Add an issuerId object to all anoncreds registry objects

hyperledger / anoncreds-spec

The specification for AnonCreds verifiable credential exchange.

https://hyperledger.github.io/anoncreds-spec/

Apache License 2.0

45 stars 24 forks source link

Add an issuerId object to all anoncreds registry objects #116

Closed TimoGlastra closed 1 year ago

TimoGlastra commented 1 year ago

Create PR for AnonCreds specification that adds the issuerId property to all AnonCreds registry objects and links back to the creator of the anoncreds object. AnonCreds methods must specify how to validate the issuer.

For e.g. indy the issuerId will always be the indy did

Figure out:

Do we want to include the issuerId in the identifier of the objects?

Related issue in AnonCreds RS: https://github.com/hyperledger/anoncreds-rs/issues/34 Related issue in AnonCreds specification: https://github.com/hyperledger/anoncreds-spec/issues/102

swcurran commented 1 year ago

Suggest that it be schemaIssuerId for the Schema object.

My leaning is that including the issuerId in the object identifiers should not be required. It often will be, by the nature of DIDs, but it should not be a requirement. As long as the issuerId can be determined from the VC and VP, we shouldn't require it in the other objects.

AnonCreds Methods must be able to populate the issuerId however it is defined in the published artifact. For legacy Indy, the published artifact does not have an explicit issuerId, but it can be derived from the objectId. Future AnonCreds methods could have the issuerId in the objects themselves.

TimoGlastra commented 1 year ago

Just so I fully understand, your suggestion is to add the field, but make it optional? A method can then define whether the field is required, and how you can populate it?

AnonCreds Methods must be able to populate the issuerId however it is defined in the published artifact. For legacy Indy, the published artifact does not have an explicit issuerId, but it can be derived from the objectId. Future AnonCreds methods could have the issuerId in the objects themselves.

I'm not suggesting that we should store the issuerId property on the registry. As you say, it can most often be derived from something else (for e.g. did:cheqd, did:indy and legacy indy methods), but I do see the value in making it a required property.

If the property is optional, and for e.g. the https method we end up not using it, would you then say that the credential definition has no issuer? And you wouldn't be able to send a proof request query based on the credential definition issuer?

TimoGlastra commented 1 year ago

@ankurdotb @Tweeddalex this is the issue I talked about during our meeting. Interested to hear your opinion

swcurran commented 1 year ago

No -- I think it should be required. I was just saying that the DID will usually be part of the AnonCreds object identifiers, but we can't count on that, and it should not be for AnonCreds to extract the DID/Identifier out and populate the issuerId. So it should be required, and up to the AnonCreds method to populate.

swcurran commented 1 year ago

Addressed by #126