Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarification regarding multisig OOBI #171

Open
lenkan opened this issue Jan 19, 2024 · 3 comments
Open

Clarification regarding multisig OOBI #171

lenkan opened this issue Jan 19, 2024 · 3 comments

Comments

@lenkan
Copy link
Collaborator

lenkan commented Jan 19, 2024

There has been some discussion on github and discord regarding how multisig OOBI urls work. This issue on signify-ts contains some further references: WebOfTrust/signify-ts#193

Consider a group AID multisig with participants member1 and member2 and their keria agents agent1 and agent2. Currently, when calling GET /oobis/multisig to generate an OOBI url for the group, you have to specify the role as either agent, witness or controller.

So, for example, if member1 would call this endpoint to generate an OOBI url for the group they would specify the role parameter agent and and get a result:

https://keria-url/oobi/<multisig aid>/agent/<agent1 aid>

If another AID, for example a credential issuer resolves this OOBI url and then grants a credential to that AID, only member1 would receive this message.

The current workaround is to construct an URL on the client side by stripping the /agent/<agent1 aid> part of the URL. So you would get:

https://keria-url/oobi/<multisig aid>

See the example scripts in signifypy and signify-ts:
@2byrds
Copy link
Collaborator

2byrds commented May 2, 2024

From our dev meeting:
Only one oobi is being chosen in the signify-ts example. There are a number of options:

  1. Clients can review the agent OOBIs and return the non-role OOBI (like seen in the tests). Does this belong in the logic or API? If this is handled at the API level it would help the user to receive the generic OOBI. @Arsh-Sandhu will send his fix.
  2. Generate an OOBI url with just a role in it
  3. Consumer can resolve all oobis

@lenkan
Copy link
Collaborator Author

lenkan commented May 2, 2024

Here is a reference to a discussion in discord regarding this: https://discord.com/channels/1148629222647148624/1148734044545228831/1194270946215854182

@2byrds
Copy link
Collaborator

2byrds commented Nov 14, 2024

See #305 and once this is resolved this process will be documented/clear.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@2byrds @lenkan