Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proposes the DIDComm RPC Protocol for App Attestation and more #804

Merged
merged 13 commits into from
Mar 13, 2024
Merged

Proposes the DIDComm RPC Protocol for App Attestation and more #804

merged 13 commits into from
Mar 13, 2024

Conversation

swcurran
Copy link
Member

@swcurran swcurran commented Dec 5, 2023

The DIDComm Remote Procedure Call (DRPC) protocol enables a JSON-RPC-based request-response interaction to be carried out across a DIDComm channel. The protocol is designed to enable custom interactions between connected agents, and to allow for the rapid prototyping of experimental DIDComm protocols. An agent sends a DIDComm message to request a remote service be invoked by another agent, and gets back a response in subsequent DIDComm message. The protocol enables any request to be conveyed that the other agent understands. Out of scope of this protocol is how the requesting agent discovers the services available from the responding agent, and how the two agents know the semantics of the JSON-RPC requests and responses. By using DIDComm between the requesting and responding
agents, the security and privacy benefits of DIDComm are accomplished, and the generic parameters of the messages allow for flexibility in how and where the protocol can be used.

The initial proposed use of this protocol is for App Attestation.

Copy link
Member

@TimoGlastra TimoGlastra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This might be a good fit for the didcomm.org website?

- `headers` -- optional, a JSON array typically used for conveying HTTP headers to be used in the processing of an HTTP URL `request_type`. As with all parts of this protocol, the meaning is up to the participants of an instance of the protocol.
- Each element of the array is an object with two elements: `{"name": "<header-name>", "value": "<header-value>"}`.
- When a `body` is included, a **required** element in the array is `"name": "Content-Type"` with the `"value"` being the `body`'s [MIME Type] (also know as the media type).
- `body.base64` -- optional, the [Base64 encoded] body of the request.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we allow the request to be attached as an attachment. Then it supports json + base64 + optionally signing in the future

- `request_type` -- **required**, an identifier indicating the type of the request. The value could be a URI, such as an HTTP URL, that the `sender` would like `responder` to resolve, or the value could be just a string understood by the `responder`.
- `headers` -- optional, a JSON array typically used for conveying HTTP headers to be used in the processing of an HTTP URL `request_type`. As with all parts of this protocol, the meaning is up to the participants of an instance of the protocol.
- Each element of the array is an object with two elements: `{"name": "<header-name>", "value": "<header-value>"}`.
- When a `body` is included, a **required** element in the array is `"name": "Content-Type"` with the `"value"` being the `body`'s [MIME Type] (also know as the media type).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this could also be solved by making the request payload an attachment

- `@type` -- required, must be as above
- `@id` -- required, must be as defined in [RFC 0005 DIDComm]
- `request_type` -- **required**, an identifier indicating the type of the request. The value could be a URI, such as an HTTP URL, that the `sender` would like `responder` to resolve, or the value could be just a string understood by the `responder`.
- `headers` -- optional, a JSON array typically used for conveying HTTP headers to be used in the processing of an HTTP URL `request_type`. As with all parts of this protocol, the meaning is up to the participants of an instance of the protocol.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think RPC has no need to be related to HTTP style headers. Besides content type, do you have specific needs for this? We can solve that part with attachments, and we could then just make this part of the body. So if you need headers, we make it part of the body?

@tbloomfi
Copy link

tbloomfi commented Dec 6, 2023

This comment is specific to the use case of app attestation and not the actual protocol. There are some emerging OpenID (driven by EUDI and the EU ARF) standards in this space that might be useful to review. The standard includes both the issuance of attestation credentials and a device binding (authentication) for high assurance use cases:

@swcurran
Copy link
Member Author

swcurran commented Dec 6, 2023

Suggestions from the discussion at the Aries Working Group call 20231216:

  • A number of people thought that we should do an App Attestation protocol vs. using the generic DRPC. Not against DRPC, but that app attestatation is important enough to warrent a protocol.
    • Related to that is looking at the App Attestation HTTP interface that OpenID has defined in @tbloomfi ’s comment above.
  • Several people thought that we should look at gRPC and JSON-RPC to see if we can apply anything from there.
  • Some (such as @TimoGlastra in his comments above) liked the idea of using Attachments vs. the current header-has-MIME-type and body.base64, since attachments give the implementers flexibilty in formatting the data.
  • Also the request above to drop header altogether and having any user of the protocol put whatever extra info (headers, etc.) into the body (or attachment if we go that way).

We’ll consider the suggestions to this protocol and provide an update with discussion of the changes.

As to the App Attestation protocol — we’ll look at that, but would like more community feedback on the current implementation (based on basic-message — and even less suitable protocol) and experience in using it.

Thanks for the feedback!

@swcurran
Copy link
Member Author

swcurran commented Dec 8, 2023

Revamped the protocol to use JSON-RPC -- what a great idea!!! Makes the protocol much cleaner and easier, building on the shoulders of that specification. We did look at gRPC but found it to be too heavy weight for this purpose -- too much code / configuration of protobufs / processing to manage.

Changes:

  • reworked the introduction to clarify the purpose, uses and benefits
  • added note that the example of app attestation might be its own protocol.
  • changed roles, states and messages to use JSON-RPC terms/concepts/items
  • By using the JSON-RPC concepts, there is no need to enforce at the protocol level base64 encoding or use attachments. The params for an RPC are in whatever formats the participants agree up on.
  • did not include id from JSON-RPC, relying on DIDComm's id / thid instead. But...see "Unresolved questions"
  • Removed adopted ack/problem-report in favour of the response mechanisms in JSON-RPC that cover those scenarios.
  • Outlined the expected response when the server does not understand the request

Unresolved questions -- feedback welcome:

  • JSON-RPC includes the concept of batch requests, where a set of JSON-RPC objects are included in a single request. Should we add support for batch requests to this DRPC protocol?
  • JSON-RPC includes the concept of a "notification" request, where a response to the request is not needed. Should we add support for notification requests to this DRPC protocol?
  • Should we include the idea of a request having a goal code (RFC 0519 Goal Codes)?

@TelegramSam
Copy link
Contributor

WG 20240124 implementation under way in ACA-Py.

Copy link
Contributor

@TelegramSam TelegramSam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discussed WG 20240313. merge approved.

@swcurran swcurran merged commit 0b61912 into hyperledger:main Mar 13, 2024
1 check passed
@swcurran swcurran deleted the rpc branch March 13, 2024 15:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants