-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ERC: Ethereum Claims Registry #780
Comments
I think the submitter's identity should be recovered from a |
@alex-miller-0 The main reason to use |
Aww man I liked the |
Here's a bunch of context for people just catching up: uport-project/uport-registry#24 |
@oed That make sense, but it still gives me pause because this requires every claim issuer pay gas (maybe not in the future, but for now). Seems like you could still add something like In any event, great use of Ethereum overall 👍 |
@oed can you put some example use cases? For me this just look like a generic key value store contract and no specific functions to handle claim(such as validate Claim) but I may be wrong as I am not so sure what kind of usecase you have in mind. |
A comment from Pelle on Reddit has more context and use cases https://www.reddit.com/r/ethereum/comments/7gewn7/erc_780_ethereum_claim_registry/ |
@oed - I'm not sure about this statement:
Say I want to look up all claims made by an Or is the model designed to be augmented by another form of storage that can be queried more easily, meaning the contract storage is used for arbitration? |
@nmushegian I know you do ;) But I think that @alex-miller-0 @makoto It is very generic! The goal here is to create something that allows for any type of claim to be issued. As you saw @pelle mention on reddit, the first use case for uport is to store the public signing and encryption key of identities. But other usecases include:
The idea of a contract being able to make claims is very interesting. One could construct a contract that for example verifies a zero-knowledge proof and if it is correct issues a claim. So it should be possible to create a contract such that; if a subject has a claim issued by this contract, we can be sure that the subject is a European citizen without revealing which exact country, for example. @lukehedger You are right, with this design you can't currently look up all the claims made by an |
@oed Thank you for the clarification. Do you expect entire Ethereum universe to put their claims into one contract (like ENS Registry contract), or each project (eg: uPort, Gnosis, MelonPort) to have their own repository like ERC20 does for their tokens? |
@makoto This would be more similar to ENS where there is one central registry contract, rather then ERC20 which is just an interface. The reason for this is that the contract code itself has to be verified. In the case of ERC20 you just need to have the same interface. |
|
Should |
If the function name is |
In terms of use case, I have something similar which could potentially replace with this Claims registry https://github.com/makoto/blockparty/blob/master/contracts/InvitationRepository.sol The above contract manages a set of a unique code which I use to invite a participant to register my event management smart contract (more detail is at http://www.noblockno.party). I once thought about replacing it with ENS and I gave up because ENS value only allows certain set of record type (eth address, ABI, etc). https://docs.ens.domains/en/latest/implementers.html#writing-a-resolver The ClaimRegistry is better suited because both key and value can be anything (in fact you don't really need The big question is what is the benefit of mixing my party invitation data with Uport attestation data which are remotely related under the same contract? in case of ENS, the more dapp/wallet and exchange implement ENS interface, it allows everybody to lookup naming service in consistent manner. In case of ClaimRegistry I am not sure what benefit brings. The alternative solution could be to propose more generic ENS record type which Uport can make use of. |
@oed My ECDSACall would solve the gas problem because someone else could submit a signed message. But you're right - this functionality could be abstracted to a second layer contract. @Arachnid I like the use of One immediate use I can think of is providing a hash of customer balances at a given timestamp that can later be verified by an auditor. This could be a hash of some data dump, a database itself, or a blockchain. Another use could be for identity - someone could submit a claim that I purchased insurance for my car for 6 months. This information is persisted to their system and can be verified based on some lookup schema in this immutable key-value store. Once my insurance expires, they can revoke that claim. |
Right now uport uses a similar contract to store public keys of users as a simple PKI. Other than that we will use it for storing claims that needs to be read and verified by smart contracts. It could also potentially be used to revoke off-chain claims.
This was my initial thought, but it seems like retriving a claim couldn't be done by another contract then. Atleast with the current solidity version. For example, this does not compile. Am I doing something wrong here?
Sounds resonable.
Good point, updating the example code :) |
I might suggest another function,
such that the claim is removed iff the passed in value is also equal. I might also consider returning the previous value on |
@devinrsmith What would be the usecase for those additions? (I don't have any strong feelings either way) |
Added a function called setSelfClaim which allows the caller to not have to specify the |
What is the reason for only allowing an issuer to set a claim, but either the issuer or the subject to remove a claim? It seems inconsistent and could lead to potential unexpected outcomes. For example, there was discussion on reddit about registering a claim that a particular address is malicious. You would not want to enable that malicious contract to unilaterally remove claims about itself. |
@machinae Flagging an address as malicious contradicts the very notion of Self-Sovereign Identity, and claims logic. For SSI to work a claim has to be made that the address is safe according to the party. I bet claim removal is for an erroneous claim only. |
@machinae Can you elaborate? Since |
@oed I mean more like proof of off-chain validation of the substance of the claim itself. A simple idea for an implementation would be adding a third entity, So you might have something like
which would record that a particular validator entity has attested that claim is valid. The idea being that anyone can self-issue claims, and those claims can be confirmed by multiple entities, increasing decentralization and confidence that the claim is proven. Think of it as almost a multisig scenario for claims, where n attestations might be required. validator in this case could be a government entity, employer, exchange, another smart contract, etc. |
@machinae this could be done now by the "validator" calling setClaim with the same data as you (or anyone else) did. |
If the claim is date of birth, then a claim from a local government that this is my date of birth is a good validation. The best would be a claim by the physician that actually delivered me as a baby that I was born. My birthday would then by definition be the time stamp of that claim. |
I have been following and reading the various ERC discussions for identity standards, and thanks to the above linked article decided to join the discussion. An obvious use-case for this, that is being worked on by many already, is a registry for academic degrees. I am currently in the final stage of my master thesis around this subject, and have used the implementation of this standard for a Proof of Concept. In this PoC, the claims are used as follows: This context hash is the merkle root of a set of certificates that follow the Blockcerts standard (blockcerts.org/). Each leaf in the merkle tree is a certificate that represents a single verifiable claim issued by the University (e.g. leaf 1: grade A for course X, leaf 2: Grade A- for course Y. etc). These blockcerts are bundled together and send to the alumni off-chain. The alumni has an app that can be used for selective disclosure of these leafs. Overall, great work. Personally, I believe that verifiable claims in all sorts of use cases /variations will be the "killer-app" for enterprises implementing blockchain. |
Made some updates to the proposal:
|
@dwking2000, @oed. I think this kind of policy discussion (e.g. "whom do we allow to remove a negative claim?") cannot have a definite and consensual answer. This kind of dilemma arises from the fact of having a central contract in the first place, which is why I'm very dubious about this EIP's approach. One possible way I'm thinking of (but there are probably more clever ones) to resolve this centralisation problem would be to have spawnable registries -- with varying policies -- and a signaling method to point to them from self-sovereign contracts. |
hey @davux @dwking2000 @oed, also have been thinking about the removal of negative claims and other challenges of a central registry contract. These issues seem like something that justifies multiple registry instances. Also unsure about the UX of squashing all claim data into a bytes32 key/val mapping. A richer claims interface might be possible with a federated registry approach. Would love to know your thoughts—have been putting together a prototype of sorts! :) |
@davux @kern @oed I should be able to make a claim and not have it censored (removed). This is already enforced by the blockchain, so in some respects removing a claim is a moot point except to save space and computation (gas). There is a need to signal a claim is not longer valid according to some criteria. UIs or other contracts can filter or derive meaning (reputation) from that. Given that, I can conceptualize several types of registries.
I assume the sovereign registry will be curated by the sovereign entity, and that a canonical registry can in effect be curated by linking claims (attesting to validity or status of existing claims) The power of linked registries or linked claims is where I see solutions that are interesting. I should be able to make a sovereign claim (which I can revoke at a later date) and expose that for others to attest to. In many cases this self claim would be a request from some other entity that needs to attest to the claim. For example, you send me a claim such as 'IsMember 42 of the l33th4x0r club' requesting I enter it into my sovereign claim registry. You then attest to it as the authority. If I don't pay my dues you remove the IsMember claim in your curated club registry that links to my claim. As the club curator your registry is the authority on the membership status but to be truly believable it would require my acceptance first via the self-claim. I can also imagine linked claims being made that are encrypted but verifiable by specific parties. This allows for 'opt in' claims and gives individuals the ability to expose and self-censor. Further, I can see individuals setting up policies that auto-accept certain types of claim requests or claim requests from whitelisted entities. I think the problem we are struggling with is the concept of a single central canonical registry when it could be an ecosystem of registries and claims that attest to other claims building out trust graphs. |
@oed description for |
Being an open registry, the data set (key, value), workflow (claim pending, claim issued, expiration, replacement, update, revocation), semantics† wasn't defined yet. This clarity affects the value of the registry, akin to ftp not being as valued as a SQL interface. At the minimum, do you consider adding expiry? I would argue that the use-cases not depending on claim's expiry is not many. To provide clarity multiple features are needed. e.g. localised (translated) value, set of values ( In most case, an event of † Speaking of semantic, say, the key being "ecdsa pub key" and the value being a public key. What does that mean? There are 2 typical notions: "the subject has, among others, this key"; "the subject is identified by this key". But other cases exist: "I propose the subject has the key (apply for a claim)"; "I know the subject has the key (testify a claim)"; "I recognise the subject has the key (providing context)" etc. If you think I am making the problem look bigger than it really is, compare it to TLS's CSR/DV/OV/EV differences. Regarding the use of HTTP header style - how do you consider the good old X.509 object identifier? After all thousands of attributes and their meaning is defined on a semantic level. e.g. there is no |
There is a huge privacy concern: the more claims there are about a subject, the less privacy the subject enjoys. This works to the advantage of detecting fraud (user 0xxxxx is a scammer) and disadvantage to heavy users. For example, a subject who, as claims show, to be of 18 years old in order to buy a beer, to be of a non-US citizen in order to participate some ICOs, to be of a Computer Science graduate to enjoy alumni club membership, is likely identified and matched to the exact person. (3 connection is all you need in a social network to de-anonymous a person). The more the subject refers to this contract when calling other contracts which call this contract's I am a bit surprised my post is the first to mention the word "privacy". Even with the privacy concern, the use-cases that demand entire public verifiable claim sets, e.g. ATL (referring to things like Adobe Approved Trust List), might still be a good fit for this ERC. † https://github.com/alpha-wallet/ethereum-attestation/releases (I'm one of the authors) |
@colourful-land The right solution for correlation issues is managing multiple identifiers. A famous system that uses that approach is Bitcoin. Another one is Sovrin, based on Hyperledger Indy. |
Hi guys, Example: say we want to distribute a reward between many users. Example 2: a user has an off-chain asset score that a 3rd party can issue as a claim (For example a platform that connects to his various wallets and exchange accounts to fetch balance data). |
Given a claim can now only be removed by the issuer, what is the need for the |
Hi @wilfred-centrality, I've got a similar impression that the issuer address is just a leftover after the recent refactor and I've removed it from my implementation. I'm also curious what do you (@oed, @machinae, @dwking2000) think about the simplest way of attesting/validating claims by issuing a claim with exactly the same data. I prefer that option to one, with referencing the original claim in an external validation contract because there is no need to track updates, as the the attestation is automatically falsified if the author of the original claim change the content or remove the entry?
(https://github.com/alice-si/contracts/blob/claims-registry/contracts/alice/ClaimsRegistry.sol) |
Hey @jakub-wojciechowski and everyone else on the thread. I'm no longer active with this ERC since I left uport, and it seems like it's not on their priority list either. Sorry about that. |
Basic Question : Is this proposal (and discussion thread) the same as contract EthereumDIDRegistry {} that is currently in use by uport project code ? |
@ramanacv no that's a separate ERC (1056) |
is uPort not using this anymore? |
I think they're working on ERC1812 now |
ERC1056 Adds a second verification method with its xxxWithSignature methods. This way, it's possible for an issuer to be an off chain entity. The caller to the method is a "relayer" which is only used to send the claim on chain. |
There has been no activity on this issue for two months. It will be closed in a week if no further activity occurs. If you would like to move this EIP forward, please respond to any outstanding feedback or add a comment indicating that you have addressed all required feedback and are ready for a review. |
This issue was closed due to inactivity. If you are still pursuing it, feel free to reopen it and respond to any feedback or request a review in a comment. |
Is there currently a way around me having to Pay for Approvals when I am offering a claim/airdrop option to like 10k addresses? A way for me to not pay $5-$10 in fees every time someone wants to claim the coins i am offering? |
Is there currently a way around me having to Pay for Approvals when I am offering a claim/airdrop option to like 10k addresses? A way for me to not pay $5-$10 in fees every time someone wants to claim the coins i am offering? |
Abstract
This text describes a proposal for an Ethereum Claims Registry (ECR) which allows persons, smart contracts, and machines to issue claims about each other, as well as self issued claims. The registry provides a flexible approach for claims that makes no distinction between different types of Ethereum accounts. The goal of the registry is to provide a central point of reference for on-chain claims on Ethereum.
Motivation
On-chain claims is becoming increasingly relevant as lots of different smart contracts might want to verify certain attributes about its users. However that is only one out of a very large space of use cases for on-chain claims. By providing a central repository for claims, developers are equipped with a common ground for experimentation. A standardized registry also makes claim lookup simple and gas efficient. Third party contracts only need to make one external call, no need for adding logic for verifying signatures, lookup identity signing keys, etc.
Specification
The ECR is a contract that is deployed once and can then be commonly used by everyone. Therefore it's important that the code of the registry has been reviewed by lots of people with different use cases in mind. The ECR provides an interface for adding, getting, and removing claims. Claims are issued from an
issuer
to asubject
with akey
, which is of typebytes32
. The claims data is stored as typebytes32
.Claim types
The
key
parameter is used to indicate the type of claim that is being made. There are three ways that are encuraged for use in the ECR:X-
. The key is the hash of the claim type (eg,keccak256('Owner-Address')
)keccak256('X-My-Thing')
)Standard claim types
New claim types can be added by making a PR to modify this table.
ERC780Example
Registry specification
The ECR provides the following functions:
setClaim
Used by an
issuer
to set the claimvalue
with thekey
about thesubject
.setSelfClaim
Convenience function for an
issuer
to set a claim about themself.getClaim
Used by anyone to get a specific claim.
removeClaim
Used by an
issuer
to remove a claim it has made.Type conversions
The
value
parameter was choosen to have the typebytes32
. This in order to make the registry entries as general as possible while maintaining a very simple code base. However it is likely that usecases where other types such asaddress
anduint
etc. will emerge. Support for this can be added in various ways. We suggest that a library is implemented that can covert between various solidity types. This means that the registry itself keeps its simplicity. Contracts that need specific types can use such a library to convert thebytes32
into their desired type and back.Deployment
After some discussion on the design of the registry contract it will be deployed and its address should be written in this document. This should include the addresses for the ropsten, rinkeby, and kovan testnets as well.
Updates and governance
In the future there might be new features needed in the registry. In order for such an event to be as transparent as possible the new features should be proposed and approved in a new EIP that contains the new contract code as well as a way of migrating any old claims if deemed necessary.
Appendix: Registry implementation
The text was updated successfully, but these errors were encountered: