Hash);

EDIT: with the merge of https://github.com/KILTprotocol/kilt-node/pull/392, two new extrinsics will be added, and the claim_hash is replaced by the credential_id:

fn add(credential: InputCredential);
fn remove(credential_id: Hash, ac: Option<AccessControl>);
fn reclaim_deposit(credential_id: Hash);
fn revoke(credential_id: Hash,  ac: Option<AccessControl>);
fn unrevoke(credential_id: Hash,  ac: Option<AccessControl>);

The InputCredential type is the following:

{
    "claim": {
        "ctype_hash": "0ab12...",
        "subject": "did:asset:...",
        "contents": "0ab12...",        // Encoded claims
    },
    "nonce": "0ab12....",
    "claim_hash": "0ab12...",
    // OPTIONAL
    "claimer_signature": {
        "claimer_id": "4fa..."        // Full DID (with no did:kilt: prefix of the claimer)
        "signature_payload": MultiSignature    // The usual signature type we use everywhere else
    },
    // OPTIONAL
    "authorization_info": AuthorizationInfo
}

EDIT: with the merge of https://github.com/KILTprotocol/kilt-node/pull/392, the format will be changed to:

{
    "ctype_hash": "0ab12...",
    "subject": "did:asset:...",
    "contents": "0ab12...",        // Encoded claims
    // OPTIONAL
    "authorization_info": AuthorizationInfo
}

RPC

The RPC exposes the following functions:

get_credential(subject_id, root_hash) -> Option<CredentialEntry>
get_credentials(subject_id) -> Vec<(RootHash, CredentialEntry)>

EDIT: with the merge of https://github.com/KILTprotocol/kilt-node/pull/392, the RPC endpoints will be:

get_credential(credential_id) -> Option<CredentialEntry>
get_credentials(subject_id, filter) -> Vec<(RootHash, CredentialEntry)>

For update examples see the description of https://github.com/KILTprotocol/kilt-node/pull/392.

ntn-x2 avatar Jul 08 '22 14:07 ntn-x2

Could you have a look at the comments I made in the draft doc you linked? I have qualms with adding a claimer signature here, because I think it muddies the claimer concept, and I do not understand the need to use our selective disclosure cryptography given that all claim values are stored on a public ledger.

rflechtner avatar Jul 21 '22 11:07 rflechtner

Document for the (upcoming) meeting to decide about the final details of what goes into a public credential (will have minimal impact on the chain side, as most logic is anyway offloaded to the client) -> https://docs.google.com/document/d/195E4qvmodxcUQ9vKrbJGBuR39tOUMHm4KGrxWoewMXk

ntn-x2 avatar Jul 22 '22 10:07 ntn-x2