search

hyperledger-archives / aries-framework-dotnet

Aries Framework .NET for building multiplatform SSI services
https://wiki.hyperledger.org/display/aries
Apache License 2.0
84 stars 74 forks source link

Endorsers vs Transaction Authors #160

Open Alexis-Falquier opened 3 years ago

Alexis-Falquier commented 3 years ago

Is there a way to use the framework as both a transaction author that is not an endorser as well as an endorser that is not the transaction author?

From what I see on the code the build transaction and send transaction requests are coupled into one function, so according to me that assumes the agent is an endorser. Is this the case or am I missing something where the building / signing of the transaction can happen separately so that it can then be sent to the endorser to sign and publish?

tmarkovski commented 3 years ago

It is possible to implement this, but it's not supported out of the box. When working with these scenarios, you can write a custom implementation of the ILedgerSigningService. In this service, one can make decisions how to handle the current request in terms of signing, endorsing, etc. The IAgentContext has a State dictionary that can be used to pass additional info from the upstream. Generally, this also means writing custom implementation of the IAgentProvider service as well.

Here's an example code of a custom implementation of this service, specifically SignRequestAsync(IAgentContext context, string submitterDid, string requestJson) method

        if (endorse)
        {
            var req = await Ledger.AppendRequestEndorserAsync(requestJson, endorserDid);
            req = await Ledger.MultiSignRequestAsync(endorserContext.Wallet, endorserDid, req);
            req = await Ledger.MultiSignRequestAsync(authorContext.Wallet, submitterDid, req);
            return req;
        } else {
            return await Ledger.SignRequestAsync(authorContext.Wallet, submitterDid, requestJson);
        }
Alexis-Falquier commented 3 years ago

Gotcha, did you guys do this for trinsic? Or is the assumption most issuers will be endorsers?

Question about the example you gave: the function assumes that both author and endorser wallet contexts are accessible by the method but in most cases the request will have to be signed by the author then sent to the endorser (OOB) to sign and publish. (as described here https://github.com/hyperledger/indy-sdk/blob/master/docs/configuration.md#transaction-endorser ) but in your example the author is second one to sign (and I am assuming the one to publish?). Does it not matter what order the signatures happen? And can either party publish once both signatures exist?