DRAFT: CN credential standard

[meiersi-da]

Draft code for a CN credential standard built in a similar fashion to how the CN token standard is built. The CIP text for it has not yet been written. The high-level idea is that:

• The standard defines APIs for

  • creating and updating credentials in a registry (see the CredentialRegistry interface)
  • querying the credentials using an off-ledger API, which also supports filtering (see the OpenAPI spec)
  • fetching credential in Daml code (see the CredentialRecord interface)

• The SVs run a credential registry as part of their Amulet Name Service (see the AnsCredentialRegistry implementation of the interface)

  • SVs protect their resources by requiring a refresh of the credential records every 90 days. Thus the traffic for the refresh protects them from somebody spamming the ACS of the DSO party
  • That registry is also used to solve the off-ledger API discovery problem in token standard.

• Third-parties are welcome to run registries as well. Their off-ledger APIs can be discovered in the ANS registry from a self-published credential by their party with a well-known key.

• Concrete sets of claims for specific use-cases are defined as part of additional CIPs, as outlined in https://docs.google.com/presentation/d/1PXVwQU98dPo4hhIrXt1U5pAutWa4YUlvS61xIiBMhgc/edit?slide=id.g328343e708d_0_468#slide=id.g328343e708d_0_468

Pull Request Checklist

Cluster Testing

• If a cluster test is required, comment /cluster_test on this PR to request it, and ping someone with access to the DA-internal system to approve it.
• If a hard-migration test is required (from the latest release), comment /hdm_test on this PR to request it, and ping someone with access to the DA-internal system to approve it.

PR Guidelines

• Include any change that might be observable by our partners or affect their deployment in the release notes.
• Specify fixed issues with Fixes #n, and mention issues worked on using #n
• Include a screenshot for frontend-related PRs - see README or use your favorite screenshot tool

Merge Guidelines

• Make the git commit message look sensible when squash-merging on GitHub (most likely: just copy your PR description).

[meiersi-da]

TODO: make this a CredentialView and remove the usage of Record in this file.

[moritzkiefer-da]

What are the semantics if I don't specify a time? is it validAsOf=now or is it all credentials even ones no longer active? If so, I assume I wonder if you should jus tbe able to specify a range in the query as well.

[moritzkiefer-da]

assuming you can query stuff that is no longer active what guarantees are registries expected to provide? Probably up to them to decide how long they want to store historic data?

[meiersi-da]

good point on range. Will adjust.

I would expect that the queries should return contracts in their ACS.

[moritzkiefer-da]

what's the motivation for not supporting an array here? Bulk queries across multiple holders seem potentially useful

[meiersi-da]

good point. I was worried that the query plans would not be good enough. However it should be OK. will adjust.

[meiersi-da]

add notes from self-review

[meiersi-da]

TODO: add bulk retrieval APIs for explorers

[meiersi-da]

TODO: switch to the supportedApis construction used in the token standard for increased flexibility

[meiersi-da]

good point. I was worried that the query plans would not be good enough. However it should be OK. will adjust.

[meiersi-da]

good point on range. Will adjust.

I would expect that the queries should return contracts in their ACS.

[meiersi-da]

TODO: also limit maximal size of metadata

[meiersi-da]

TODO: allow filtering for self-published tokens; e.g., using self as an issuer, or by adding a separate flag that allows self-published tokens.