Separate generation of proof and verification in two separate operations, expose method to retrieve proof. #138
Comments
|
If I understood, what you want is to:
This sounds good to me, just keep in mind that both methods will need the verifier URL. The first method should then return some sort of identifier and store the proof to retreive it when sending to the verifier. In other words, it adds a bit of complexity but allows to do the hard computation, and then just send the proof when needed. Could you bravely describe a use case where this would be needed? I can imagine a situation where two verifiers want to verify the exact same thing and this could be a way to avoid recalculating the proof, but it seems a bit odd to find this scenario (keep in mind that proofs are only valid for a period of time defined by the verifier, after this period hey must be recomputed in order to be "fresh" enough) |
|
The generation of the proof needs the verifier URL? is not done locally? The use case is for access control for example. User wants to access to some space, then it will generate the proof in the moment of accessing and share this proof with another app that will act as a verifier of this proof, connecting with the verifier url to know if it should allow the access or not. |
|
In order to generate the proof, there are some artifacts that must be downloaded. This artifacts will be provided by the verifier, so yes, to generate the proof you need the verifier URL. I would suggest something like this flow:
Note that only point 1 is covered by iden3-mobile, and 2 will require modifications on the library to get the token reply. Points 3 and 4 would be completely out of the scope of this library. Another option would be:
This approach is more similar to what we have now, and would require to split proof generation and proof sending as suggested by this issue. This could get messy as any holder could send the proof at any time (not just when they are in front of the security checkpoint). As a conclusion, it can be a good idea to split this method in two because it will give more flexibility to integrators, but the most natural way to proceed is to generate the proof just before sending it |
|
If @rauljareno still think that is a good idea to have this method splitted, I will add an issue to address it. |
|
@arnaubennassar I don't understand what the token that the verifier sends to the holder is. Could you explain further please? Thanks! |
|
This token would be a unique identifier. It could be any piece of data that can be used to fetch data from a DB:
Anyway I guess that this is quite specific to your project, and I think this is not the best place to discuss it, I'd like to keep this issue focused on the question |
|
Do you find interesting having the capability to send proofs through channels that are not supported directly in the library? |
|
We were going to implement exactly that.
So that's why we would need to separate proof generation from verification. And if need anything extra to be able to move the proof to this server ,then yeah, that as well. Thanks! |
|
@AlbertoElias In the flow you descrive, in step 5, both the proof and the photo are fetched from server X? |
|
@arnaubennassar exactly |
arnaubennassar
changed the title
|
Cool in this case it will be also needed to export the proof |
Right now, the go-mobile library is allowing to generate the proof (with or without ZK) at the same time that is sending it to the verifier url to be verified and give back a result. For some workflows, this process is done by different operators (one generating the proof and sharing it with the other one that is verifying its validity). We would need then to separate this binded operations in two for allowing this workflow.
The text was updated successfully, but these errors were encountered: