search

nuts-foundation / nuts-node

The reference implementation of the Nuts specification. A decentralized identity network based on the w3c ssi concepts with practical functionality for the healthcare domain.
https://nuts-foundation.gitbook.io
GNU General Public License v3.0
25 stars 16 forks source link

VCR: Verifier store must have backup shelf as well #2317

Closed reinkrul closed 1 year ago

reinkrul commented 1 year ago

It doesn't have one because it never needed one: all VCs were on the DAG meaning it could be restored from the DAG. But when receiving VCs over OpenID4VCI, they're not backed up (since they're not on the DAG).

The verifier store needs a backup shelf (and restore procedure) as well, it needs to be documented in the backup/restore documentation and might be mentioned in the release notes as well (since there's an additional file to be backed up).

woutslakhorst commented 1 year ago

Best to extract the leia+backup logic from the issuer store to a new leia storage wrapper which handles this. Then reuse that wrapper in the issuer_store and normal storage.

gerardsn commented 1 year ago

Does this require action from the user if they already have backups configured? Because that could result in loss of data combined with the automatic activation of OpenID4VCI

woutslakhorst commented 1 year ago

Backup is also filled automatically form current DB (if empty)

reinkrul commented 1 year ago

I think we have too many stores already, I'd rather introduce more if we can avoid it.

Maybe re-use existing backup store for holder/verifier role as well, adding a shelf. It already has credentials and revocations shelves. Then people don't need to alter their backup configuration? Since that would be breaking i.m.o., automatically making it a v6 version. Only con would be that the name is incorrect (backup-issued-credentials.db).

woutslakhorst commented 1 year ago

That was the idea.

A name change could possibly be done since our backup procedure talks about directories not individual files?

reinkrul commented 1 year ago

In step 5, copy network/data.db, vcr/backup-issued-credentials.db and vdr/didstore.db from your backup to the datadir (keep the directory structure).

(https://nuts-node.readthedocs.io/en/latest/pages/deployment/backup-restore.html#id1)

reinkrul commented 1 year ago

Side question, why does didstore.db need to be restored, it is rebuilt using reprocess? The page reads a bit confusing (mixed BBolt/Redis)

woutslakhorst commented 1 year ago

Because did restore wasn't present in a previous version of the docs (only vc+revocation), somewhere along the line it got changed to also reprocess the dids. So now the docs are wrong.