Unable to register DID with Endorser

[MakTom]

While registering a DID with Endorser role, I am getting following error.

This has started happening after today noon. It was working fine before that.

[swcurran]

BCovrin Test is currently in a bad state — hence this error. Someone demoted the Trustee DID. We’re checking on recovery or reset as the solution, so hold tight. Sorry for the inconvenience.

To be clear, this is not an issue with Indy — just that we set up a sandbox that anyone could use and someone abused the privilege. Now that we realize someone might do this, we’ll take steps to prevent a repeat...

[MakTom]

Thanks @swcurran, can you please share a timeline if you have any, by which we can expect BCovrin test to be working again?

[swcurran]

Plan is for today. A recovery attempt is being tried (not sure of the status) and if that is too complicated or deemed not possible, we’ll reset the network and relaunch — with better protections.

[WadeBarnes]

BCovrin Test was reset and was back online at just before 12pm Pacific Friday, July 28th.

[lenrepo]

I am currently getting thesame error ("Identity not registered") also happening with my local Von-network

[WadeBarnes]

@lenrepo, I just tested DID registration on BCovrin Test and it's working for me. Could you provide additional details? For your local instance of von-network, ensure all the nodes are actually running.

[lenrepo]

        I found that I was supposed to generate the seed from the generateSecrets utility, this took a lot of digging to find. The usual documentation “says enter your name on the seed textbox“ this is misleading as this whole operation assumes you had pre-generated a seed  and a key probably in base 64  ---- On Fri, 22 Sep 2023 06:11:57 -0700  ***@***.******@***.***> wrote ----  

@lenrepo, I just tested DID registration on BCovrin Test and it's working for me. Could you provide additional details? For your local instance of von-network, ensure all the nodes are actually running.

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>

[WadeBarnes]

The usual documentation “says enter your name on the seed textbox“ this is misleading as this whole operation assumes you had pre-generated a seed  and a key probably in base 64

Can you provide a link to this documentation please?

[darapich92]

Hello @WadeBarnes, since a trustee can be demoted by another trustee, so can we modify the permission of a trustee, which one can do this while another cannot do this? because a trustee has many permissions to combat each other.

[WadeBarnes]

Hello @WadeBarnes, since a trustee can be demoted by another trustee, so can we modify the permission of a trustee, which one can do this while another cannot do this? because a trustee has many permissions to combat each other.

Hey @darapich92, I think this question is off topic for this particular issue. Also, your question is not specific to von-network, it's more of an indy-node related question. Are you on the Hyperledger Discord server? I think it would be better to discuss on the Indy channel there.

[darapich92]

@WadeBarnes , swcurran said "Someone demoted the Trustee DID". So, based on the Auth_list, it is only a trustee role can demote another trustee so that I think it is a point to improve over the permission of a trustee. Anyway, I am not on the Hyperledger Discord server. I will search for that channel.

[WadeBarnes]

The auth_rules for the networks were updated so a single Trustee could not demote another trustee DID. You can find the script for the updated rules here; https://github.com/bcgov/von-network/blob/main/BCovrin/auth_rules

[darapich92]

@WadeBarnes thank you so much for this information. I am sorry to ask you outside this topic. I want to find where is the permission policies of the Hyperledger Indy-node. But I could not find. Could you guide me?

[WadeBarnes]

@darapich92, I provided a link over here this morning; https://github.com/bcgov/von-network/issues/253#issuecomment-2069421242

[darapich92]

@WadeBarnes, thank you. So, the code will check the permission of each rule based on this policy rule.

[WadeBarnes]

@WadeBarnes, thank you. So, the code will check the permission of each rule based on this policy rule.

Correct