hyperledger / aries-framework-swift

A Swift framework for Aries.
Apache License 2.0
17 stars 6 forks source link

Is there a way to support multiple ledger while sharing single wallet? #39

Closed kukgini closed 6 months ago

kukgini commented 1 year ago

AIP 2.0 is ready for multiple ledgers as described here: https://github.com/hyperledger/aries-rfcs/blob/main/concepts/0302-aries-interop-profile/README.md

Use protocols and standards that support multiple ledger types and verifiable credential formats.
RFCs 0434, 0023, 0453, 0454

However, in the AIP 1.0 protocol, which was created assuming that participants share one ledger, a secure method is needed for one mobile app to switch between multiple ledgers. (no need to using them at the same time. just switching it is ok.)

My concern is that DIDs or VCs from a specific indy ledger's are only meaningful among participants sharing the same ledger. So, If user switched ledger in the app, What is right way to achive this: When looking up the wallet, for example, when looking up a key required for agent message delivery or when a present-proof message is received, how can I select and look up only the keys or credentials issued from the ledger?

conanoc commented 1 year ago

DIDs or VCs from a specific indy ledger's are only meaningful among participants sharing the same ledger

You are right only for VCs. Because we are using peer DIDs for holders, DID has no relation to the ledger. What we have to make sure of is the holder should use the same ledger as the ledger used by the issuer/verifier when we get VCs or when we present proofs.

kukgini commented 1 year ago

When establishing a connection with implicit invitation using Public DID (which is verkey and endpoint registered in ledger) can also be applicable. Moreover, there is no protocol that the DID used for connection must be a peer. According to the RFC, since attaching DIDDoc is optional, the issuer/verifier side may use the DID registered in the ledger.

The DIDDoc contains the DID document for the requesting user. If the DID method for the presented DID is not a peer method and the DID document is resolvable on a ledger, the DIDDoc attribute is optional.
conanoc commented 1 year ago

We are not supporting public DID for now. And if we implement public DID support properly someday, it will be independent of the ledger of the issuer. Ledger is relevant only to the schema and credential definition because they are registered on that ledger and aries-framework lookup that ledger for schema and cred-defs. DID resolution is a different thing that should work regardless of which ledger the issuer and holder use.

kukgini commented 6 months ago

AIP 1.0 is going to deprecated this year. If we transition to the next level of the protocol, this problem will be naturally solved.