Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: ADR-024: Decentralized identifiers resolver #1289

Merged
merged 8 commits into from
Feb 2, 2024

Conversation

dadamu
Copy link
Contributor

@dadamu dadamu commented Jan 16, 2024

Description

Closes: #XXXX
This PR writes the documentation of how to integrate DIDs registry to Desmos.


Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

  • included the correct type prefix in the PR title
  • added ! to the type prefix if API or client breaking change
  • targeted the correct branch (see PR Targeting)
  • provided a link to the relevant issue or specification
  • followed the guidelines for building modules
  • included the necessary unit and integration tests
  • added a changelog entry to CHANGELOG.md
  • included comments for documenting Go code
  • updated the relevant documentation or specification
  • reviewed "Files changed" and left comments if necessary
  • confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

  • confirmed the correct type prefix in the PR title
  • confirmed ! in the type prefix if API or client breaking change
  • confirmed all author checklist items have been addressed
  • reviewed state machine logic
  • reviewed API design and naming
  • reviewed documentation is accurate
  • reviewed tests and test coverage
  • manually tested (if applicable)

Summary by CodeRabbit

  • New Features
    • Integrated Decentralized Identifiers (DIDs) into Desmos, enhancing identity management with the addition of a DidDoc query method for resolving Desmos Profiles into DID documents.

@dadamu dadamu requested a review from a team as a code owner January 16, 2024 10:43
@github-actions github-actions bot added the kind/adr An issue or PR relating to an architectural decision record label Jan 16, 2024
Copy link

github-actions bot commented Jan 16, 2024

👀 Docs preview available here: https://65bcae4e5638ab5cfa22ce0a--desmos-docs.netlify.app

@dadamu dadamu force-pushed the paul/DCD-439/DIDs-adr branch from a5bc7b6 to e46817e Compare January 16, 2024 10:48
@dadamu dadamu force-pushed the paul/DCD-439/DIDs-adr branch from e46817e to f7d7c9f Compare January 16, 2024 10:54
// Documentation: https://www.w3.org/TR/did-core/#also-known-as
string also_known_as = 4;

// Keys of verification methods for verifying digital signature, must have at least one associated to Desmos account.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

must have at least one associated to Desmos account.

What does this mean?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is needed at least one to be Desmos message signer, then we can verify if the public key matches message signer, if yes then we can allow the sender to modify the DID document. Otherwise, no one can update the DID document.

}

// MsgCreateDidDoc represents the message to be used to create a new DID document.
message MsgCreateDidDoc {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see that inside this message there are some fields that contain some data that can ideally be faked by the user. For example I have the following questions:

  1. How can we make sure that the data provided by the user is correct (e.g. the verification methods are all valid)?
  2. Should we allow the user to set the ID? Wouldn't it be better to generate this one instead?
  3. Should we allow the user to set the Controller ID?

Copy link
Contributor Author

@dadamu dadamu Jan 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How can we make sure that the data provided by the user is correct (e.g. the verification methods are all valid)?

We can only check the public keys is the valid format or not. On the other hand, if user provide the non-owned public key to these fields, then user can not provide the proper signature to verifier, it means that we can recognize that user does not have that DID document.

Should we allow the user to set the ID? Wouldn't it be better to generate this one instead?

Yeah, you are right. Generating on chain would be better for this case. I will update the docs.

Should we allow the user to set the Controller ID?

Controller is a spec that allowing other DID to update the document. It gives more flexibility to DID document control, like group control. To have the flexibility, I think we can have it.
https://www.w3.org/TR/did-core/#the-relationship-between-did-controllers-and-did-subjects


The store keys of DID document inside KVStore will be as follows:

* 0x1 | {id} | {version_id} -> ProtocolBuffer(DidDoc)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking that the only DID that we will use is going to be the one related to a profile, so all these data could be auto-filled by us when a user wants to query a profile as a DID, directly inside the query response.

I don't believe we would want other methods to get a DID of a post or something else. So why do we need to store DIDs on the chain, and we cannot simlpy generate them on-the-fly when a user requests one using a particular query?

Copy link
Contributor Author

@dadamu dadamu Jan 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you mean that having a resolver translating to DID from Desmos address? By this way, we will lose a lot of information and flexibility defined by w3c, like service, alsoKnownAs and the possibility other keys to control DID since no one can modify DID document to authorize other keys.

For example, the auto generated DID document will be like:

{
  "id": "did:desmos:<desmos-address>"
  "verificationMethods": [{ "id": "did:desmos:<desmos-address>#user-key", "type": "Secp256k1", "publicKeyMultibase": "<base58-encoded-key>" }]
  "assertionMethod": ["did:desmos:<desmos-address>#user-key"],
  "authentication": ["did:desmos:<desmos-address>#user-key"],
  "capabilityInvocation": ["did:desmos:<desmos-address>#user-key"]
  "keyAgreement": ["did:desmos:<desmos-address>#user-key"]
}

NOTE: did:desmos:<desmos-address>#user-key is the public key of Desmos account.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need all the things that you have listed?

  1. Do we really need the user to allow specifying a service or alsoKnownAs?
  2. What would it mean for a Desmos account, which is strictly tied to a Desmos private key, that other keys can control the DID? Since the DID is representing the Desmos account/profile, and it's not technically possible to have other keys controlling such profile, what would it mean if a user set other keys to control such DID? Wouldn't it imply that the profile is controled by someone external and thus does not represent the identity anymore?

Copy link
Contributor Author

@dadamu dadamu Jan 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we really need the user to allow specifying a service or alsoKnownAs?

They are optional information defined by users for their custom application usage. For example, on the service field side, user can set a bank service where this DID document especially use. The application can read this service field to quickly recognize this DID document is for bank service. There is also a resolution query method which is did:desmos:<id>#<service-name>: https://www.w3.org/TR/did-core/#fragment

On the other hand, alsoKnownAs is also used in application situation, to define the DID document related on other external ID but no guaranteed. For instance, setting paul_chen_tw on X on this field, requiring another process to link ID on X and my DID document. So, I think alsoKnownAs field is not necessary and can be removed.

What would it mean for a Desmos account, which is strictly tied to a Desmos private key, that other keys can control the DID? Since the DID is representing the Desmos account/profile, and it's not technically possible to have other keys controlling such profile, what would it mean if a user set other keys to control such DID? Wouldn't it imply that the profile is controled by someone external and thus does not represent the identity anymore?

DID designed by W3C allows users to authorize other public keys to control their DID document by adding the key into capabilityInvocation field. The DID identity is owned by the public key owner, so user should add the keys they really owns. So I don't think DID document for general purpose can be seen as a Desmos profile. https://www.w3.org/TR/did-core/#capability-invocation

Copy link
Contributor Author

@dadamu dadamu Jan 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I am misunderstanding something. I thought what we will build is a general DID document registry like cheqd. After this discussion, I think your decision is resolving Desmos profile as DID document rather than building a general registry for Desmos core. Do I understand correctly?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, exactly that was my idea. I don't think that having a generic DID registry might be good for Desmos. But resolving Desmos profiles as DIDs it might be indeed. I would like to ask @kwunyeung his thoughts though as I might be the one misinterpreting here.

Copy link
Contributor

@kwunyeung kwunyeung Jan 23, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@RiccardoM what you have mentioned is the same as what I originally thought of implementing DID. This feature is to provide a web standard compatible representation of Desmos Profile. We can generate all data of the profile as the DID structure which can be easily adapted by any applications that are going to make use of the DID w3c standardiaztion.

Even for fields like service and alsoKnownAs should be generated from what data has been stored on chain with the chain-link or app-link. E.g., we may see

did:ens:forbole.eth
did:ethr:0x1234123123123123123123
twitter:forbole
mailto:[email protected]

The applications that supports those DIDs should support those resolvers from their ends.

It's still early but in the long run, the service field could be useful. E.g., a university is providing a service for providing educational qualification proofs to an identity and the service is registered on Desmos. If that specific DID is linked with the Desmos Profile, then in the Desmos Profile DID, we can have a service that is pointing to that DID with the qualification verification service.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kwunyeung After the discussion, I now understand that our DID will tie to the user profile in Desmos, in the other word, the starting point is Desmos profile.
I agree with we can resolve chain-link and application-link in alsoKnownAs field. However, service may not be useful since it is a hint by user that tells where the DID can be used. In our case, our DID should be use for all the apps inside Desmos ecosystem.

@dadamu dadamu changed the title docs: ADR-024: Decentralized identifiers registry docs: ADR-024: Decentralized identifiers resolver Jan 24, 2024
@dadamu
Copy link
Contributor Author

dadamu commented Jan 24, 2024

@RiccardoM Updated ADR to DID resolver from DID registry.

@dadamu dadamu requested a review from RiccardoM January 30, 2024 06:24
Copy link
Contributor

@RiccardoM RiccardoM left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great to me. Clear and effective 💯 We can accept it and start with the implementation.

Copy link
Contributor

coderabbitai bot commented Feb 2, 2024

Warning

Rate Limit Exceeded

@RiccardoM has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 20 minutes and 44 seconds before requesting another review.

How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.
Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.
Please see our FAQ for further information.

Commits Files that changed from the base of the PR and between 46e1588 and b8063d4.

Walkthrough

This update introduces the integration of Decentralized Identifiers (DIDs) into Desmos, enhancing identity management by allowing Desmos Profiles to be resolved into DID documents. It marks a significant step towards leveraging decentralized digital identity within the platform, aligning with W3C specifications.

Changes

Files Change Summary
docs/architecture/adr-024-decentralized-... Introduces DID integration into Desmos, including method for resolving profiles into DID documents.

Related issues

  • DCD-433: This issue's objectives of integrating DIDs in alignment with the W3C definition and enabling decentralized digital identity for Desmos Profiles are directly addressed by the changes in this PR.
  • DCD-439: The creation of the ADR to integrate DIDs into Desmos Core is the focus of this PR, making it a candidate for linking due to its direct relevance to the implementation details outlined.

🐇✨
In the world of Desmos, where profiles glide,
A new era dawns, with DIDs by our side.
Identity's dance, now broader, now wide,
With each leap forward, we take in stride.
🎉🐰

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit-tests for this file.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit tests for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository from git and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit tests.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • The JSON schema for the configuration file is available here.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review Status

Actionable comments generated: 7

Configuration used: CodeRabbit UI

Commits Files that changed from the base of the PR and between 429caae and 46e1588.
Files selected for processing (1)
  • docs/architecture/adr-024-decentralized-identifiers-resolver.md (1 hunks)
Additional comments: 1
docs/architecture/adr-024-decentralized-identifiers-resolver.md (1)
  • 56-62: The protobuf definition for the Query service is clear and follows best practices. However, ensure that the URL in the option (google.http.get) annotation correctly reflects the API's versioning and path.

RiccardoM and others added 4 commits February 2, 2024 09:52
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
@RiccardoM RiccardoM merged commit fb1c1f8 into master Feb 2, 2024
32 checks passed
@RiccardoM RiccardoM deleted the paul/DCD-439/DIDs-adr branch February 2, 2024 09:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/adr An issue or PR relating to an architectural decision record
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants