keria icon indicating copy to clipboard operation
keria copied to clipboard
Published 1 month ago verified publisher icon WebOfTrust

Clarification regarding multisig OOBI

Open lenkan opened this issue 1 year ago • 3 comments

There has been some discussion on github and discord regarding how multisig OOBI urls work. This issue on signify-ts contains some further references: https://github.com/WebOfTrust/signify-ts/issues/193

Consider a group AID multisig with participants member1 and member2 and their keria agents agent1 and agent2. Currently, when calling GET /oobis/multisig to generate an OOBI url for the group, you have to specify the role as either agent, witness or controller.

So, for example, if member1 would call this endpoint to generate an OOBI url for the group they would specify the role parameter agent and and get a result:

https://keria-url/oobi/<multisig aid>/agent/<agent1 aid>

If another AID, for example a credential issuer resolves this OOBI url and then grants a credential to that AID, only member1 would receive this message.

The current workaround is to construct an URL on the client side by stripping the /agent/<agent1 aid> part of the URL. So you would get:

https://keria-url/oobi/<multisig aid>

See the example scripts in signifypy and signify-ts:

  • https://github.com/WebOfTrust/signifypy/blob/e15129147c40faf587485e7cd46f8f179672d22b/scripts/multisig-holder.py#L113
  • https://github.com/WebOfTrust/signify-ts/blob/5be18192520f63eba83011379049f42e83b02ee0/examples/integration-scripts/multisig-holder.test.ts#L396

lenkan avatar Jan 19 '24 08:01 lenkan

From our dev meeting: Only one oobi is being chosen in the signify-ts example. There are a number of options:

  1. Clients can review the agent OOBIs and return the non-role OOBI (like seen in the tests). Does this belong in the logic or API? If this is handled at the API level it would help the user to receive the generic OOBI. @Arsh-Sandhu will send his fix.
  2. Generate an OOBI url with just a role in it
  3. Consumer can resolve all oobis

2byrds avatar May 02 '24 14:05 2byrds

Here is a reference to a discussion in discord regarding this: https://discord.com/channels/1148629222647148624/1148734044545228831/1194270946215854182

lenkan avatar May 02 '24 15:05 lenkan

See https://github.com/WebOfTrust/keria/issues/305 and once this is resolved this process will be documented/clear.

2byrds avatar Nov 14 '24 13:11 2byrds