search

hyperledger / aries-vcx

aries-vcx is set of crates to work with DIDs, DID Documents, DIDComm, Verifiable Credentials and Hyperledger Aries.
https://didcomm.org
Apache License 2.0
125 stars 83 forks source link

Support public tails server #131

Closed krgko closed 4 years ago

krgko commented 4 years ago

The current version of LibVCX now contains a revocation feature, but a tails file should deploy with an agent locally.

Would it be possible to make this feature to support a tails server publicly? such as https://github.com/bcgov/indy-tails-server

Example use case When deployed issuer and verifier on a different server, how does a verifier find a tails file for a revocation registry to check a VC that still valid or not? It would be great if a tails server able to deploy as a separate service, a holder also support to attach a tails server URL with its presentation.

Patrik-Stas commented 4 years ago

Hi @krgko before we further discuss the feature you are requesting, I need to correct you to make sure we are on the same page. You are writing how does a verifier find a tails file for a revocation registry - this is invalid, because verifier does not need tails file at all. It's only prover who needs tails file in order to generate indy based non-revocation proof. Verifier only checks the received proof against the ledger, but does not need tails file at all.

Currently it's responsibility of the issuer to make tails file publicly available and correctly link that public location to revocation registry definition transaction. For example here https://indyscan.io/tx/SOVRIN_STAGINGNET/domain/149189 you can see reference to tails file:

"tailsLocation": "https://api.portal.streetcred.id/agent/tails/BV1NRXB6JxVMNPtTvEHGnwjssujUzq3TnR9bvzekxfA5"

Given this, is there still a capability you are missing in libvcx?

Though I haven't tried indy-tails-server myself, I think it should be possible to integrate with libvcx.

krgko commented 4 years ago

Hello @Patrik-Stas , Thank you for correcting my misunderstanding about the revocation feature. It would be great if there is an example that implements the usage of public tails server.

Currently, I try to develop a mobile application using the LibVCX on react-native and quite confuse about how to use the LibVCX. From your comment, I understand about the revocation feature usage better.

Thank you for your response on this.

Patrik-Stas commented 4 years ago

Hi @krgko we've just recently added feature that when creating credential definition with revocations OR when rotating revocation registry, you can specify URL of tails file. This URL will be written on the ledger. By doing so, you as issuer are then responsible for making sure that the tails file will be available on the specified location.

You can see example of this flow in this test https://github.com/hyperledger/aries-vcx/blob/master/agents/node/vcxagent-core/test/distribute-tails.spec.js But you will have to click through other files as well, our NodeJS integration testing is getting bit more robust now.

On nutshell it works like this:

  1. When creating credential definition, you can pass revocationDetails argument, which should be stringified JSON, looking like this: 
    {
  supportRevocation: true,
  tailsFile: "/some/local/path",
  tailsUrl: "https://institution.example.org/tails/driving-license/891748975981",
  maxCreds: 100
}

    This would build you credential definition, output tails file for that credential definition to /some/local/path. Then it would be your job to make that tails file available on the address you've specified "https://institution.example.org/tails/driving-license/891748975981"

When holder receives a credential, he can call vcx_credential_get_tails_location which will return the tailsUrl written on the ledger. So you can then go ahead, download it and use it (you will need it to generate proofs)