Closed jdsika closed 7 months ago
quick thoughts on this:
@jfelixh I think the contract in the repo is different then the one on better call dev? https://better-call.dev/ghostnet/KT1AgNNsgQRigNTmLcQrhGPZafvdmvnLXXAZ/storage
The contract code on this repo is up to date. The contract you linked is a very early test deployment of an unfinished contract, if iirc. The specific deployment I use for testing is here for reference: https://better-call.dev/ghostnet/KT1KHhpL9Pk9DVh5GDnikH4Gx1kQ6NMb3GmC/storage
Did you see this here? https://spherity.github.io/vc-ethr-revocation-registry/
Outdated in light of the coming architecture changes for improved revocation.
Hi team,
I had a look at the smart contract.
1) I would suggest to remove the PKH of normal users. The key in the map searching for the entry should be the hash of the VC. 2) In order to be consistent we could also remove the pkh of the companies. The issuer can be identified by the hash of the VC. 3) multiple VCs can be presented at once and I suggest to transfer the VC of the company also to every individual vault (in altme) of users. 4) A user could then always present both VCs at the same time and the verifier backend could then just search using the VC hash not leaking pkh information. 5) The company VC could be stored in the gx credentials DB 6) The user VC should be deleted after the download in the alte vault AND the approval of the company admin 7) Please have a look at this example FA2 contract to figure out if we could handle the log entries as tokens? here
Those are my thoughts to be discussed.
Best regards Carlo