Slack Archive

<@U024KC347B4> has joined the channel

Number of replies: 0

sam

<@U013SSREL0H> has joined the channel

Number of replies: 0

kent

<@U03EUG009MY> has joined the channel

Number of replies: 0

petteri.stenius

<@U03U37DM125> has joined the channel

Number of replies: 0

daniel.hardman

<@U03RLLP2CR5> has joined the channel

Number of replies: 0

hvancann

<@U02PA6UQ6BV> has joined the channel

Number of replies: 0

2byrds

<@U035R1TFEET> has joined the channel

Number of replies: 0

trent

<@U0448S72CQN> has joined the channel

Number of replies: 0

sbutterfield

<@U02N0K6LL93> has joined the channel

Number of replies: 0

rodolfo.miranda

<@U03P53FCYB1> has joined the channel

Number of replies: 0

pfeairheller

2022-12-17T02:57:42.000Z

Number of replies: 0

pfeairheller

2022-12-17T02:59:12.000Z

I updated this repo with actual working cryptographic primitives of raw to qualified base64 for all the types I believe are needed to implement Signify's signing at the edge. I ported over unit tests from KERIpy to ensure compatibility as I believe communication between a cloud agent and an edge signer should be via CESR

Number of replies: 0

pfeairheller

2022-12-17T03:00:01.000Z

Up next for this weekend includes updating the LICENSE and README files, adding CI for the unit tests with GitHub actions and including a few badges because, you know... badges are cool

Number of replies: 0

pfeairheller

2022-12-17T03:01:41.000Z

After all that is finished, I'm going to start fleshing out key creation on the client and figure out how that would integrate with keripy. In particular, I'm curious what needs to be communicated from the cloud agent to the edge for hierarchical deterministic key chains. I look forward to studying the Manager and Keeper in keripy to figure out what is tracked for that purpose.

Number of replies: 0

daniel.hardman

2022-12-17T10:51:09.000Z

Wow! Super exciting!

Number of replies: 0

kent

2022-12-17T11:31:34.000Z

Yes, this is very exciting. I would like to pitch in however I can. I’m studying those classes, and many others, as I bring myself up to speed on KERIpy. I’ll put a focus on Manager and Keeper so I can be of use here.

Number of replies: 0

pfeairheller

2022-12-28T23:29:50.000Z

I just merged in a new PR: Highlights include a ported Manager, test Keeper, Encrypter/Decrypter, Signer and Indexer and Siger with dual index support. I also got CI/CD working and running tests on each PR.

Number of replies: 0

kent

2022-12-28T23:33:41.000Z

That’s cool. Nice work. Hope to join you soon.

Number of replies: 0

pfeairheller

2022-12-29T01:48:25.000Z

I still have several hundred lines of Manager tests to port over from keripy which I can do now that I have Siger implemented.

Number of replies: 0

pfeairheller

2022-12-29T01:49:38.000Z

After that, I'd like to build 2 things. First, a web page that exercises the Manager functionality just to see it working in a browser. Second, a REST API in keripy for the test Keeper interface in Signify

Number of replies: 0

pdm

2023-01-05T15:01:30.000Z

<@U04HMQT1XFV> has joined the channel

Number of replies: 0

nuttawut.kongsuwan

2023-01-12T01:43:55.000Z

<@U04H17ZEX9R> has joined the channel

Number of replies: 0

tung

2023-01-24T15:53:18.000Z

<@U04GUPCB1M4> has joined the channel

Number of replies: 0

7moshe7

2023-01-27T12:18:02.000Z

<@U02MD0HA7EJ> has joined the channel

Number of replies: 0

joseph.l.hunsaker

2023-01-31T16:03:49.000Z

<@U03QRSUA87Q> has joined the channel

Number of replies: 0

pfeairheller

2023-02-05T01:48:26.000Z

I have not been good at updating my progress on Signify on this channel recently. Last week I merged in: That added support for hierarchical deterministic keychains into the TypeScript Signify client and also started working on the Python server (signifypy) that will be the new KERI Python Agent to support signing at the edge. I'll have more PRs coming this weekend. I was hesitant to add GitHub integration to the repos for fear of the noise. However, for fear of being drowned out by the Chesty Crustaceans and all their posts over on <#C04LNE87GHE|cesr-dev> I think maybe it is time. Since I am in love with emoji voting, here's the vote: :no_mouth: - Stay quiet and don't add GitHub integrations for signify-ts and signifypy :crab: - Integrate GitHub and be as loud as the Crabs

Number of replies: 0

petteri.stenius

2023-02-07T14:46:15.000Z

FYI - Ed25519 is becoming natively supported in browsers with Web Crypto API. Chrome already has it (you need to enable ). See here With this you could do for example: `const key = await crypto.subtle.generateKey({ name: "Ed25519" }, false, ["sign", "verify"]);` `const signature = await crypto.subtle.sign({ name: "Ed25519" }, key.privateKey, data);`

Number of replies: 0

andreialexandru98

2023-02-07T15:16:19.000Z

<@U0474LZ0ZLG> has joined the channel

Number of replies: 0

petteri.stenius

2023-02-11T14:00:43.000Z

Hi <@U024CJMG22J>. I have tried running signigy-ts in a browser. There are some issues I run into: - Signify uses the Buffer type which is for Node server side. Should re-factor and replace with Uint8Array - Blake3 wasm has some issues. Cannot get it working in a browser with the toolchain my tester app uses. - I replaced urlsafe-base64 with js-base64 that better works in a browser I have a with fixes to some of these issues. I also created a simple app that invokes code in signify-ts. Using latest Chrome the tester can successfully invoke Keri Signer but not Blake3 digest. Before creating a pull request I'd like to know if this the correct way? For example what is best practice to to solving platform differences (Browser vs Node)? Now I created a virtual "platform" module that is routed to either "platform-browser" or "platform-node" depending on context. Also are there some preferences with toolchains the system should support? Personally I have limited experience with this.

Number of replies: 0

pfeairheller

2023-02-11T15:07:46.000Z

Hi Petteri- This is good stuff, thanks for looking at this. I've been able to get all the way through AID creation (including Blake3) with a tester app of my own in Chrome after make several changes to signify-ts. Of course after these changes my tests won't run in signify-ts repo. However, I'm wondering if this is the right approach. I'm not sure we want to be running a signify client in a browser by loading the client as a web app. Instead, I've started working on an Electron app that can be packaged and signed to provide more secure code delivery. With this approach, we can leave signify-ts as a Node library and run the signify code in the main process of the Electron app (which is Node). Eventually we may want to deliver multiple modules from signify-ts for browser and Node but maybe not in the short term. What does everyone think?

Number of replies: 0

griffin.kev

2023-02-11T16:06:44.000Z

I like the electron route, we used it for keep for our first iteration and while signing can be awkward to get right (thanks Apple) I does feel right. I'd also like to see where bundling with things like Ionic/Cordova/Flutter/Tauri could push a "better" user experience opposed to rebuilding web apps from scratch with things like Mithril.

Number of replies: 0

griffin.kev

2023-02-11T16:07:58.000Z

Maybe there could be some an alternative route with Cesride and Tauri to do a PoC, see what signing at the edge looks like with that stack O_o

Number of replies: 0

griffin.kev

2023-02-11T16:08:04.000Z

¯\_(ツ)_/¯

Number of replies: 0

griffin.kev

2023-02-11T16:08:27.000Z

so many options (but I like building and signing locally regardless of the stack)

Number of replies: 0

pfeairheller

2023-02-11T16:13:46.000Z

So yeah, Tauri looks a lot like Electron but with Rust as the "main process" instead of Node. So if we keep the UI clean enough in the Electron app it could be repurposed over to Tauri. So all Signify stuff stays out of the UI and can be implemented in either Rust with CESRide or in Node with Signify-TS

Number of replies: 2

pfeairheller

2023-02-11T16:13:46.000Z

No, they are targeting different functionality. I would assume that there would be a signify-ide or signifide or signide or something similar that would consume CESRide and expose the same functionality as signify-ts.

pfeairheller

2023-02-11T16:13:46.000Z

But that doesn't exist yet

petteri.stenius

2023-02-12T06:52:55.000Z

Thanks, this is good discussion. Is this a slight change in direction or priorities? From my perspective the main difference to Keep is that, because of signify edge model, the Keri Agent does not need to be local but can exist in the "cloud". However, as with Keep, this model requires installing a thick "desktop client" and in the short term does not support web based clients.

Number of replies: 2

pfeairheller

2023-02-12T06:52:55.000Z

I wouldn't characterize this as a change in either direction or priorities but more of a learning exercise trying to find the best path forward. Seeing the limitations of the current version of a TypeScript signify client we, as a community, may want to step back and see if we can coordinate efforts and see if there is a better path.

petteri.stenius

2023-02-12T06:52:55.000Z

Yes and I am willing to help with this effort. Would it be possible to have a discussion on goals to better understand things?

contact.johannes

2023-02-12T23:48:13.000Z

<@U04PXR871PS> has joined the channel

Number of replies: 0

harold_carr

2023-02-13T00:20:53.000Z

<@U03RTP08W3B> has joined the channel

Number of replies: 0

undefined

2023-02-13T13:48:56.000Z

This message was deleted.

Number of replies: 1

pfeairheller

2023-02-13T13:48:56.000Z

No, there is a specific project for implementing a did:keri did method resolver.

pfeairheller

2023-02-13T14:40:40.000Z

No, they are targeting different functionality. I would assume that there would be a signify-ide or signifide or signide or something similar that would consume CESRide and expose the same functionality as signify-ts.

Number of replies: 0

pfeairheller

2023-02-13T14:40:46.000Z

But that doesn't exist yet

Number of replies: 0

pfeairheller

2023-02-13T14:51:02.000Z

That's very premature. Signify is still a work in progress as we are just starting to flesh out what the API looks like. As I mentioned in the thread above, there is sill a missing piece in Rust that would be a version of Signify that consumes CESRide.

Number of replies: 0

pfeairheller

2023-02-13T14:51:44.000Z

Instead of a barrage of questions all over Slack, my I suggest attending a few of the KERI Working Group meetings and get these questions on the agenda. It will be a much more productive way to discuss.

Number of replies: 0

pfeairheller

2023-02-13T15:38:11.000Z

I wouldn't characterize this as a change in either direction or priorities but more of a learning exercise trying to find the best path forward. Seeing the limitations of the current version of a TypeScript signify client we, as a community, may want to step back and see if we can coordinate efforts and see if there is a better path.

Number of replies: 0

pfeairheller

2023-02-13T16:59:14.000Z

No, there is a specific project for implementing a did:keri did method resolver.

Number of replies: 0

griffin.kev

2023-02-13T19:28:46.000Z

Meetings are the best place to have the discussions for sure, it’s also nice to put names to faces and do introductions too

Number of replies: 0

petteri.stenius

2023-02-14T16:00:27.000Z

Yes and I am willing to help with this effort. Would it be possible to have a discussion on goals to better understand things?

Number of replies: 0

kent

2023-02-22T02:33:14.000Z

> I’m not sure we want to be running a signify client in a browser by loading the client as a web app. > … > Eventually we may want to deliver multiple modules from signify-ts for browser and Node but maybe not in the short term. What does everyone think? We could write a browser extension wallet similar to MetaMask. I haven’t done one yet though I want to explore that option. Has anyone tried this route or are there any reservations against a browser extension for signing at the edge?

Number of replies: 0

pfeairheller

2023-02-22T03:17:46.000Z

I have no reservations at all. If we can sign the client code to protect the code delivery with KERI, that would be a great option

Number of replies: 0

petteri.stenius

2023-02-24T09:03:34.000Z

Hi <@U024CJMG22J>. I tried running the tests for latest code in keria and signifypy. Looks like the identifiers that get generated in my env are not stable. Could some bootstrapping config be missing?

Number of replies: 0

pfeairheller

2023-02-24T14:01:20.000Z

That repo is a work in progress. I'm not sure what state the tests are in right now

Number of replies: 0

petteri.stenius

2023-02-25T10:49:13.000Z

I was able to work around identifier issues but run into other issues such as `AttributeError: module 'keri.end.ending' has no attribute 'siginput'` I'll wait for things to become more stable.

Number of replies: 0

petteri.stenius

2023-02-25T11:19:49.000Z

Signifypy sends signed http requests to keria. Is this based on IETF draft ?

Number of replies: 0

pfeairheller

2023-02-25T15:34:37.000Z

Sorry Petteri if I wasn't clear but this repo is not expected to be in a state yet where other can use it. I'm pushing code there just to get started but there are changes to KERIpy that haven't been merged in yet.

Number of replies: 0

pfeairheller

2023-02-25T15:35:21.000Z

I need to have a conversation with Sam next week about the changes I've made to KERIpy before I push them.

Number of replies: 0

pfeairheller

2023-02-25T15:36:33.000Z

I'm hitting some unexpected problems implementing signing at the edge that is going to require more refactoring than expected.

Number of replies: 0

pfeairheller

2023-02-25T15:39:13.000Z

Yes, that is the HTTP signature scheme we are using

Number of replies: 0

daniel.andersson

2023-02-28T13:34:21.000Z

<@U04DQE2G36F> has joined the channel

Number of replies: 0

pfeairheller

2023-04-13T22:51:04.000Z

Some really good news just in time for IIW. Today I added support for multi-tenancy to the KERIA server. So a single running instance of KERIA will be able to support any number of isolated Agents that each support a Signify client. We feel like this will greatly reduce deployment complexity and enhance scalability. I'll be holding a session next week at IIW to review the KERIA architecture and Signify client design and make plans for collaboration moving forward.

Number of replies: 0

kent

2023-04-14T00:27:14.000Z

Wow, that is excellent news! I will be at that session. Great work.

Number of replies: 0

petteri.stenius

2023-04-17T08:19:24.000Z

Sounds really good <@U024CJMG22J>. I can't make it to IIW this time. I hope you can share your presentation later.

Number of replies: 0

petteri.stenius

2023-05-02T18:51:04.000Z

Hi <@U024CJMG22J>. What's the state of keria and signifypy tests? I can get the keria tests to pass but almost all signifypy tests are failing.

Number of replies: 0

pfeairheller

2023-05-02T19:53:48.000Z

Hi Petteri- Last week we focused on getting the KERIA repo squared away with CI, test coverage and docker image. The rest of this week we will be focusing on the same for sygnifypy. We just added a new resource to our team so we expect to start making even faster progress.

Number of replies: 0

pfeairheller

2023-05-02T19:54:41.000Z

Stay tuned for PRs to SignifyPy (posted to <#C04NGM6FJ73|signify-dev>) as we come up with a solid testing approach for mocking API calls and start fixing and filling out test coverage.

Number of replies: 0

markus

I haven't really spent time to learn about signify, but there may be some similarities between this concept and something that we have been calling "client-managed secret mode" in the DID Registration specification, where we tried to separate DID operations (which can be performed by a remote service) and key operations (which are always performed locally): • •

Number of replies: 4

2byrds

This is very cool. I liked the walk through of challenge/response, etc. The universal registrar is acting similar to KERIA and the web client, local key management, etc. are like a signify client. I’ll be interested to see what others think!

2byrds

Certainly more complexity/features with KERIA/Signify but similar concept

rodolfo.miranda

Great podcast! Thanks for sharing.

pfeairheller

Thanks for the links, I'll check this out this afternoon

2byrds

2023-05-03T17:48:35.000Z

This is very cool. I liked the walk through of challenge/response, etc. The universal registrar is acting similar to KERIA and the web client, local key management, etc. are like a signify client. I’ll be interested to see what others think!

Number of replies: 0

2byrds

2023-05-03T17:55:00.000Z

Certainly more complexity/features with KERIA/Signify but similar concept

Number of replies: 0

rodolfo.miranda

2023-05-03T18:19:39.000Z

Great podcast! Thanks for sharing.

Number of replies: 0

rodolfo.miranda

<@U024CJMG22J>, quick question. Can you briefly tell what the `addEndRole` call does in signify/keria?

Number of replies: 5

pfeairheller

As the name (sort of) suggests, end roles provide authorization for endpoint providers to serve a given role for a controller. So for example, every witness serves in the witness role for the controller of an AID by virtue of being a witness declared in the KEL. For other roles, like the new `agent` role in KERIA, the controller has to declare the role manually by signing end role data that gets shared then with an OOBI

rodolfo.miranda

oook. Should the `agent` role need to be added to each AID created in KERIA?

pfeairheller

Yes it should. I originally had it happen automatically in the Signify client but that over complicated AID creation so I created a separate API call.

pfeairheller

But it has to be initiated in the Signify client because it involves signed data.

rodolfo.miranda

got it. thx

pfeairheller

2023-05-03T18:33:33.000Z

Thanks for the links, I'll check this out this afternoon

Number of replies: 0

pfeairheller

2023-05-03T18:40:19.000Z

As the name (sort of) suggests, end roles provide authorization for endpoint providers to serve a given role for a controller. So for example, every witness serves in the witness role for the controller of an AID by virtue of being a witness declared in the KEL. For other roles, like the new `agent` role in KERIA, the controller has to declare the role manually by signing end role data that gets shared then with an OOBI

Number of replies: 0

pfeairheller

I don't think I've shared these yet... here are my slides on KERIA from last IIW.

Number of replies: 3

petteri.stenius

This is a helpful presentation, thanks! Could you explain in more detail the multi-tenant design? Is the workflow with the boot interface something like this: boot -> perform operations -> un-boot?

pfeairheller

No, the `/boot` interface is not like locking and unlocked from the Mark I agent. Instead, you use the `/boot` interface to provision a new agent worker (analogous to the previous Agent) on behalf of a controller (Signify client). That call is only needed once and is out of band relative to the communication between the Signify client and KERIA service. So for example, if someone were to host KERIA a a service, they would provide a web portal for users to sign up and expose the `/boot` interface to internal infrastructure only. Once the user is signed up and provides the information from their Signify client needed to provision an agent worker, service provider calls `/boot` internally and returns connection information to the signify client. From that point forward all API requests and responses between signify client and KERIA are signed and authentication with KERI signatures and routed to the correct agent worker using the AID that signs the request.

rodolfo.miranda

<@U024CJMG22J>, for Randy key types, in the ppt you said "Private keys, next public keys encrypted on client and stored on Agent". Which key is used to encrypt? the signifyClient key? And a second question: how rotation events on the signifyClient AID are communicated to the Agent?

rodolfo.miranda

2023-05-03T18:44:29.000Z

oook. Should the `agent` role need to be added to each AID created in KERIA?

Number of replies: 0

pfeairheller

2023-05-03T18:56:17.000Z

Yes it should. I originally had it happen automatically in the Signify client but that over complicated AID creation so I created a separate API call.

Number of replies: 0

pfeairheller

2023-05-03T18:56:39.000Z

But it has to be initiated in the Signify client because it involves signed data.

Number of replies: 0

rodolfo.miranda

2023-05-03T18:57:13.000Z

got it. thx

Number of replies: 0

rodolfo.miranda

2023-05-03T22:00:38.000Z

When using salty key type, how is the key chain determined? Initially, the path (stem) and the passcode is required , but how the next keys are derived from there?

Number of replies: 0

pfeairheller

2023-05-03T22:02:08.000Z

By creating a path that is passed to libsodium that is made up of the stem, the AID relative index with in a give "wallet" and the key index with in the identifier

Number of replies: 0

rodolfo.miranda

2023-05-03T22:09:53.000Z

great, thanks! Sorry for the silly question, but I couldn't find easily on the code.

Number of replies: 0

rodolfo.miranda

2023-05-03T22:11:27.000Z

I'm researching if we can do something with those crypto hardware wallets such as the Ledger Nano or Trazor and connect them as a HSM to signify.

Number of replies: 0

pfeairheller

2023-05-03T22:15:08.000Z

Check out

Number of replies: 0

pfeairheller

2023-05-03T22:15:35.000Z

That is an implementation of a SHIM (Signify HSM Integration Module) for Google Cloud KSM

Number of replies: 0

pfeairheller

2023-05-03T22:16:04.000Z

Clone that and reimplement the methods in the GcpKsmShim class using the hardware wallet API

Number of replies: 0

pfeairheller

2023-05-03T22:17:27.000Z

And then look at the `test_extern` method in `integration/app/integration_clienting.py` in Signify for an example of how to load a SHIM and use it to create an AID.

Number of replies: 0

pfeairheller

2023-05-03T22:17:55.000Z

Let me know if you have any questions. The API for SHIMs is still experimental so any suggestions for improvements would be appreciated.

Number of replies: 0

petteri.stenius

2023-05-04T05:46:24.000Z

This is a helpful presentation, thanks! Could you explain in more detail the multi-tenant design? Is the workflow with the boot interface something like this: boot -> perform operations -> un-boot?

Number of replies: 0

2byrds

2023-05-04T13:35:23.000Z

<@U024KC347B4> can you post the Signifide meeting invite (or details) here?

Number of replies: 0

griffin.kev

2023-05-04T13:38:13.000Z

Signifide doesn't technically have a call

Number of replies: 1

2byrds

2023-05-04T13:38:13.000Z

I should have said keride?

pfeairheller

2023-05-04T13:48:38.000Z

No, the `/boot` interface is not like locking and unlocked from the Mark I agent. Instead, you use the `/boot` interface to provision a new agent worker (analogous to the previous Agent) on behalf of a controller (Signify client). That call is only needed once and is out of band relative to the communication between the Signify client and KERIA service. So for example, if someone were to host KERIA a a service, they would provide a web portal for users to sign up and expose the `/boot` interface to internal infrastructure only. Once the user is signed up and provides the information from their Signify client needed to provision an agent worker, service provider calls `/boot` internally and returns connection information to the signify client. From that point forward all API requests and responses between signify client and KERIA are signed and authentication with KERI signatures and routed to the correct agent worker using the AID that signs the request.

Number of replies: 0

2byrds

2023-05-04T13:52:59.000Z

I should have said keride?

Number of replies: 0

griffin.kev

2023-05-04T13:53:27.000Z

the same would apply

Number of replies: 1

2byrds

2023-05-04T13:53:27.000Z

okay i thought i was missing them, but you can’t miss what isn’t there ;p

2byrds

2023-05-04T13:54:12.000Z

okay i thought i was missing them, but you can’t miss what isn’t there ;p

Number of replies: 0

griffin.kev

2023-05-04T13:55:27.000Z

we should use the cesride call to talk about it. Is the general KERI call the place to discuss things? do we want to a keride call to replace cesride? keride is my solution to potential library proliferation in the Rust ecosystem <@U04HQD29Z7E> is the only one using cesride in production I believe so he should be on the call to discuss

Number of replies: 0

rodolfo.miranda

2023-05-04T14:07:28.000Z

other option is to have just one broader dev call.

Number of replies: 0

rodolfo.miranda

2023-05-04T15:55:48.000Z

<@U024CJMG22J>, for Randy key types, in the ppt you said "Private keys, next public keys encrypted on client and stored on Agent". Which key is used to encrypt? the signifyClient key? And a second question: how rotation events on the signifyClient AID are communicated to the Agent?

Number of replies: 0

rodolfo.miranda

I'm sharing some screenshot of a working trezor-shim. A SHIM is a Signify Hardware Module Extension. In this case, I implemented a shim for a Trezor Hard Wallet, those personal devices that are mostly used as cryptocurrency wallets. Private keys are generated in device and never leaves it, so the shim ask to create the signatures.

Captura de pantalla 2023-05-08 a la(s) 10.33.17 a.m..png

Number of replies: 4

pfeairheller

Technically SHIM stands for Signify HSM Integration Module.

pfeairheller

This is very exciting stuff!!

rodolfo.miranda

I think those kind of devices can be really helpful. They are a good match for Signify

rodolfo.miranda

<@U024CJMG22J>, one thing that confused me in your `gcp-ksm-shim` is that it signs the sha256 hash of the event (`hash_ = hashlib.sha256(ser).digest()`). So when I tried a similar approach signing a hash of the event, either sha256 or blake3, KERIA fails verifying the signature. However when I sign the full ser, KERIA doesn't complain. So I wonder if using a hash is OK and how you let KERIA know that.

rodolfo.miranda

2023-05-08T13:44:07.000Z

I used ed25519 keys but this model (Trezor One) also support secp256k1. Keys are deterministically derived from the main key. I still need to clean the code and review some existencial questions with Phil.

Number of replies: 0

pfeairheller

2023-05-08T13:45:23.000Z

Technically SHIM stands for Signify HSM Integration Module.

Number of replies: 0

pfeairheller

2023-05-08T14:22:26.000Z

This is very exciting stuff!!

Number of replies: 0

rodolfo.miranda

2023-05-08T14:25:51.000Z

I think those kind of devices can be really helpful. They are a good match for Signify

Number of replies: 0

pfeairheller

I updated with a (really raw) example app, changes to support browser deployment and a first pass at a SignifyClient class. <@U03P53FCYB1> and <@U0474LZ0ZLG> :eyes:

Number of replies: 4

eujin

`@types/libsodium-wrappers-sumo` - this development tool package should be in `devDependencies` block, shouldn't it?

pfeairheller

libsodium is core to the functionality of signify-ts and not a development tool

eujin

I meant the type definition package of `libsodium-wrappers-sumo`. While `libsodium-wrappers-sumo` serves as the crypto library as a normal dependency, `@types/libsodium-wrappers-sumo` serves as a tool for development as its type definition. I had an error while I was installing npm dependencies with the current `package.json`.

pfeairheller

Oh, ok. Unless we are exporting any types from libsodium it would be ok to move the types into devDependencies. _We accept PRs_

pfeairheller

2023-05-08T20:50:50.000Z

I also added github messages for the repo to <#C04NGM6FJ73|signify-dev>

Number of replies: 0

rodolfo.miranda

2023-05-08T22:39:29.000Z

<@U024CJMG22J>, one thing that confused me in your `gcp-ksm-shim` is that it signs the sha256 hash of the event (`hash_ = hashlib.sha256(ser).digest()`). So when I tried a similar approach signing a hash of the event, either sha256 or blake3, KERIA fails verifying the signature. However when I sign the full ser, KERIA doesn't complain. So I wonder if using a hash is OK and how you let KERIA know that.

Number of replies: 0

eujin

2023-05-09T08:36:04.000Z

`@types/libsodium-wrappers-sumo` - this development tool package should be in `devDependencies` block, shouldn't it?

Number of replies: 0

pfeairheller

2023-05-09T13:37:54.000Z

libsodium is core to the functionality of signify-ts and not a development tool

Number of replies: 0

eujin

2023-05-09T15:34:29.000Z

I meant the type definition package of `libsodium-wrappers-sumo`. While `libsodium-wrappers-sumo` serves as the crypto library as a normal dependency, `@types/libsodium-wrappers-sumo` serves as a tool for development as its type definition. I had an error while I was installing npm dependencies with the current `package.json`.

Number of replies: 0

pfeairheller

2023-05-09T15:42:58.000Z

Oh, ok. Unless we are exporting any types from libsodium it would be ok to move the types into devDependencies. _We accept PRs_

Number of replies: 0

rodolfo.miranda

2023-05-09T22:25:44.000Z

Reposting this question in case it got lost :grinning:: <@U024CJMG22J>, one thing that confused me in your `gcp-ksm-shim` is that it signs the sha256 hash of the event (`hash_ = hashlib.sha256(ser).digest()`). So when I tried a similar approach signing a hash of the event, either sha256 or blake3, KERIA fails verifying the signature. However when I sign the full ser, KERIA doesn't complain. So I wonder if using a hash is OK and how you let KERIA know that.

Number of replies: 0

pfeairheller

2023-05-09T22:33:14.000Z

That is specific to the ECDSA algorithm used for the secp256 signatures.

Number of replies: 0

pfeairheller

2023-05-09T22:34:47.000Z

Ed25519 does something similar but inside the signing algorithm so externally you just sign the full data

Number of replies: 0

rodolfo.miranda

2023-05-09T22:47:21.000Z

good to now the reason. Thanks!

Number of replies: 0

griffin.kev

Hey folks, we've been having some discussion and it seems given the direction and momentum of signing at the edge (signifypy, signify-TS, and signifide) and the drop off in the need for an edu call, alongside the completion of CESR (way to go Jason) that we could re-purpose both calls for a weekly signify dev call. We've seen increased interest from multiple parties and it seems wise to utilize this (Thursdays 10am EST) slot moving forward. The call will be focused on those implementing "signing at the edge", integration with KERIA etc, and not focused on spec Q&A (we have Tuesday calls for that). We'll likely try rotate the focus between implementations if we find the need to do so.

Number of replies: 4

2byrds

Looking forward to this! Lots of interest already!

nuttawut.kongsuwan

When will be the first meeting?

2byrds

Looks like it will be next week. This week will be the final CESR meeting

nuttawut.kongsuwan

Thanks!

2byrds

2023-05-10T14:55:53.000Z

Looking forward to this! Lots of interest already!

Number of replies: 0

griffin.kev

2023-05-10T15:13:08.000Z

It has been pointed out to me there is considerable interest around `did:keri` as well and we still need a slot for that. We might want to consider these weekly calls "KERI Dev" calls, and shift the focus.

Number of replies: 1

2byrds

2023-05-10T15:13:08.000Z

I agree, keri-dev calls with a focus on the hottest community development efforts

2byrds

2023-05-10T15:19:43.000Z

I agree, keri-dev calls with a focus on the hottest community development efforts

Number of replies: 0

kent

2023-05-10T21:58:22.000Z

I agree with Kevin and Lance. Focusing the dev calls on the hottest and most desired new developments would be ideal. I’m so glad at the success of the CESR group call and am glad to have contributed at least a little bit. Kevin and Jason did all the heavy lifting there and I’m glad I got to be along for the ride. I hope to be a significant part of Signify, KERIA, or did:keri

Number of replies: 0

griffin.kev

2023-05-10T21:59:02.000Z

~Kevin and~ Jason did all the heavy lifting

Number of replies: 0

griffin.kev

2023-05-10T21:59:07.000Z

:smile:

Number of replies: 0

jason873

2023-05-10T22:53:33.000Z

Hah there were plenty of long reviews and I believe you wrote the spike Matter and Indexer code, Kevin.

Number of replies: 0

jason873

2023-05-10T22:54:07.000Z

I think KERI-dev makes sense, at least from my perspective :smiley:

Number of replies: 0

nuttawut.kongsuwan

2023-05-11T11:14:57.000Z

When will be the first meeting?

Number of replies: 0

2byrds

2023-05-11T11:15:43.000Z

Looks like it will be next week. This week will be the final CESR meeting

Number of replies: 0

nuttawut.kongsuwan

2023-05-11T11:20:35.000Z

Thanks!

Number of replies: 0

kent

2023-05-11T13:52:04.000Z

I’m glad to continue providing the Zoom link for the keri-dev calls for as long as we’d like.

Number of replies: 0

rodolfo.miranda

2023-05-11T15:11:03.000Z

is the call today?

Number of replies: 0

2byrds

2023-05-11T15:11:32.000Z

Next week start

Number of replies: 0

griffin.kev

2023-05-11T15:11:40.000Z

No, the first one will be next week. I'll try get details out today/tomorrow to clarify things

Number of replies: 0

rodolfo.miranda

2023-05-11T15:11:56.000Z

:+1:

Number of replies: 0

rodolfo.miranda

2023-05-11T17:57:34.000Z

We published the Trezor-SHIM here: . Comments are welcome!

Number of replies: 0

kent

2023-05-18T01:42:34.000Z

Why is `bran` in `Controller` the argument passed in to the `passcode` parameter in `SignifyClient`? And then in Controller the following code makes it look like passcode is being used as a salt:

self.bran = coring.MtrDex.Salt_128 + 'A' + bran[:21]  # qb64 salt for seed

Number of replies: 0

kent

2023-05-18T01:43:43.000Z

I’m trying to reuse the controller keypairs I made with the KERIpy KLI in KERIA and I haven’t figured out how to do that yet.

Number of replies: 0

kent

2023-05-18T01:49:49.000Z

Is the initial controller AID created for the `SignifyClient` an instance-specific AID for this particular usage of SignifyClient?

Number of replies: 0

pfeairheller

2023-05-18T02:15:35.000Z

You would not want to do that

Number of replies: 0

pfeairheller

2023-05-18T02:15:56.000Z

Have you read discussion 34 in KERIA?

Number of replies: 0

kent

2023-05-18T21:35:45.000Z

I am reading through it now, thanks for the heads up.

Number of replies: 0

kent

2023-05-18T22:29:19.000Z

I have some questions on a few things after reading through the Kevin posted in the Signify repo today. 1. How do I generate the Signify Client AID? Do I use the KLI or does Signify provide a mechanism here? 2. How do I get the signed inception event? Can I just export it with the KLI?

Number of replies: 0

kent

2023-05-18T22:30:12.000Z

Also, 3. How do I sign the HTTP request with the client AID? Is it just the body of the request that needs to be signed?

Number of replies: 0

pfeairheller

All of these are provided by the signify client

Number of replies: 8

kent

Is there an integration or other test that walks through the three items above? Each test I’ve run has always got a 404 when issuing the initial connection request to KERIA saying ```keri.kering.ConfigurationError: agent does not exist for controller ELI7pg979AdhmvrjDeam2eAO2SR5niCgnjAJXJHtJose```

kent

I’ve got the kli witness demo network up and running as well as KERIA. I’m thinking I’m missing the out of band part in Step One defined in the protocol: ```signed inception event out-of-bands to the KERIA service through the Boot interface```

pfeairheller

Yes, in SygnifyPy with a running KERIA

kent

Do I need to run the `connect.toml` requests through KERIA?

kent

Ok, I see, in the `def test_connect():`function in test_clienting.py. I’ll give it a shot

pfeairheller

There is a file, `integration_clienting.py` that works when run with python against an instance of KERIA

pfeairheller

A main at the bottom where I comment out test cases. That’s how I test it so far. No time for anything else or to document it for anyone else n

kent

Got it, totally understand. You’re slammed. This is what I needed. I should be able to figure it out from here. Thank you.

pfeairheller

2023-05-18T22:32:43.000Z

That’s why it needs minimally sufficient KERI

Number of replies: 0

kent

2023-05-18T23:02:46.000Z

Is there an integration or other test that walks through the three items above? Each test I’ve run has always got a 404 when issuing the initial connection request to KERIA saying

keri.kering.ConfigurationError: agent does not exist for controller ELI7pg979AdhmvrjDeam2eAO2SR5niCgnjAJXJHtJose

Number of replies: 0

kent

2023-05-18T23:04:00.000Z

I’ve got the kli witness demo network up and running as well as KERIA. I’m thinking I’m missing the out of band part in Step One defined in the protocol:

signed inception event out-of-bands to the KERIA service through the Boot interface

Number of replies: 0

pfeairheller

2023-05-18T23:04:36.000Z

Yes, in SygnifyPy with a running KERIA

Number of replies: 0

kent

2023-05-18T23:07:39.000Z

Do I need to run the `connect.toml` requests through KERIA?

Number of replies: 0

kent

2023-05-18T23:09:19.000Z

Ok, I see, in the `def test_connect():`function in test_clienting.py. I’ll give it a shot

Number of replies: 0

pfeairheller

2023-05-18T23:16:35.000Z

There is a file, `integration_clienting.py` that works when run with python against an instance of KERIA

Number of replies: 0

pfeairheller

2023-05-18T23:17:20.000Z

A main at the bottom where I comment out test cases. That’s how I test it so far. No time for anything else or to document it for anyone else n

Number of replies: 0

kent

2023-05-18T23:18:09.000Z

Got it, totally understand. You’re slammed. This is what I needed. I should be able to figure it out from here. Thank you.

Number of replies: 0

andreialexandru98

2023-05-18T23:48:58.000Z

:wave: Is the same passcode supposed to generate the same aid for all signify clients? because when I try to use the `0123456789abcdefghijk` to generate aids, I get different ones for python and typescript sdks, same "tier"

Number of replies: 0

pfeairheller

With the new Salty algorithm the salt is unique per AID. If one isn’t passed to the create call, a random salt is created for that AID

Number of replies: 6

andreialexandru98

but if I pass the same salt it should create the same aid between libraries

andreialexandru98

right?

pfeairheller

Which AID are you talking about? Client AID or or a managed AID?

andreialexandru98

client aid

pfeairheller

This is causing a lot of people confusion. Let me write something up about it

kent

Thank you.

andreialexandru98

2023-05-19T00:04:43.000Z

but if I pass the same salt it should create the same aid between libraries

Number of replies: 0

andreialexandru98

2023-05-19T00:04:45.000Z

right?

Number of replies: 0

pfeairheller

2023-05-19T00:05:45.000Z

Which AID are you talking about? Client AID or or a managed AID?

Number of replies: 0

andreialexandru98

2023-05-19T00:05:57.000Z

client aid

Number of replies: 0

pfeairheller

2023-05-19T00:07:01.000Z

This is causing a lot of people confusion. Let me write something up about it

Number of replies: 0

hvancann

Could anyone share a few words Why SKRAP is needed and who will use it? The text in the repo is about the What and How, not the Why and Who yet. I’d like to improve this:

Number of replies: 12

kent

Mobile clients will be using SKRAP to connect to KERI AIDs via agents in the new, multi-tenant Mark II Agent server, KERIA.

kent

SKRAP is a client to the KERIA server.

kent

Also, browser extensions will use SKRAP in order to use a wallet similar to MetaMask, except it will be KERIMask, and it will be a browser extension.

kent

KERIMask will connect to KERIA servers in order for a person to control AIDs from their browser extension.

kent

SKRAP is also usable from HSMs and hardware wallets because the keys from the hardware wallet, along with some app code, connect through SKRAP to agents running in a KERIA server.

nuttawut.kongsuwan

Do I understand correctly thy ACDCs are meant to be signed and verified at KERIA servers and not at the signify clients?

kent

No, Signify signs things at the edge. This includes ACDCs. KERIA will be used to send communications between agents. The things KERIA sends are signed by Signify.

nuttawut.kongsuwan

I see. Thanks for the clarification.

hvancann

Thanks for the answers! See the result:

hvancann

But now you’ve introduced another term: KERIMask. What is it and why should I use it?

kent

I was riffing off of MetaMask, the Ethereum wallet that is both a browser plugin and a mobile wallet. Once we make an open source wallet implementation then we will name it something.

kent

KERIMask isn’t the best name, it’s just the first one that came up.

rodolfo.miranda

2023-05-19T13:35:22.000Z

<@U024CJMG22J>, quick questions regarding HTTP header authentication/signing: 1- response signature headers are not implemente yet, but they will, right? 2- when the headers are validated, should't we add other enforcements such as timestamp check and nonces to avoid replay attacks?

Number of replies: 0

pfeairheller

2023-05-19T15:06:28.000Z

1 - Yes 2 - all of that is yet to be designed. If you have ideas please document them in issues

Number of replies: 0

rodolfo.miranda

2023-05-19T15:20:21.000Z

I’ll create issues…. and PRs :wink:

Number of replies: 1

pfeairheller

2023-05-19T15:20:21.000Z

To be clear, the code to sign responses exists in KERIA and the code to verify the signature on responses exists in SignifyPy, it just hasn't been tied into the response workflow on either side yet

kent

2023-05-19T16:01:06.000Z

Thank you.

Number of replies: 0

kent

2023-05-19T16:02:16.000Z

Mobile clients will be using SKRAP to connect to KERI AIDs via agents in the new, multi-tenant Mark II Agent server, KERIA.

Number of replies: 0

kent

2023-05-19T16:02:29.000Z

SKRAP is a client to the KERIA server.

Number of replies: 0

kent

2023-05-19T16:03:09.000Z

Also, browser extensions will use SKRAP in order to use a wallet similar to MetaMask, except it will be KERIMask, and it will be a browser extension.

Number of replies: 0

kent

2023-05-19T16:03:36.000Z

KERIMask will connect to KERIA servers in order for a person to control AIDs from their browser extension.

Number of replies: 0

kent

2023-05-19T16:04:03.000Z

SKRAP is also usable from HSMs and hardware wallets because the keys from the hardware wallet, along with some app code, connect through SKRAP to agents running in a KERIA server.

Number of replies: 0

pfeairheller

2023-05-19T16:05:11.000Z

Signify implementers... (especially <@U0474LZ0ZLG> and <@U03P53FCYB1>), I created an initial description of documenting the client AID creation process here with a sample AID and inception event based on a passcode:

Number of replies: 0

pfeairheller

2023-05-19T16:05:39.000Z

This document will be fleshed out with full details up to and including AID creation with Salty and Randy.

Number of replies: 0

kent

What is the equivalent to the `-c [AID]` argument in the current form of KERIA? In trying to run the Signify tests in `integration_clienting.py` I see the following doc comment in the `def test_salty` test:

    """ This test assumes a running KERIA agent with the following comand:

          `keria start -c ELI7pg979AdhmvrjDeam2eAO2SR5niCgnjAJXJHtJose`

    """

Number of replies: 13

kent

I’m looking through the code of old versions of KERIA and I see the `-c` stands for `--controller` : ```parser.add_argument('-c', '--controller', required=True, help="Identifier prefix of the controller of this agent.")``` This was then sent to `agenting.setup` as `conAid` ```doers.extend(agenting.setup(name=name, base=base, bran=bran, ctrlAid=ctrlAid, adminPort=admin,``` This further made it into Habery: `conHby = habbing.Habery(name=conAid, base=base, cf=cf)` And Authenticater: `authn = Authenticater(agent=cagHab, caid=conAid)` And the BootEnd: `bootEnd = BootEnd(cagHab, conAid)`

pfeairheller

That is no longer needed

kent

Ok, I’ll just try running the tests without it, both the recorders and the ones that consume recorded requests.

kent

According to that new document you just posted I think I’m missing creating the Agent AID. This seems like it has to come first in the overall process.

kent

in SignifyPy in `test_salty` If I have the URL in the `client = SignifyClient(url=url, passcode=bran, tier=tier)` statement then I get an error `ConfigurationError('agent does not exist for controller EOgQvKz8ziRn7FdR_ebwK9BkaVOnGeXQOJ87N6hMLrK0')` If I take the `url` argument out then I get past that error, though my point here is I think I am missing some bootstrapping in the KERIA agent. I don’t mean to ask the same question over and over again. There’s something I’m just not getting or just missing on how to initialize `SignifyClient`

kent

OMG, I got past that point. I just had to move the `url` argument from the `SignifyClient` controller to the `client.connect` call.

kent

It looks like the call from the SignifyClient constructor will fail every time because the POST to the `/boot` endpoint hasn’t occurred yet.

kent

Do I have that right?

kent

I just saw your latest commit. Thanks Phil!

kent

I’ll help fix the rest of the tests.

rodolfo.miranda

Hi Kent. For the test just run `keria start` except from the one that needs witness that you may execute `keria start --config-file demo-witness-oobis.json --config-dir ./scripts`

rodolfo.miranda

the Agent AIDs are created automatically by KERIA on each \boot request. You don't need to worry about that.

rodolfo.miranda

If you execute the `test_salty`youl'll see that after creating the SignifyClient there's a call to the `/boot` interface, and just after that is the `connect()` function that generates the first interactions between SignifyClient and KERIA.

kent

2023-05-19T16:06:23.000Z

I’m looking through the code of old versions of KERIA and I see the `-c` stands for `--controller` :

parser.add_argument('-c', '--controller', required=True,
                    help="Identifier prefix of the controller of this agent.")This was then sent to `agenting.setup` as `conAid`
doers.extend(agenting.setup(name=name, base=base, bran=bran,
                                ctrlAid=ctrlAid,
                                adminPort=admin,This further made it into Habery:
`conHby = habbing.Habery(name=conAid, base=base, cf=cf)`
And Authenticater:
`authn = Authenticater(agent=cagHab, caid=conAid)`
And the BootEnd:
`bootEnd = BootEnd(cagHab, conAid)`

Number of replies: 0

pfeairheller

2023-05-19T16:07:03.000Z

That is no longer needed

Number of replies: 0

kent

2023-05-19T16:08:36.000Z

Ok, I’ll just try running the tests without it, both the recorders and the ones that consume recorded requests.

Number of replies: 0

pfeairheller

2023-05-19T16:13:33.000Z

To be clear, the code to sign responses exists in KERIA and the code to verify the signature on responses exists in SignifyPy, it just hasn't been tied into the response workflow on either side yet

Number of replies: 0

kent

2023-05-19T16:17:41.000Z

According to that new document you just posted I think I’m missing creating the Agent AID. This seems like it has to come first in the overall process.

Number of replies: 0

kent

2023-05-19T16:23:46.000Z

in SignifyPy in `test_salty` If I have the URL in the `client = SignifyClient(url=url, passcode=bran, tier=tier)` statement then I get an error `ConfigurationError('agent does not exist for controller EOgQvKz8ziRn7FdR_ebwK9BkaVOnGeXQOJ87N6hMLrK0')` If I take the `url` argument out then I get past that error, though my point here is I think I am missing some bootstrapping in the KERIA agent. I don’t mean to ask the same question over and over again. There’s something I’m just not getting or just missing on how to initialize `SignifyClient`

Number of replies: 0

kent

2023-05-19T16:25:39.000Z

OMG, I got past that point. I just had to move the `url` argument from the `SignifyClient` controller to the `client.connect` call.

Number of replies: 0

kent

2023-05-19T16:26:08.000Z

It looks like the call from the SignifyClient constructor will fail every time because the POST to the `/boot` endpoint hasn’t occurred yet.

Number of replies: 0

kent

2023-05-19T16:26:19.000Z

Do I have that right?

Number of replies: 0

kent

2023-05-19T16:46:39.000Z

I just saw your latest commit. Thanks Phil!

Number of replies: 0

kent

2023-05-19T16:47:06.000Z

I’ll help fix the rest of the tests.

Number of replies: 0

rodolfo.miranda

2023-05-19T21:23:49.000Z

Hi Kent. For the test just run `keria start` except from the one that needs witness that you may execute `keria start --config-file demo-witness-oobis.json --config-dir ./scripts`

Number of replies: 0

rodolfo.miranda

2023-05-19T21:24:23.000Z

the Agent AIDs are created automatically by KERIA on each \boot request. You don't need to worry about that.

Number of replies: 0

rodolfo.miranda

2023-05-19T21:31:10.000Z

If you execute the `test_salty`youl'll see that after creating the SignifyClient there's a call to the `/boot` interface, and just after that is the `connect()` function that generates the first interactions between SignifyClient and KERIA.

Number of replies: 0

rodolfo.miranda

<@U024CJMG22J>, I realized that the client AID generated in signifypy differs from the client AID generated in signify-ts (from same passcode and Tier). Generated keys differ as well. Were you able to make that type of comparison before? I'll dive deep into the code; should I start from the Salter?

Number of replies: 9

2byrds

<@U03P53FCYB1> did you double check that each client generates a deterministic AID after each run? Granted the two impls might have a difference. But make sure two runs of the same impl produces the same AID.

andreialexandru98

The same passcodes generates the same aid with the same sdk but not cross sdks. I asked the same question yesterday :see_no_evil: and Phil created the getting started doc

rodolfo.miranda

both SDK use libsodium argon2. I understand that they should generate same keys from same salt.

andreialexandru98

That’s what I thought too

rodolfo.miranda

I found the problem in the derivation path!!

rodolfo.miranda

Still need to figure out some stuff, but the problem was there because I can now get the same keys.

rodolfo.miranda

Finally got the lovely AID "ELI7pg979AdhmvrjDeam2eAO2SR5niCgnjAJXJHtJose" in TS

kent

Nice work Rodolfo.

pfeairheller

Something so rewarding about getting the crypto/CESR right!

2byrds

2023-05-20T01:52:08.000Z

<@U03P53FCYB1> did you double check that each client generates a deterministic AID after each run? Granted the two impls might have a difference. But make sure two runs of the same impl produces the same AID.

Number of replies: 0

andreialexandru98

2023-05-20T02:11:35.000Z

The same passcodes generates the same aid with the same sdk but not cross sdks. I asked the same question yesterday :see_no_evil: and Phil created the getting started doc

Number of replies: 0

andreialexandru98

2023-05-20T02:13:18.000Z

I noticed that the tier level grately impacts the time it takes to generate an identifier! high tier takes around 30ish seconds on my computer

Number of replies: 0

rodolfo.miranda

2023-05-20T02:28:21.000Z

both SDK use libsodium argon2. I understand that they should generate same keys from same salt.

Number of replies: 0

andreialexandru98

2023-05-20T02:29:10.000Z

That’s what I thought too

Number of replies: 0

rodolfo.miranda

2023-05-20T02:30:53.000Z

The tier maps two parameters on the libsodium library that are used to create entropy: - opslimit represents the maximum amount of computations to perform. Raising this number will make the function require more CPU cycles to compute a key. This number must be between crypto_pwhash_OPSLIMIT_MIN and crypto_pwhash_OPSLIMIT_MAX. - memlimit is the maximum amount of RAM in bytes that the function will use. This number must be between crypto_pwhash_MEMLIMIT_MIN and crypto_pwhash_MEMLIMIT_MAX. So, the higher the more entropy but slower.

Number of replies: 0

nuttawut.kongsuwan

2023-05-20T06:34:42.000Z

Do I understand correctly thy ACDCs are meant to be signed and verified at KERIA servers and not at the signify clients?

Number of replies: 0

rodolfo.miranda

2023-05-20T11:54:03.000Z

I found the problem in the derivation path!!

Number of replies: 0

rodolfo.miranda

2023-05-20T11:55:33.000Z

Still need to figure out some stuff, but the problem was there because I can now get the same keys.

Number of replies: 0

rodolfo.miranda

2023-05-20T14:14:48.000Z

Finally got the lovely AID "ELI7pg979AdhmvrjDeam2eAO2SR5niCgnjAJXJHtJose" in TS

Number of replies: 0

kent

2023-05-20T15:36:39.000Z

No, Signify signs things at the edge. This includes ACDCs. KERIA will be used to send communications between agents. The things KERIA sends are signed by Signify.

Number of replies: 0

kent

2023-05-20T15:37:56.000Z

Nice work Rodolfo.

Number of replies: 0

pfeairheller

2023-05-20T16:22:46.000Z

Something so rewarding about getting the crypto/CESR right!

Number of replies: 0

pfeairheller

2023-05-20T18:34:29.000Z

PRs to both KERIA and SignifyPy to enable and validate HTTP signature headers on all responses from the KERIA service by the Agent.

Number of replies: 0

pfeairheller

2023-05-20T18:34:53.000Z

This shouldn't break signify-ts since you will just ignore them anyway.

Number of replies: 2

andreialexandru98

2023-05-20T18:34:53.000Z

Does the format of the timestamp matter for checking the signature? I am noticing that JS and python display it differently?

rodolfo.miranda

2023-05-20T18:34:53.000Z

it does not matter because. It's just copied as a string in the signing bytes. We should make the uniform though.

nuttawut.kongsuwan

2023-05-21T01:48:57.000Z

I see. Thanks for the clarification.

Number of replies: 0

andreialexandru98

2023-05-21T02:19:43.000Z

Does the format of the timestamp matter for checking the signature? I am noticing that JS and python display it differently?

Number of replies: 0

rodolfo.miranda

2023-05-22T12:47:04.000Z

it does not matter because. It's just copied as a string in the signing bytes. We should make the uniform though.

Number of replies: 0

hvancann

2023-05-24T10:55:50.000Z

Thanks for the answers! See the result:

Number of replies: 0

hvancann

2023-05-24T10:56:40.000Z

But now you’ve introduced another term: KERIMask. What is it and why should I use it?

Number of replies: 0

kent

2023-05-24T15:10:17.000Z

I was riffing off of MetaMask, the Ethereum wallet that is both a browser plugin and a mobile wallet. Once we make an open source wallet implementation then we will name it something.

Number of replies: 0

kent

2023-05-24T15:10:28.000Z

KERIMask isn’t the best name, it’s just the first one that came up.

Number of replies: 0

kent

2023-05-24T15:25:37.000Z

Will credential issuance be a part of KERIA, Signify, or both? It would seem like the ACDCs, and any key events, in order to be signed at the edge, would have to be sent to the edge for signing or would need to originate at the edge and be sent to an agent. Is one of these options the design here for Signify or am I misunderstanding the architecture?

Number of replies: 0

kent

2023-05-24T15:26:44.000Z

I am getting a sense of where to prioritize my efforts with regard to KERIA in order to have the same or similar credential issuance flow in KERIA/Signify that I do with the Mark I agent in KERIpy.

Number of replies: 0

griffin.kev

2023-05-24T17:26:37.000Z

A signify client would great an `iss` event and send that to its known KERIA instance.

Number of replies: 1

kent

2023-05-24T17:26:37.000Z

Do you happen to have handy a reference to where the `iss` event is created in KERIpy or how that sort of an event is managed? I see 18 references in KERIpy, most in eventing.py. I haven’t read through eventing yet though will be. I want to learn everything there is to know about `iss` events so I can add this functionality to SignifyPy because this is my current roadblock. I’ll be coordinating with Phil on this as well.

griffin.kev

2023-05-24T17:27:01.000Z

Events are created and signed, they go from the edge (client) to the agent (cloud) (KERIA)

Number of replies: 1

kent

2023-05-24T17:27:01.000Z

This makes sense. Thanks

kent

2023-05-24T19:19:00.000Z

This makes sense. Thanks

Number of replies: 0

kent

2023-05-24T19:31:29.000Z

Do you happen to have handy a reference to where the `iss` event is created in KERIpy or how that sort of an event is managed? I see 18 references in KERIpy, most in eventing.py. I haven’t read through eventing yet though will be. I want to learn everything there is to know about `iss` events so I can add this functionality to SignifyPy because this is my current roadblock. I’ll be coordinating with Phil on this as well.

Number of replies: 0

pfeairheller

2023-05-24T19:41:20.000Z

Yes, credential APIs will be ported to KERIA AND Signify

Number of replies: 0

kent

Here’s a spreadsheet comparing the REST APIs of both KERIpy and KERIA: This will help us keep track of the work that needs to be done, if something like this doesn’t already exist. From the looks of things most, if not all, of the KERI work is done in KERIA. The primary work remaining unfinished is the ACDC work.

Number of replies: 48

trent

Love this! Seems like this could grow into a great reference for endpoints... from one POV it could underpin swim-lane work flow graphics, and from the other side it could be a launchpad into the source. <@U02PA6UQ6BV>

hvancann

I agree, will discuss this with Kor and see what we can do.

hvancann

Are there any related columns? We might need a legend for the column names and their domain

kent

Let’s talk through it.

kent

Yes, there are related columns, though in what sense do you mean?

kent

I tried to make it clear in the column labels though I’m sure the labels could be improved.

hvancann

Are there values in one column that are the foreign key to another one

kent

Columns A through K refer to KERIpy. Columns O through Q refer to KERIA.

kent

No, there are no foreign keys.

hvancann

What does CODE mena

kent

HTTP Response Code

hvancann

Right, thx

hvancann

What does ‘Body’ contain?

kent

HTTP Response Body

trent

Note that the labels were hard for me to read because of the dark background. (Couldn't see them at first!)

kent

Some of the column values in the Body column are similar to a JSON object, some are more textual because that was a better description of things.

kent

Yeah, the labels were hard to read. LibreOffice automatically changed the text color to white when I made the background color black yet it turns out Google Sheets wasn’t smart enough to do that. Win for open source.

hvancann

I’ll look it up, should a level 2 SSI specialist have this input knowledge?

kent

I fixed it though.

hvancann

Yes, and I did the KERIA tab :slightly_smiling_face:

kent

What is level 2 again?

hvancann

Two star SSI expert: grasping autonomic identifier systems

hvancann

kent

And which input knowledge are you referring to? This entire sheet? Or a specific column?

kent

Were you referring to the contents of Column E, HTTP Request body?

hvancann

Back to your sheet: which column could contain links into the repos

kent

I haven’t thought about that yet. It would probably be Column B since that is the granularity of a specific handler function in KERIpy or KERIA.

kent

Column B for KERIpy and column P for KERIA.

hvancann

And what about column I in the comparison tab

hvancann

could it link to a certain github page?

kent

I thought about that and I don’t think it’s necessary since the endpoints are already linked.

kent

Column I could be linked, though it is only to the top level class.

hvancann

Walk in the shoes of a newcomer, level 2

hvancann

Would he / she fancy a link straight into the repo?

kent

Yeah, likely.

hvancann

Then let’s do it :slightly_smiling_face:

kent

Let’s postpone the links in Column I until after KERIA is finished. Some of the endpoint classes will be deleted once the KERIA agent is finished.

hvancann

Documentation is always “under construction”, give me one example where to find “CredentialEnd” for example and I’ll do the rest

kent

KERIpy:

hvancann

Wow! great, bullseye

hvancann

Double entendre in your situation

kent

hvancann

Are there any other columns that could have direct links into any repo-file, if so pls tell me, because then we could go find and add them to the sheet as separate (hidden) columns and create infographics from the sheet.

hvancann

Great work, Kent

hvancann

Just checking: the KERIA-link to OOBIEnd, right?

hvancann

And this one in KeriPy:

kent

Yep, those look right.

hvancann

All links inserted in the sheet, two tabs. Have a look at the orange cells, you might wanna check their content. The link is based on line-numbers and filenames, so the anchor might point to the wrong line when the file’s content changes in the future. If the filename changes we get a 404, if the class will be moved to another file (worst case), a user of the link will have to start a search again.

kent

2023-05-30T01:35:40.000Z

Next steps look like: 1. keria Finishing registry inception - refactoring to a long-running Op. Refactor registrar to support Signify event creation. 2. keria Credential Issuance and Revocation Single Sig POST /credentials/{name} DELETE /credentials/{name} Multisig Group Credential Issuance POST /groups/{name}/credentials PUT /groups/{name}/credentials Multisig Group Credential Revocation POST /groups/{name}/credentials/{said}/rev PUT /groups/{name}/credentials/{said}/rev 3. keria Credential Management and Presentation POST /credentials/{name}/presentations POST /credentials/{name}/requests Credential Retrieval GET /credentials/{name} Credential Export GET /credentials/{name}/{said} 4. signifypy Codes ported to SignifyPy? GET /codes POST /codes 5. Local AID creation and management API requests 6. Multisig AID participation and management API requests

Number of replies: 0

pfeairheller

2023-05-30T01:45:28.000Z

This should all be captured in the issues

Number of replies: 0

kent

2023-05-30T02:03:27.000Z

I believe it is. Do you want all of those routes to be added to the issues? I’d be happy to add them.

Number of replies: 0

pfeairheller

2023-05-30T02:05:49.000Z

No as long as the list of tasks in each issue is complete.

Number of replies: 0

rodolfo.miranda

2023-05-30T14:26:16.000Z

<@U024CJMG22J>, if from Signify I want to create an AID with witnesses that are not known by KERIA, should I introduce them using oobi interface? Or witnesses need to be known by the keria config file?

Number of replies: 1

pfeairheller

2023-05-30T14:26:16.000Z

The signify client has to do an OOBI exchange with the witnesses they want to use. Or you can also put them in the configuration file of the KERIA process.

trent

2023-05-30T15:29:13.000Z

Love this! Seems like this could grow into a great reference for endpoints... from one POV it could underpin swim-lane work flow graphics, and from the other side it could be a launchpad into the source. <@U02PA6UQ6BV>

Number of replies: 0

hvancann

2023-05-30T15:39:53.000Z

I agree, will discuss this with Kor and see what we can do.

Number of replies: 0

hvancann

2023-05-30T15:42:35.000Z

Are there any related columns? We might need a legend for the column names and their domain

Number of replies: 0

kent

2023-05-30T15:42:44.000Z

Let’s talk through it.

Number of replies: 0

kent

2023-05-30T15:42:53.000Z

Yes, there are related columns, though in what sense do you mean?

Number of replies: 0

kent

2023-05-30T15:43:11.000Z

I tried to make it clear in the column labels though I’m sure the labels could be improved.

Number of replies: 0

hvancann

2023-05-30T15:43:56.000Z

Are there values in one column that are the foreign key to another one

Number of replies: 0

kent

2023-05-30T15:44:01.000Z

Columns A through K refer to KERIpy. Columns O through Q refer to KERIA.

Number of replies: 0

kent

2023-05-30T15:44:09.000Z

No, there are no foreign keys.

Number of replies: 0

hvancann

2023-05-30T15:44:35.000Z

What does CODE mena

Number of replies: 0

kent

2023-05-30T15:45:32.000Z

HTTP Response Code

Number of replies: 0

hvancann

2023-05-30T15:45:50.000Z

Right, thx

Number of replies: 0

hvancann

2023-05-30T15:46:17.000Z

What does ‘Body’ contain?

Number of replies: 0

kent

2023-05-30T15:47:22.000Z

HTTP Response Body

Number of replies: 0

trent

2023-05-30T15:47:49.000Z

Note that the labels were hard for me to read because of the dark background. (Couldn't see them at first!)

Number of replies: 0

kent

2023-05-30T15:48:13.000Z

Some of the column values in the Body column are similar to a JSON object, some are more textual because that was a better description of things.

Number of replies: 0

kent

2023-05-30T15:48:49.000Z

Yeah, the labels were hard to read. LibreOffice automatically changed the text color to white when I made the background color black yet it turns out Google Sheets wasn’t smart enough to do that. Win for open source.

Number of replies: 0

hvancann

2023-05-30T15:48:53.000Z

I’ll look it up, should a level 2 SSI specialist have this input knowledge?

Number of replies: 0

kent

2023-05-30T15:48:55.000Z

I fixed it though.

Number of replies: 0

hvancann

2023-05-30T15:49:08.000Z

Yes, and I did the KERIA tab :slightly_smiling_face:

Number of replies: 0

kent

2023-05-30T15:49:11.000Z

What is level 2 again?

Number of replies: 0

hvancann

2023-05-30T15:49:53.000Z

Two star SSI expert: grasping autonomic identifier systems

Number of replies: 0

hvancann

2023-05-30T15:50:39.000Z

Number of replies: 0

kent

2023-05-30T15:51:39.000Z

And which input knowledge are you referring to? This entire sheet? Or a specific column?

Number of replies: 0

kent

2023-05-30T15:51:50.000Z

Were you referring to the contents of Column E, HTTP Request body?

Number of replies: 0

hvancann

2023-05-30T15:51:54.000Z

Back to your sheet: which column could contain links into the repos

Number of replies: 0

kent

2023-05-30T15:52:27.000Z

I haven’t thought about that yet. It would probably be Column B since that is the granularity of a specific handler function in KERIpy or KERIA.

Number of replies: 0

kent

2023-05-30T15:52:44.000Z

Column B for KERIpy and column P for KERIA.

Number of replies: 0

hvancann

2023-05-30T15:53:11.000Z

And what about column I in the comparison tab

Number of replies: 0

hvancann

2023-05-30T15:53:27.000Z

could it link to a certain github page?

Number of replies: 0

kent

2023-05-30T15:53:30.000Z

I thought about that and I don’t think it’s necessary since the endpoints are already linked.

Number of replies: 0

kent

2023-05-30T15:53:40.000Z

Column I could be linked, though it is only to the top level class.

Number of replies: 0

hvancann

2023-05-30T15:54:04.000Z

Walk in the shoes of a newcomer, level 2

Number of replies: 0

hvancann

2023-05-30T15:54:30.000Z

Would he / she fancy a link straight into the repo?

Number of replies: 0

kent

2023-05-30T15:54:42.000Z

Yeah, likely.

Number of replies: 0

hvancann

2023-05-30T15:54:54.000Z

Then let’s do it :slightly_smiling_face:

Number of replies: 0

kent

2023-05-30T15:55:14.000Z

Let’s postpone the links in Column I until after KERIA is finished. Some of the endpoint classes will be deleted once the KERIA agent is finished.

Number of replies: 0

hvancann

2023-05-30T15:56:12.000Z

Documentation is always “under construction”, give me one example where to find “CredentialEnd” for example and I’ll do the rest

Number of replies: 0

kent

2023-05-30T15:59:50.000Z

KERIpy:

Number of replies: 0

hvancann

2023-05-30T16:00:51.000Z

Wow! great, bullseye

Number of replies: 0

hvancann

2023-05-30T16:01:25.000Z

Double entendre in your situation

Number of replies: 0

kent

2023-05-30T16:03:27.000Z

Number of replies: 0

hvancann

2023-05-30T16:03:35.000Z

Are there any other columns that could have direct links into any repo-file, if so pls tell me, because then we could go find and add them to the sheet as separate (hidden) columns and create infographics from the sheet.

Number of replies: 0

hvancann

2023-05-30T16:04:14.000Z

Great work, Kent

Number of replies: 0

hvancann

2023-05-30T18:00:42.000Z

Just checking: the KERIA-link to OOBIEnd, right?

Number of replies: 0

hvancann

2023-05-30T18:03:19.000Z

And this one in KeriPy:

Number of replies: 0

kent

2023-05-30T19:47:52.000Z

Yep, those look right.

Number of replies: 0

hvancann

2023-06-01T13:03:49.000Z

All links inserted in the sheet, two tabs. Have a look at the orange cells, you might wanna check their content. The link is based on line-numbers and filenames, so the anchor might point to the wrong line when the file’s content changes in the future. If the filename changes we get a 404, if the class will be moved to another file (worst case), a user of the link will have to start a search again.

Number of replies: 0

pfeairheller

2023-06-01T21:36:44.000Z

The signify client has to do an OOBI exchange with the witnesses they want to use. Or you can also put them in the configuration file of the KERIA process.

Number of replies: 0

rodolfo.miranda

2023-06-09T01:25:25.000Z

<@U024CJMG22J> I'm struggling with `test_delegation` in signifypy. How are you running it? I try with the delegator kli from `delegate.sh` but I'm not able to receive the final confirm. Hints?

Number of replies: 2

2byrds

2023-06-09T01:25:25.000Z

I haven't merged it yet because it depends on a keria update that I haven't merged yet I should be able to get all that in tomorrow but see here

2byrds

2023-06-09T01:25:25.000Z

<@U024CJMG22J> I have caught my keria PR up to your changes AND the coverage has increased :slightly_smiling_face:

pfeairheller

2023-06-09T01:28:35.000Z

Lance created a script in SignifyPy to run it all

Number of replies: 0

pfeairheller

2023-06-09T01:28:42.000Z

I have not tested it yet

Number of replies: 0

pfeairheller

2023-06-09T01:29:24.000Z

When I was writing that test I would comment out everything in the delegate.sh script in keripy but the delegator creation and then run the OOBI resolve and delegation confirm steps by hand.

Number of replies: 0

2byrds

2023-06-09T01:31:35.000Z

I haven't merged it yet because it depends on a keria update that I haven't merged yet I should be able to get all that in tomorrow but see here

Number of replies: 0

2byrds

2023-06-09T01:33:45.000Z

I'm also happy to walk you through it once I get it all committed <@U03P53FCYB1>

Number of replies: 0

rodolfo.miranda

2023-06-09T13:41:22.000Z

updating keripy solved my problem :upside_down_face:

Captura de pantalla 2023-06-09 a la(s) 10.40.09 a.m..png

Number of replies: 0

2byrds

2023-06-09T17:02:18.000Z

<@U024CJMG22J> I have caught my keria PR up to your changes AND the coverage has increased :slightly_smiling_face:

Number of replies: 0

rodolfo.miranda

For the Multisig test, my KERIA is not receiving the receipts confirming the signatures from the other agents (keripy) so it keep the long operation forever. Is it working OK for you <@U024CJMG22J>, <@U035R1TFEET> ?

Number of replies: 11

2byrds

I added support for the delegation portions to the integration script in signifypy. I’ll do the same for multisig now so that it will be easy for anyone to run the full-test.

pfeairheller

I looked at the integration test for multisig in SignifyPy and it hasn't been fixed since implementing multi-tenancy in the Agent. Because we don't have a need for multisig just yet. I'll try to fix it now and get it working again, hopefully tonight.

rodolfo.miranda

You make my day with that!!!!! :slightly_smiling_face:

pfeairheller

A few glasses of wine and couple of bourbons and it will be done. What better way to spend a Friday night.

pfeairheller

I found the problem... during the mutli-tenancy refactor I forgot to register the multisig processing Doer.

pfeairheller

I'll have a PR in a bit. I'll also edit the existing script in keripy. I forgot I created that one already.

pfeairheller

The multisig is created successfully for the two command line participants. However, the Agent is still not getting the events from the other participants because the registration of Agent endpoints appears to be broken.

pfeairheller

I am headed to the San Diego Zoo now but will finish fixing this when I get home this afternoon. I've pushed what I've done so far to branches in the 3 repos.

pfeairheller

Still working through it. The agent OOBI resolution isn't working because the delegation relationship is not established so the agent's KEL is not resolving. I'm a little disappointed I switched to the delegation relationship because it has over complicated matters.

pfeairheller

Remember that time I added delegation to KERIA and when creating the anchor seal I created the one for anchored TEL events and not anchored delegation events. Yeah, those were good times... :neutral_face:

pfeairheller

I have a more generic solution for this that I am running by Sam to see we can go this way. Hopefully have it all patched by the end of the day.

pfeairheller

2023-06-09T18:11:10.000Z

Yes, is was working for me the last time I ran it. Did you OOBI with the AID on the agent using an agent role OOBI?

Number of replies: 0

2byrds

2023-06-09T18:47:18.000Z

I added support for the delegation portions to the integration script in signifypy. I’ll do the same for multisig now so that it will be easy for anyone to run the full-test.

Number of replies: 0

rodolfo.miranda

2023-06-09T18:53:23.000Z

yes and was resolved OK. I'll keep trying...

Number of replies: 1

2byrds

2023-06-09T18:53:23.000Z

Okay, it’s close-ish but will take a significant amount of debugging to get the prefixes, etc correct. Which means it would be best to tackle this once i can run them as unit tests instead of integration tests….. i have several tests running like that now but hadn’t done multi-sig. i was having some issues there as well, even though some of the unit tests work…. so, there is no easy answer on this. I’ll commit what I have on my branch.

2byrds

2023-06-09T20:31:34.000Z

Okay, it’s close-ish but will take a significant amount of debugging to get the prefixes, etc correct. Which means it would be best to tackle this once i can run them as unit tests instead of integration tests….. i have several tests running like that now but hadn’t done multi-sig. i was having some issues there as well, even though some of the unit tests work…. so, there is no easy answer on this. I’ll commit what I have on my branch.

Number of replies: 0

pfeairheller

2023-06-09T22:25:03.000Z

I looked at the integration test for multisig in SignifyPy and it hasn't been fixed since implementing multi-tenancy in the Agent. Because we don't have a need for multisig just yet. I'll try to fix it now and get it working again, hopefully tonight.

Number of replies: 0

rodolfo.miranda

2023-06-09T22:26:28.000Z

You make my day with that!!!!! :slightly_smiling_face:

Number of replies: 0

pfeairheller

2023-06-10T01:43:58.000Z

A few glasses of wine and couple of bourbons and it will be done. What better way to spend a Friday night.

Number of replies: 0

pfeairheller

2023-06-10T13:52:32.000Z

I found the problem... during the mutli-tenancy refactor I forgot to register the multisig processing Doer.

Number of replies: 0

pfeairheller

2023-06-10T13:53:05.000Z

I'll have a PR in a bit. I'll also edit the existing script in keripy. I forgot I created that one already.

Number of replies: 0

pfeairheller

2023-06-10T14:33:39.000Z

The multisig is created successfully for the two command line participants. However, the Agent is still not getting the events from the other participants because the registration of Agent endpoints appears to be broken.

Number of replies: 0

pfeairheller

2023-06-10T14:34:28.000Z

I am headed to the San Diego Zoo now but will finish fixing this when I get home this afternoon. I've pushed what I've done so far to branches in the 3 repos.

Number of replies: 0

pfeairheller

2023-06-10T23:42:56.000Z

Still working through it. The agent OOBI resolution isn't working because the delegation relationship is not established so the agent's KEL is not resolving. I'm a little disappointed I switched to the delegation relationship because it has over complicated matters.

Number of replies: 0

pfeairheller

2023-06-11T00:10:19.000Z

Remember that time I added delegation to KERIA and when creating the anchor seal I created the one for anchored TEL events and not anchored delegation events. Yeah, those were good times... :neutral_face:

Number of replies: 0

pfeairheller

2023-06-11T17:09:41.000Z

I have a more generic solution for this that I am running by Sam to see we can go this way. Hopefully have it all patched by the end of the day.

Number of replies: 0

rodolfo.miranda

2023-06-13T16:39:31.000Z

<@U024CJMG22J> :

keria start --config-file demo-witness-oobis.json --config-dir ./scripts
The Agency is loaded and waiting for requests...
  Agent: EEXekkGu9IAzav6pZVJhkLnjtjM5v3AcyA-pdKUcaGei   Controller: ELI7pg979AdhmvrjDeam2eAO2SR5niCgnjAJXJHtJose
Sending multisig event to 2 other participants
Waiting for other signatures for EE-643P7FUUG8-8ffVupf6iiMcE3VMx42chE4UUiBmWr:0...
Waiting for fully signed witness receipts for 0
Witness receipts complete, EE-643P7FUUG8-8ffVupf6iiMcE3VMx42chE4UUiBmWr confirmed.

Number of replies: 0

pfeairheller

2023-06-13T16:40:07.000Z

Successful multisig????

Number of replies: 0

griffin.kev

2023-06-13T16:40:15.000Z

that seems like very good output

Number of replies: 0

rodolfo.miranda

2023-06-13T16:40:19.000Z

yeah!

Number of replies: 0

pfeairheller

2023-06-13T16:40:34.000Z

Woohoo!!! :tada:

Number of replies: 0

pfeairheller

2023-06-13T16:40:55.000Z

Is that from the TypeScript client?

Number of replies: 0

rodolfo.miranda

2023-06-13T16:41:12.000Z

keripy + signify=TS

Number of replies: 0

rodolfo.miranda

2023-06-13T16:41:33.000Z

accepted on kli as well:

Alias:  multisig
Identifier: EE-643P7FUUG8-8ffVupf6iiMcE3VMx42chE4UUiBmWr
Seq No: 0
Group Identifier
    Local Indentifier:  EKYLUMmNPZeEs77Zvclf0bSN5IN-mLfLpx2ySb-HDlk4 ✔ Fully Signed

Witnesses:
Count:          3
Receipts:       3
Threshold:      3

Public Keys:
        1. DOZlWGPfDHLMf62zSFzE8thHmnQUOgA3_Y-KpOyF9ScG
        2. DHGb2qY9WwZ1sBnC9Ip0F-M8QjTM27ftI-3jTGF9mc6K
        3. DPmhSfdhCPxr3EqjxzEtF8TVy0YX7ATo0Uc8oo2cnmY9

Number of replies: 0

pfeairheller

2023-06-13T16:41:41.000Z

That is freaking awesome!!!!

Number of replies: 0

pfeairheller

2023-06-13T16:42:04.000Z

Next up, keripy, SignifyTS and SignifyPY

Number of replies: 0

pfeairheller

2023-06-13T16:43:16.000Z

So the approach we took to credential script in SignifyPy would work here. Bash that uses kli and python against signifypy scripts.

Number of replies: 0

pfeairheller

2023-06-13T16:43:41.000Z

And then however you are orchestrating the SignifyTS side

Number of replies: 0

eujin

Traceback (most recent call last):
  File "/Users/eujinong/signifypy/scripts/create_person_aid.py", line 112, in <module>
    create_aid()
  File "/Users/eujinong/signifypy/scripts/create_person_aid.py", line 23, in create_aid
    identifiers = client.identifiers()
                  ^^^^^^^^^^^^^^^^^^^^
  File "/Users/eujinong/signifypy/src/signify/app/clienting.py", line 197, in identifiers
    from signify.app.aiding import Identifiers
  File "/Users/eujinong/signifypy/src/signify/app/aiding.py", line 13, in <module>
    class Identifiers:
  File "/Users/eujinong/signifypy/src/signify/app/aiding.py", line 175, in Identifiers
    def addEndRole(self, name, *, role=Roles.agent, eid=None):
                                       ^^^^^^^^^^^
AttributeError: 'Rolage' object has no attribute 'agent'

Number of replies: 9

eujin

While I was testing the receiving credentials to KERIA agent AID, encountered `creating AID` issue. I am not sure what I've done wrongly. According to Keripy, Rolage does have the agent attribute.

pfeairheller

What version of python are you using?

eujin

3.11.1

eujin

Do I have to downgrade to `3.10.x`?

pfeairheller

Not sure. Haven't seen this error before but also haven't used 3.11 in a while. Might be worth trying.

eujin

Okay, got it.

eujin

After downgrading to 3.10.4, the same issue was raised. The issue has been fixed by fetching the latest KERIpy implementation directly from GitHub. `keri>=0.6.9` on PyPI still provides the old implementation KERI package which doesn't include updates in support of Signify client and KERIA agent (`Rolage` doesn't have `agent` attribute).

eujin

I've enjoyed the demo of demonstrating vLEI credential issuance to KERIA AID. It means a lot to me. :+1:

pfeairheller

Ok cool. Thanks for tracking that down. Glad this work is helpful for you!!

eujin

2023-06-13T23:34:10.000Z

While I was testing the receiving credentials to KERIA agent AID, encountered `creating AID` issue. I am not sure what I've done wrongly. According to Keripy, Rolage does have the agent attribute.

Number of replies: 0

pfeairheller

2023-06-13T23:35:56.000Z

What version of python are you using?

Number of replies: 0

eujin

2023-06-13T23:36:24.000Z

3.11.1

Number of replies: 0

eujin

2023-06-13T23:39:05.000Z

Do I have to downgrade to `3.10.x`?

Number of replies: 0

pfeairheller

2023-06-13T23:41:15.000Z

Not sure. Haven't seen this error before but also haven't used 3.11 in a while. Might be worth trying.

Number of replies: 0

eujin

2023-06-13T23:42:26.000Z

Okay, got it.

Number of replies: 0

eujin

2023-06-14T15:50:43.000Z

After downgrading to 3.10.4, the same issue was raised. The issue has been fixed by fetching the latest KERIpy implementation directly from GitHub. `keri>=0.6.9` on PyPI still provides the old implementation KERI package which doesn't include updates in support of Signify client and KERIA agent (`Rolage` doesn't have `agent` attribute).

Number of replies: 0

eujin

2023-06-14T16:12:46.000Z

I've enjoyed the demo of demonstrating vLEI credential issuance to KERIA AID. It means a lot to me. :+1:

Number of replies: 0

pfeairheller

2023-06-14T16:14:49.000Z

Ok cool. Thanks for tracking that down. Glad this work is helpful for you!!

Number of replies: 0

rodolfo.miranda

2023-06-18T16:55:52.000Z

<@U024CJMG22J>, some questions regarding `/challenge` method in KERIA 1. I couldn't find the `challenge verify` method. Is it just a pending task or missing for a specific reason? 2. What is the purpose of the `put` method (challenge response acceptance)? what's the equivalent on `kli`? 3. When I tried the `challenge response` (/post method) KERIA crashed. Were you able to test it? We implemented the `contacts` method in signify-ts and works perfectly.

Number of replies: 1

rodolfo.miranda

2023-06-18T16:55:52.000Z

OK, 1=2.

rodolfo.miranda

2023-06-18T19:50:18.000Z

OK, 1=2.

Number of replies: 0

kent

2023-06-22T14:01:18.000Z

Why would `SignifyClient.connect(url=url)` cause a ValueError `"Missing or empty version string in key event…"`? This is happening in the issue-ecr.sh script, yet it hasn’t happened anywhere else for me.

Number of replies: 0

pfeairheller

2023-06-22T14:01:51.000Z

Pull all the latest pushes. A change in KERIpy broke KERIA and the Signify's

Number of replies: 0

kent

2023-06-22T15:17:58.000Z

Yep, that’s it. It works once I pull latest.

Number of replies: 0

pfeairheller

2023-06-23T00:40:34.000Z

<@U03P53FCYB1> It looks like I already ported the notifications endpoints over to KERIA. They are available at `/notifications` and `/notifications/{said}`. The API should be available in the SwaggerUI.

Number of replies: 0

pfeairheller

2023-06-23T00:41:39.000Z

This is a generic notification mailbox feature that we used heavily in KIWI and the Keep to send notifications to users for things like credential issuances showing up, credential presentation requests and multisig group notifications.

Number of replies: 0

pfeairheller

With Kent's help we have credential registry creation fully working in KERIA. I'm going to start on credential issuance and presentation now hoping to have working code to push before EOD tomorrow. That way, you could work on the client side in Signify-TS while I'm on vacation and then SigPy can catch up later. Sound good?

Number of replies: 5

2byrds

Thank you both, that's amazing!

kent

Woohoo! This will be awesome! Just what we need.

rodolfo.miranda

Sounds great!

pfeairheller

This is significant. The client needs to get the registry information and then needs to create the credential, the TEL issue event and decide whether to create a rotation or interaction event and then decide what to do about a potential multisig event.

pfeairheller

And then sign everything.

2byrds

2023-06-23T00:49:51.000Z

Thank you both, that's amazing!

Number of replies: 0

kent

2023-06-23T01:35:16.000Z

Woohoo! This will be awesome! Just what we need.

Number of replies: 0

rodolfo.miranda

2023-06-23T01:49:37.000Z

Sounds great!

Number of replies: 0

pfeairheller

2023-06-23T02:03:04.000Z

This is significant. The client needs to get the registry information and then needs to create the credential, the TEL issue event and decide whether to create a rotation or interaction event and then decide what to do about a potential multisig event.

Number of replies: 0

pfeairheller

2023-06-23T02:03:21.000Z

And then sign everything.

Number of replies: 0

pfeairheller

2023-06-24T18:49:15.000Z

merged with credential issue endpoint.

Number of replies: 0

pfeairheller

2023-06-24T18:49:58.000Z

The endpoints for registries were also updated to match the conventions in the rest of the API. They are now `/identifiers/{name}/registries`

Number of replies: 0

pfeairheller

2023-06-24T22:23:22.000Z

Draft up on KERIA for credential presentation and presentation request endpoints.

Number of replies: 0

pfeairheller

2023-06-24T22:23:35.000Z

Should have it merged tomorrow morning if I survive this trip

Number of replies: 0

andreialexandru98

2023-07-02T16:56:15.000Z

Drafted an implementation of an “interceptor” in keria that allows it to send the events that are happening in the background to another webhook. The reasoning behind it is to have the keria agent relay information to other services rather than the signify client orchestrate who to send the data to. I noticed that there’s a notifier class but that can only be leveraged to notify other witnesses or agents and not just an http endpoint. Would love to get some feedback if there’s a better approach!

Number of replies: 0

pfeairheller

2023-07-08T18:48:08.000Z

Posted a today in KERIA. The current list API for credentials in an Agent was woefully lacking important functionality that I hope to address with this PR. I still need to integrate the search object into the REST API and add a bunch more tests so the PR is in Draft for now. I wanted to get people's impressions of it ahead of finishing it up.

Number of replies: 0

rodolfo.miranda

2023-07-09T22:31:20.000Z

<@U024CJMG22J> Took me bit of effort to issue a VC when the issuer has witnesses. I needed to add some missing stuff in KERIA. Please, check PR . With those changes, everything works fine now.

Number of replies: 2

kent

2023-07-09T22:31:20.000Z

Is this for issuing VCs from SignifyTS with KERIA agents? Or with the KLI?

rodolfo.miranda

2023-07-09T22:31:20.000Z

It's for issuing VC from signify (ts and py)

pfeairheller

2023-07-09T22:40:26.000Z

I agree about the added witDoer and messages. Please see my comment about the `elif` and `else` changes. I don't think those changes are needed.

Number of replies: 0

pfeairheller

2023-07-09T22:58:01.000Z

Merged!

Number of replies: 0

rodolfo.miranda

2023-07-09T23:23:11.000Z

thx!

Number of replies: 0

kent

2023-07-12T00:43:40.000Z

Is this for issuing VCs from SignifyTS with KERIA agents? Or with the KLI?

Number of replies: 0

rodolfo.miranda

2023-07-12T00:45:16.000Z

It's for issuing VC from signify (ts and py)

Number of replies: 0

rodolfo.miranda

2023-07-13T18:51:36.000Z

that credential was revoked from Signify/KERIA:

{
    "sad": {
        "v": "ACDC10JSON000197_",
        "d": "EDRys0t8LGBzEwr_PEMyKB-Zum4khrfjXEEkM1bqVU-4",
        "i": "EPKRyynUGOe4M4Jw7PvDxxy4Vzg3AtDaYnHBUQcoKRSl",
        "ri": "EJzrfpXVlEP_J9aC4e83dfAPgKM4hnonOO2eEurYAAbG",
        "s": "EBfdlu8R27Fbx-ehrqwImnK-8Cm79sqbAQ4MmvEAYqao",
        "a": {
            "d": "EMS62P6fJ3zzwkUBfwgZQwcP1I9LMOb5T84-2_Bm0ydd",
            "i": "EDS4HyWpejtqKem_QcJwBKYNF1_TU0rDn0cbuNsOQjHu",
            "dt": "2023-07-13T18:48:56.736000+00:00",
            "LEI": "5493001KJTIIGC8Y1R17"
        }
    },
    "pre": "EPKRyynUGOe4M4Jw7PvDxxy4Vzg3AtDaYnHBUQcoKRSl",
    "sadsigers": [{
        "path": "-",
        "pre": "EPKRyynUGOe4M4Jw7PvDxxy4Vzg3AtDaYnHBUQcoKRSl",
        "sn": 0,
        "d": "EPKRyynUGOe4M4Jw7PvDxxy4Vzg3AtDaYnHBUQcoKRSl"
    }],
    "sadcigars": [],
    "chains": [],
    "status": {
        "v": "KERI10JSON000135_",
        "i": "EDRys0t8LGBzEwr_PEMyKB-Zum4khrfjXEEkM1bqVU-4",
        "s": "1",
        "d": "EMLacOpI6FyAn5v6G4tg9WcmbHDPgSka0Y7Ahq8U_4rE",
        "ri": "EJzrfpXVlEP_J9aC4e83dfAPgKM4hnonOO2eEurYAAbG",
        "ra": {},
        "a": {
            "s": 3,
            "d": "EGOWcSi-RCqK4XakApM94dIfWpGl9VDymWB4CaQTHN-A"
        },
        "dt": "2023-07-13T18:49:08.925000+00:00",
        "et": "rev"
    }
}

Number of replies: 0

rodolfo.miranda

2023-07-13T18:53:00.000Z

<@U024CJMG22J>, I also found that the last TEL dig is in the status of the credential, so there's no need to add anything on KERIA to create the `rev` TEL event.

Number of replies: 0

pfeairheller

For those waiting for multisig between Signify clients and the kli, added support for fractionally weighted thresholds to Tholder in SigTS and a series of scripts in `examples/scripts` that allows for the creation of a group multisig AID that is backed by local AIDs from SigPy, SigTS and the kli. Next I'll be making it a delegated AID (to match the requirements of a QVI AID in the vLEI ecosystem).

Number of replies: 8

jason873

Is the mention of CESR native event serializations foreshadowing? I'm wondering if key/value maps have been designed yet, and what it takes to implement them? I'm just having a discussion about choosing inter-service communication message encodings

pfeairheller

This would be an awesome discussion topic for the next meeting. Sam could go on for hours about it! But as a preview, CESR event encoding is going to rely on the fact that KERI events have static field ordering and thus we can make the protocol even more efficient than MsgPack or CBOR by eliminating field labels from the serialization.

jason873

Ahhhhh I see. Will there be a facility to use it straight up without field ordering/presence constraints to be able to encode arbitrary data with it? I mean, the `a` fields for example, contain arbitrary keys - so I guess there will be a way somewhere in it, but it would be weird to hack the system by building a bigger, fake KERI event just to encode something in CESR wouldn't it?

jason873

We can discuss at a meeting, I will try and remember to attend (feel free to shoot me a message if I forget, I'm on vacation this week, but around)

pfeairheller

Sounds good.

pfeairheller

That’s a good question that I don’t have an answer for. I imagine a CESR primitive for encoding a map structure is probably in order which won’t be used for known events but could for arbitrary data. We already have support for variable data encoding which could be leveraged but not ideal.

pfeairheller

List encoding is definitely supported probably using indexed encoding.

pfeairheller

Have a fun vacation!

rodolfo.miranda

2023-07-15T14:01:06.000Z

Fantastic!!!!

Number of replies: 0

jason873

2023-07-15T15:49:18.000Z

Is the mention of CESR native event serializations foreshadowing? I'm wondering if key/value maps have been designed yet, and what it takes to implement them? I'm just having a discussion about choosing inter-service communication message encodings

Number of replies: 0

pfeairheller

2023-07-15T15:51:38.000Z

This would be an awesome discussion topic for the next meeting. Sam could go on for hours about it! But as a preview, CESR event encoding is going to rely on the fact that KERI events have static field ordering and thus we can make the protocol even more efficient than MsgPack or CBOR by eliminating field labels from the serialization.

Number of replies: 0

jason873

2023-07-15T15:54:06.000Z

Ahhhhh I see. Will there be a facility to use it straight up without field ordering/presence constraints to be able to encode arbitrary data with it? I mean, the `a` fields for example, contain arbitrary keys - so I guess there will be a way somewhere in it, but it would be weird to hack the system by building a bigger, fake KERI event just to encode something in CESR wouldn't it?

Number of replies: 0

jason873

2023-07-15T15:54:51.000Z

We can discuss at a meeting, I will try and remember to attend (feel free to shoot me a message if I forget, I'm on vacation this week, but around)

Number of replies: 0

pfeairheller

2023-07-15T15:56:17.000Z

Sounds good.

Number of replies: 0

pfeairheller

2023-07-15T15:58:10.000Z

That’s a good question that I don’t have an answer for. I imagine a CESR primitive for encoding a map structure is probably in order which won’t be used for known events but could for arbitrary data. We already have support for variable data encoding which could be leveraged but not ideal.

Number of replies: 0

pfeairheller

2023-07-15T15:58:54.000Z

List encoding is definitely supported probably using indexed encoding.

Number of replies: 0

pfeairheller

2023-07-15T16:33:41.000Z

Have a fun vacation!

Number of replies: 0

pfeairheller

2023-07-17T19:20:23.000Z

I wanted to drop an update on two items mentioned in the last KERI meeting and related to my last message. 1. I just pushed changes that allow for the group multisig described above to de a delegated AID also. 2. We already hit a client library that didn't allow a body in a GET request so I had to change the credential search API to a POST against `/credentials/query`. I updated KERIA, sigPy and sigTs. If you want a description of why that endpoint, see my comment on the resource class in KERIA.

Number of replies: 0

kent

Can we get a package push of signify-ts to NPM?

Number of replies: 3

joseph.l.hunsaker

You can always push one to your npm scope (username)

joseph.l.hunsaker

But an official one would be cool

kent

Yeah, that’s what I’ll end up doing.

joseph.l.hunsaker

2023-07-28T17:21:19.000Z

You can always push one to your npm scope (username)

Number of replies: 0

joseph.l.hunsaker

2023-07-28T17:21:28.000Z

But an official one would be cool

Number of replies: 0

kent

2023-07-28T20:26:26.000Z

Yeah, that’s what I’ll end up doing.

Number of replies: 0

kent

2023-07-28T20:40:06.000Z

Easy enough:

Number of replies: 0

petteri.stenius

2023-08-02T14:47:14.000Z

What's the difference with oobis.get(name, role="agent") and oobis.get(name, role="witness")? I know role="agent" returns an endpoint at keria and role="witness" returns a list of endpoints at witness nodes. I'm asking because I cannot get a multisig group setup completed if I'm using role="witness". With the old Kiwi API I was always using role="witness".

Number of replies: 0

pfeairheller

2023-08-02T14:49:10.000Z

I am working on OOBI support for multisig right now. It is not a straightforward problem to solve. In addition, we are getting rid of defaulting to witnesses providing mailbox support and are going to require explicit declaration of mailbox roles. The issue with multisig is that it will require each participant to approve endpoint roles for all other participants which becomes quite a hassle with Signify.

Number of replies: 0

pfeairheller

2023-08-02T14:49:18.000Z

I should have something pushed by the end of the week

Number of replies: 0

rodolfo.miranda

2023-08-02T17:22:37.000Z

<@U024CJMG22J>, question regarding the credential query. In KERIA we have the following endpoint to query credentials `/identifiers/{name}/credentials/query"` that is a collection of credentials of the `{name}` AID. However in the `Seeker` I'm not finding that the credentials are being filter by the AID, not even passing that parameter to `find` function. Is there a way to add the AID in the filter object?

Number of replies: 0

pfeairheller

Oh yeah, the AID (from `{name}`) is used to load the right Agent (and thus DB environment) but I guess not added to the actual query. That should be very easy to fix

Number of replies: 31

rodolfo.miranda

do we need to add an index for the recipient AID or it's already there? couldn't find it.

pfeairheller

``` # Index of credentials by issuer/issuee. for field in (ISSUER_FIELD, ISSUEE_FIELD): self.createIndex(field.qb64) subkey = f"{field.qb64}.{SCHEMA_FIELD.qb64}" self.createIndex(subkey)``` It's here

rodolfo.miranda

ok, but not receiver of the credential if it's not the issuee.

pfeairheller

That is not even tracked anywhere

rodolfo.miranda

... so thinking... does it make sense to have one? it need to be taken from the exn message, not sure if it's possible

rodolfo.miranda

I think the index function is called only by the SAID

pfeairheller

This would only be for presentations so it would have to be a presentation level database to store it in and I'm not sure how that would interface with the indexing for credentials.

pfeairheller

I would think the presentation protocol handlers would want to store their own indexes of "presentations" which could be used to associate presented credentials to AIDs.

pfeairheller

That would make presentations a top level construct in KERIA. Not sure how I feel about that.

pfeairheller

But could be used to track both incoming and outgoing presentations which might be useful

pfeairheller

But I do not think that should be part of the "Credentials" API

rodolfo.miranda

the think that bothers me is that the query method is in the identifiers REST `/identifiers/{name}/credentials/query` and that won't work for presentations others than isuee

pfeairheller

... and issuer

rodolfo.miranda

right

pfeairheller

These are credentials that belong in some way to that AID. Credentials that are presentations from and about a third party do not belong to that AID. The presentations might

pfeairheller

So `/identifiers/{name}/presentations/query` makes sense

rodolfo.miranda

Yes agree, in that case it's correct. One way to solve the query of received credentials is to have an alternative method to query among the full DB independently of the AID.

pfeairheller

That's what this is. Back to your original point. the credentials endpoints lets you run it without any filter

pfeairheller

That'll give you all the credentials

pfeairheller

In the database OF THE AGENT

pfeairheller

Not all of KERIA that would be a violation of security

pfeairheller

I wouldn't want to use it this way though. Because on the client side, you'd have to query all credentials and show only those that your aren't the issuer or issuee and assume they were presentations.

pfeairheller

I would much prefer a presentations endpoint

rodolfo.miranda

so at that time doesn't make to enforce filters by the `{name}` in the endpoint, it won't be totally correct but it's a workaround for presentations until we create a presentation endpoint. User can still add filters manually.

pfeairheller

Depends on "correct". They are credentials in the database in which the AID is stored.

pfeairheller

which gives you what you want. The name is required to identify the agent through the AID

pfeairheller

A wrinkle... You will have credentials in your database that were chained to credentials that you were issued. Those credentials will fall into this bucket but NOT be presentationsl

pfeairheller

So this logic will fail immediately for vLEIs

rodolfo.miranda

Ohhh, I like that answer :slightly_smiling_face:

pfeairheller

We should probably add a presentations API and datastore

rodolfo.miranda

I think the same. Verifiers may be overwhelmed with VCs that need to be treated separately.

rodolfo.miranda

2023-08-02T18:27:12.000Z

do we need to add an index for the recipient AID or it's already there? couldn't find it.

Number of replies: 0

pfeairheller

2023-08-02T18:28:51.000Z

        # Index of credentials by issuer/issuee.
        for field in (ISSUER_FIELD, ISSUEE_FIELD):
            self.createIndex(field.qb64)
            subkey = f"{field.qb64}.{SCHEMA_FIELD.qb64}"
            self.createIndex(subkey)It's here

Number of replies: 0

rodolfo.miranda

2023-08-02T18:31:05.000Z

ok, but not receiver of the credential if it's not the issuee.

Number of replies: 0

pfeairheller

2023-08-02T18:31:33.000Z

That is not even tracked anywhere

Number of replies: 0

rodolfo.miranda

2023-08-02T18:36:00.000Z

... so thinking... does it make sense to have one? it need to be taken from the exn message, not sure if it's possible

Number of replies: 0

rodolfo.miranda

2023-08-02T18:37:56.000Z

I think the index function is called only by the SAID

Number of replies: 0

pfeairheller

2023-08-02T18:38:18.000Z

This would only be for presentations so it would have to be a presentation level database to store it in and I'm not sure how that would interface with the indexing for credentials.

Number of replies: 0

pfeairheller

2023-08-02T18:39:33.000Z

I would think the presentation protocol handlers would want to store their own indexes of "presentations" which could be used to associate presented credentials to AIDs.

Number of replies: 0

pfeairheller

2023-08-02T18:39:56.000Z

That would make presentations a top level construct in KERIA. Not sure how I feel about that.

Number of replies: 0

pfeairheller

2023-08-02T18:40:15.000Z

But could be used to track both incoming and outgoing presentations which might be useful

Number of replies: 0

pfeairheller

2023-08-02T18:40:28.000Z

But I do not think that should be part of the "Credentials" API

Number of replies: 0

rodolfo.miranda

2023-08-02T18:42:48.000Z

the think that bothers me is that the query method is in the identifiers REST `/identifiers/{name}/credentials/query` and that won't work for presentations others than isuee

Number of replies: 0

pfeairheller

2023-08-02T18:43:10.000Z

... and issuer

Number of replies: 0

rodolfo.miranda

2023-08-02T18:43:51.000Z

right

Number of replies: 0

pfeairheller

2023-08-02T18:43:58.000Z

These are credentials that belong in some way to that AID. Credentials that are presentations from and about a third party do not belong to that AID. The presentations might

Number of replies: 0

pfeairheller

2023-08-02T18:44:15.000Z

So `/identifiers/{name}/presentations/query` makes sense

Number of replies: 0

rodolfo.miranda

2023-08-02T18:47:58.000Z

Yes agree, in that case it's correct. One way to solve the query of received credentials is to have an alternative method to query among the full DB independently of the AID.

Number of replies: 0

pfeairheller

2023-08-02T18:50:05.000Z

That's what this is. Back to your original point. the credentials endpoints lets you run it without any filter

Number of replies: 0

pfeairheller

2023-08-02T18:50:12.000Z

That'll give you all the credentials

Number of replies: 0

pfeairheller

2023-08-02T18:50:21.000Z

In the database OF THE AGENT

Number of replies: 0

pfeairheller

2023-08-02T18:50:32.000Z

Not all of KERIA that would be a violation of security

Number of replies: 0

pfeairheller

2023-08-02T18:51:31.000Z

I wouldn't want to use it this way though. Because on the client side, you'd have to query all credentials and show only those that your aren't the issuer or issuee and assume they were presentations.

Number of replies: 0

pfeairheller

2023-08-02T18:51:38.000Z

I would much prefer a presentations endpoint

Number of replies: 0

rodolfo.miranda

2023-08-02T18:57:42.000Z

so at that time doesn't make to enforce filters by the `{name}` in the endpoint, it won't be totally correct but it's a workaround for presentations until we create a presentation endpoint. User can still add filters manually.

Number of replies: 0

pfeairheller

2023-08-02T18:58:53.000Z

Depends on "correct". They are credentials in the database in which the AID is stored.

Number of replies: 0

pfeairheller

2023-08-02T18:59:12.000Z

which gives you what you want. The name is required to identify the agent through the AID

Number of replies: 0

pfeairheller

2023-08-02T19:01:35.000Z

A wrinkle... You will have credentials in your database that were chained to credentials that you were issued. Those credentials will fall into this bucket but NOT be presentationsl

Number of replies: 0

pfeairheller

2023-08-02T19:01:46.000Z

So this logic will fail immediately for vLEIs

Number of replies: 0

rodolfo.miranda

2023-08-02T19:02:03.000Z

Ohhh, I like that answer :slightly_smiling_face:

Number of replies: 0

pfeairheller

2023-08-02T19:02:18.000Z

We should probably add a presentations API and datastore

Number of replies: 0

rodolfo.miranda

2023-08-02T19:04:07.000Z

I think the same. Verifiers may be overwhelmed with VCs that need to be treated separately.

Number of replies: 0

petteri.stenius

2023-08-03T09:54:34.000Z

Hi <@U03P53FCYB1>. I tried running `request-present.ts` from but I cannot get it to complete. Keria is on latest main branch. Any ideas?

$ ts-node --esm request-present.ts
*** Starting REQUEST-PRESENT test ***
Client 1 connected. Client AID: ELo2ZsLl5C39ZoDNkcUurMXUyvodFi-tgTew09JM_lqw Agent AID:  EADY1vHTlvadY-6A5C3YjNZOFWlZdEx_AuaKMhJ5TGBd
Client 2 connected. Client AID: EHnU14RLuJ1mBv_9c9aksNo3ff0Lj8QqykzNdfGtaWgL Agent AID:  ELBPV0ooTSbWxYMS8h6IeNZGt1RXt5RUAgJ_RnKPKM21
Client 3 connected. Client AID: EAdm-DI46mVxxN_NRaSE8MmeGbBp1-vQLlAGELwkGW9c Agent AID:  EKbmRhB8PIxCQfIAZ9RH3bU1Gvxybr6LzfGFlBrnot3D
Issuer's AID: ENFNTTWjibbsM25hxSzBMJZAXTIgU_IEckaKo7Jv5t3h
Recipient's AID: EKkUeuzjkRDyio_GAZqBK6_WknMs09ttF2AFtFtg3q2c
Verifier's AID: EAOUKzDVmSQM6D-zZX7oGCbDk-YfuNaIXZPh5dWS9r8A
Resolving OOBIs...
Issuer resolved 3 OOBIs
Recipient resolved 3 OOBIs
Verifier resolved 3 OOBIs
Registry created
Credential issued
Credential received by recipient
SyntaxError: Unexpected end of JSON input
    at JSON.parse (<anonymous>)
    at parseJSONFromBytes (node:internal/deps/undici/undici:6662:19)
    at successSteps (node:internal/deps/undici/undici:6636:27)
    at node:internal/deps/undici/undici:1236:60
    at node:internal/process/task_queues:140:7
    at AsyncResource.runInAsyncScope (node:async_hooks:203:9)
    at AsyncResource.runMicrotask (node:internal/process/task_queues:137:8)
    at processTicksAndRejections (node:internal/process/task_queues:95:5)

Number of replies: 0

rodolfo.miranda

2023-08-03T11:12:46.000Z

I'll check today.

Number of replies: 0

rodolfo.miranda

I couldn't reproduce it. Did you know where it's failing?

Number of replies: 3

petteri.stenius

On the keria side this seems to be the last http request ```PUT /notifications/APBk_VRo-hZZFOGtV14NpcH_Zinwk3dxYlROKbL1KG69```

petteri.stenius

Ok, my mistake. I did a `npm install` on my working copy and now things magically work... Thanks anyways

rodolfo.miranda

great!

petteri.stenius

2023-08-03T13:12:50.000Z

On the keria side this seems to be the last http request

PUT /notifications/APBk_VRo-hZZFOGtV14NpcH_Zinwk3dxYlROKbL1KG69

Number of replies: 0

petteri.stenius

2023-08-03T13:18:20.000Z

Ok, my mistake. I did a `npm install` on my working copy and now things magically work... Thanks anyways

Number of replies: 0

rodolfo.miranda

2023-08-03T13:20:09.000Z

great!

Number of replies: 0

kent

2023-08-07T15:16:03.000Z

I just ran all of the SignifyTS tests with the `signify-ts/examples/integration-scripts/run_all.sh`. Nice work Rodolfo and Alex! Most of them passed. This is really helpful to use as a reference as I build out an app.

Number of replies: 0

kent

2023-08-07T15:19:26.000Z

Once I get things working I’ll be able to go update my tutorial.

Number of replies: 0

kent

2023-08-07T17:37:31.000Z

I’m seeing that successive POST requests to `/identifiers` with SignifyTS with exactly the same name don’t error out. Instead they create separate identifiers. I was under the impression that the *name* property I sent into the `identifiers.create(…)` function was similar to the *alias* property using the KLI and my expectation was that the `/identifiers` would fail on creation of an AID with the same name. This seems like desired behavior unless I’m mistaken. I’d be happy to dig in to the code and submit a PR. Would this be helpful to anyone else besides me? Essentially, I want identifier creation to be idempotent from SignifyTS.

Number of replies: 0

pfeairheller

2023-08-07T17:39:30.000Z

It shouldn't be idempotent, it should error on the second attempt to use the same name

Number of replies: 0

kent

2023-08-07T17:41:10.000Z

yes, that’s right, it should error out. I was thinking “effectively idempotent,” though yes, it should error out.

Number of replies: 0

kent

2023-08-07T17:42:17.000Z

This line from `identifiers.create()` I am thinking should error out on the second attempt:

let res = await this.client.fetch("/identifiers", "POST", jsondata)*jsondata* has the name property, and all the rest:
var jsondata: any = {
            name: name,
...

Number of replies: 0

kent

2023-08-07T17:42:24.000Z

Maybe I’m using SignifyTS wrong and just don’t realize it.

Number of replies: 0

pfeairheller

2023-08-07T17:45:22.000Z

Though the client libraries could check for this, it definitely should be prevented in KERIA. I've created the following issue: but I do not have time to work in it right now.

Number of replies: 2

kent

2023-08-07T17:45:22.000Z

It’s not a blocker for me since I can just avoid calling the same endpoint twice. Once I finish the initial wallet integration I may be able to get to this. I’ll put this on my internal task list.

rodolfo.miranda

2023-08-07T17:45:22.000Z

I think I already corrected that issue here:

kent

2023-08-07T17:46:11.000Z

It’s not a blocker for me since I can just avoid calling the same endpoint twice. Once I finish the initial wallet integration I may be able to get to this. I’ll put this on my internal task list.

Number of replies: 0

kent

2023-08-07T18:05:52.000Z

Should a POST call to `identifiers.addEndRole()` similarly error out on the second identical call when it is the same role name (`agent` here) for the same identifier (`issuer` here) and same prefix (`client1!.agent!.pre` here) ? from SignifyTS:

await identifiers1.addEndRole("issuer", 'agent', client1!.agent!.pre)Ends up making a `fetch()` call to:
let res = await this.client.fetch("/identifiers/" + name + "/endroles", "POST", jsondata)

Number of replies: 0

kent

2023-08-07T18:11:33.000Z

Currently I’m seeing successive calls generate new `rpy` events with different digests. Is this to be expected?

Number of replies: 0

kent

2023-08-07T18:11:47.000Z

*Successive calls with the same inputs

Number of replies: 0

pfeairheller

2023-08-07T18:15:09.000Z

Yes, there is a timestamp in `rpy` messages to support BADA-RUN logic. New timestamp == new digest

Number of replies: 0

rodolfo.miranda

2023-08-07T19:26:22.000Z

I think I already corrected that issue here:

Number of replies: 0

kent

2023-08-07T22:48:27.000Z

How is a nonce generated for registry creation? I see one here in `Credentials.tsx`: `AOLPzF1vRwMPo6tDfoxba1udvpu0jG_BCP_CI49rpMxK`

op1 = await client1.registries().create('issuer', 'vLEI', "AOLPzF1vRwMPo6tDfoxba1udvpu0jG_BCP_CI49rpMxK")

Number of replies: 0

pfeairheller

_Use the source, young Jedi_

Number of replies: 5

pfeairheller

```def randomNonce(): """ Generate a random ed25519 seed and encode as qb64 Returns: str: qb64 encoded ed25519 random seed """ preseed = pysodium.randombytes(pysodium.crypto_sign_SEEDBYTES) seedqb64 = Matter(raw=preseed, code=MtrDex.Ed25519_Seed).qb64 return seedqb64```

kent

Haha, reading through it now. Thanks

kent

Just saw the `vdr/eventing.py`

kent

Looks like <@U03N48D5VD1> added a version to SignifyTS ```export function randomNonce(): string { let seed = libsodium.randombytes_buf(libsodium.crypto_sign_SEEDBYTES); let seedqb64 = new Matter({ raw: seed, code: MtrDex.Ed25519_Seed }); return seedqb64.qb64; }```

kent

Thanks Arshdeep!

pfeairheller

2023-08-07T22:50:09.000Z

def randomNonce():
    """ Generate a random ed25519 seed and encode as qb64

    Returns:
        str: qb64 encoded ed25519 random seed
    """
    preseed = pysodium.randombytes(pysodium.crypto_sign_SEEDBYTES)
    seedqb64 = Matter(raw=preseed, code=MtrDex.Ed25519_Seed).qb64
    return seedqb64

Number of replies: 0

kent

2023-08-07T22:51:24.000Z

Haha, reading through it now. Thanks

Number of replies: 0

kent

2023-08-07T22:51:32.000Z

Just saw the `vdr/eventing.py`

Number of replies: 0

kent

2023-08-07T22:53:19.000Z

Looks like <@U03N48D5VD1> added a version to SignifyTS

export function randomNonce(): string {
    let seed = libsodium.randombytes_buf(libsodium.crypto_sign_SEEDBYTES);
    let seedqb64 = new Matter({ raw: seed, code: MtrDex.Ed25519_Seed });
    return seedqb64.qb64;
}

Number of replies: 0

kent

2023-08-07T22:53:23.000Z

Thanks Arshdeep!

Number of replies: 0

kent

2023-08-08T20:26:24.000Z

I was having an issue with OOBI resolution when running locally. I solved it though am posting my question here for anyone else who may run in to this issue. I’m assuming we will have a PRO plan one day so we can search all messages from the past (like Clojurians Slack in the Clojure community). It’s a tremendously valuable resource and has saved me tons of time.

Number of replies: 0

kent

2023-08-08T20:26:27.000Z

Why would the following code in `aiding.py` show an empty `roleUrls` list when running KERIA through the PyCharm IDE versus running at the command line? When running in the IDE I use the following run config: Script: *keria/src/keria* Params: *start --config-file demo-witness-oobis.json --config-dir /Users/kbull/code/keri/wot/keripy/scripts* When running at the command line, from my KERIA repository root directory, I use the following command:

keria start --config-dir scripts --config-file demo-witness-oobisAnd, of course, I use `kli witness demo` to run the witnesses and have cleaned out the KERI state with `rm -rfv ~/.keri && rm -rfv /usr/local/var/keri`

NOTE: I found my problem. It’s that the `demo-witness-oobis.json` in the KERIA repo contains the subsection for KERIA and the one in the KERIpy repo does not. Here’s the difference between the two files:
  "keria": {
    "dt": "2022-01-20T12:57:59.823350+00:00",
    "curls": [""]
  },

Number of replies: 0

kent

2023-08-08T20:26:49.000Z

TLDR: I solved my issue, just posting for posterity.

Number of replies: 0

pfeairheller

2023-08-09T20:20:45.000Z

For the repos `KERIA`, `signifypy` and `signify-ts` I created a new `development` branch that was cut from the current `main` branch and set it as the default branch for each repo. All PRs should be against `development` moving forward.

Number of replies: 0

griffin.kev

2023-08-10T16:39:34.000Z

There were a couple of "visibility" changes and one rename (conflict after exporting everything) - I'm going to go ahead and merge the docs change and set up the githubpages, unless someone has a major ocncern. Speak now...

Number of replies: 0

griffin.kev

2023-08-10T17:15:50.000Z

Ugh, my PR went in against main, so I'm trying to get dev up to date

Number of replies: 0

griffin.kev

2023-08-10T17:15:57.000Z

github thinks main is out of sync now

Number of replies: 0

pfeairheller

2023-08-10T17:16:43.000Z

Git is hard

Number of replies: 0

griffin.kev

2023-08-10T17:17:00.000Z

avoids making inflammatory comment

Number of replies: 0

petteri.stenius

2023-08-11T08:32:57.000Z

Is there information about the /notifications API of keria? What notifications are implemented and what is planned? I'd like to understand what is required when orchestrating workflows involving multiple (human) participants, such as delegation, multi-sig etc.

Number of replies: 0

pfeairheller

2023-08-11T13:35:53.000Z

The notification code from kiwiing was moved forward to KERIA as part of a general migration of functionality but with no real plan for its full implementation in KERIA. Best I can offer right now is "stay tuned" as we build out that feature.

Number of replies: 0

rodolfo.miranda

2023-08-11T13:59:30.000Z

At least, I tested notifications for `presentation/request`` and `/presentation` . See the integration test:

Number of replies: 0

petteri.stenius

2023-08-14T19:41:50.000Z

Thanks <@U03P53FCYB1>. I have seen that. In he old kiwi agent there was a number of useful notifications such as "/multisig/icp/init", "/multisig/icp/complete" and many others.

Number of replies: 0

kent

What is the purpose of the Contacts API in KERIA and Signify? Is it just for storing arbitrary data for a given AID an agent is aware of?

Number of replies: 7

rodolfo.miranda

It's similar to contacts in keripy. You can store data of your contacts, the oobis, and if the have pass a challenge.

kent

Got it. That’s helpful, thank you

pfeairheller

Yes, assigning metadata to identifiers you are interacting with.

pfeairheller

If you provide a `name=` query param to an OOBI before resolving it, that name will be assign in "contacts" to the resolved AID. And as <@U03P53FCYB1> mentioned, the challenge response handlers associate successful challenge responses to AIDs in contact data.

rodolfo.miranda

The name query param is a pro tip!!

pfeairheller

Easter Egg?

kent

Awesome, that’s really helpful, Thanks Phil. I also didn’t know the tidbit about the challenge response handlers associating successful challenge responses to AIDs in contact data. That saves me from having to put it there myself.

rodolfo.miranda

2023-08-16T15:45:02.000Z

It's similar to contacts in keripy. You can store data of your contacts, the oobis, and if the have pass a challenge.

Number of replies: 0

kent

2023-08-16T15:47:27.000Z

Got it. That’s helpful, thank you

Number of replies: 0

pfeairheller

2023-08-16T16:33:15.000Z

Yes, assigning metadata to identifiers you are interacting with.

Number of replies: 0

pfeairheller

2023-08-16T16:34:23.000Z

If you provide a `name=` query param to an OOBI before resolving it, that name will be assign in "contacts" to the resolved AID. And as <@U03P53FCYB1> mentioned, the challenge response handlers associate successful challenge responses to AIDs in contact data.

Number of replies: 0

rodolfo.miranda

2023-08-16T16:40:19.000Z

The name query param is a pro tip!!

Number of replies: 0

pfeairheller

2023-08-16T16:40:35.000Z

Easter Egg?

Number of replies: 0

kent

2023-08-16T17:40:35.000Z

Awesome, that’s really helpful, Thanks Phil. I also didn’t know the tidbit about the challenge response handlers associating successful challenge responses to AIDs in contact data. That saves me from having to put it there myself.

Number of replies: 0

kent

2023-08-16T20:48:46.000Z

Even though it’s a POST `EndRoleCollectionEnd.on_post()` seems to only return data if it exists with `msg = hab.loadEndRole(cid=pre, role=role, eid=eid)`. Is that true? I am looking for a way to determine whether the ‘agent’ endpoint role has been created for a given controller and agent pair in Signify so I can avoid having to call `SignifyClient.makeEndRole`. It looks like I already don’t have to make that call since it seems that `hab.loadEndRole` only reads from the agent database so I assume creation of the agent in the first place added the agent endpoint role, effectively the result of calling `SignifyClient.makeEndRole`. Is that correct?

Number of replies: 0

kent

2023-08-16T20:50:10.000Z

My goal is to ask an agent about its current state so I can avoid calling routes multiple times unnecessarily by looking at Agent state and deciding what has or has not been done.

Number of replies: 0

kent

2023-08-16T20:52:43.000Z

Looks like someone added what I was looking for last week with the .

Number of replies: 0

kent

2023-08-16T20:59:26.000Z

Looks like the nature of the endpoint changed to returning a long running operation in order to support multisig.

Number of replies: 0

kent

2023-08-16T21:39:26.000Z

It looks like the `main` branch of KERIA depends on the `keri.app.querying` module that is currently only on the `development` branch of KERIpy. I’m getting an ImportError in KERIA on the name ‘querying’ when I use the main branch of KERIA and the main branch of KERIpy.

Number of replies: 0

rodolfo.miranda

2023-08-16T21:45:42.000Z

note that keria, signify (py and ts) have now the development branch as default. You should be pulling from there.

Number of replies: 0

kent

2023-08-16T22:18:28.000Z

yes, i’ll pull from there, thanks.

Number of replies: 0

kent

2023-08-17T00:25:21.000Z

I’m getting a KERIA 500 server error when my SignifyTS client makes a duplicate request to `/identifiers/{aid}/endroles` endpoint. Does this look familiar?

2023-08-16 18:22:21 [FALCON] [ERROR] POST /identifiers/dc_primary/endroles => Traceback (most recent call last):
  File "falcon/app.py", line 365, in falcon.app.App.__call__
  File "/Users/kbull/code/keri/wot/keria/src/keria/app/aiding.py", line 733, in on_post
    agent.hby.rvy.processReply(rserder, tsgs=[tsg])
  File "/Users/kbull/code/keri/wot/keripy/src/keri/core/routing.py", line 199, in processReply
    self.rtr.dispatch(serder=serder, saider=saider, cigars=cigars, tsgs=tsgs)
  File "/Users/kbull/code/keri/wot/keripy/src/keri/core/routing.py", line 84, in dispatch
    fn(serder=serder, saider=saider, route=r, cigars=cigars, tsgs=tsgs, **kwargs)
  File "/Users/kbull/code/keri/wot/keripy/src/keri/core/eventing.py", line 3551, in processReplyEndRole
    accepted = self.rvy.acceptReply(serder=serder, saider=saider, route=route,
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/kbull/code/keri/wot/keripy/src/keri/core/routing.py", line 347, in acceptReply
    raise kering.ValidationError(f"Invalid reply from signer={spre}, no "
keri.kering.ValidationError: Invalid reply from signer=EFNtHlFG-SVN4cklD17ANPzPTBJPg-xaNeBHDxphmz5Z, no keys at signer's est. event sn=1.What does `no keys at signer's est. event sn=1` mean? I’d like to be able to diagnose this myself.

Number of replies: 0

kent

2023-08-17T00:26:45.000Z

What should the server return here instead of a 500?

Number of replies: 0

kent

2023-08-17T00:26:51.000Z

I imagine a 400.

Number of replies: 0

pfeairheller

2023-08-17T00:31:12.000Z

The signature on the endrole is invalid.

Number of replies: 0

nuttawut.kongsuwan

I am curious if anyone has a plan for developing SignifyRust. (or perhaps SignifyOx?) Or will Signify capability be included in the KERIOX? Thanks!

Number of replies: 4

rodolfo.miranda

I think this is the starting point:

nuttawut.kongsuwan

I see. I wasn’t aware of this repository.

jason873

I'd like to get to this at some point

nuttawut.kongsuwan

That would be awesome!

rodolfo.miranda

2023-08-22T09:47:46.000Z

I think this is the starting point:

Number of replies: 0

nuttawut.kongsuwan

2023-08-22T13:20:32.000Z

I see. I wasn’t aware of this repository.

Number of replies: 0

jason873

2023-08-23T08:44:56.000Z

I'd like to get to this at some point

Number of replies: 0

nuttawut.kongsuwan

2023-08-23T08:55:02.000Z

That would be awesome!

Number of replies: 0

kent

2023-08-24T18:24:24.000Z

Does a credential issuance have to be accepted now before it will show up in an issuee’s credential list?

Number of replies: 0

kent

2023-08-24T18:28:02.000Z

I noticed that on the latest development versions of KERIA and KERIpy issuance works differently than it did last week. Issuance is completing successfully for the issuer yet the credential is not yet showing up in the issuee’s credential list right away as it did last week. I assume this is due to what was discussed on today’s dev call where an issuee must accept a credential grant. Is that correct?

Number of replies: 2

rodolfo.miranda

2023-08-24T18:28:02.000Z

That is not implemented yet in keria. Also, due to some changes on the exn messages in latest PRs, I think that signify/keria is failing on processing some exn messages, for example on the presentations and challenge. We should wait for Phil to finish the development of this part to accommodate the code and retest.

kent

2023-08-24T18:28:02.000Z

ok, I’ll roll back my local repos and try again.

rodolfo.miranda

2023-08-24T18:29:46.000Z

That is not implemented yet in keria. Also, due to some changes on the exn messages in latest PRs, I think that signify/keria is failing on processing some exn messages, for example on the presentations and challenge. We should wait for Phil to finish the development of this part to accommodate the code and retest.

Number of replies: 0

kent

2023-08-24T18:36:39.000Z

ok, I’ll roll back my local repos and try again.

Number of replies: 0

kent

2023-08-24T18:47:43.000Z

For a temporary workaround until the `exn` message work is finished here are the Git SHAs to check out for anyone needing credential issuance to work in the short term: keripy SHA: `9db4bcaf253d4e45a25cc15dd294f99d9aa7c741` keria sha: `5bf91c08d10058c237fe7ecc0e1585be7c3f2b5f` Then just do a local install and you’re good.

Number of replies: 0

kent

2023-09-04T23:08:00.000Z

For some reason my long running op for creating an identifier is supposedly always returning `done: false` yet when I refresh my webpage and do a “get” on the identifier then it shows up as done. Anyone else had an issue like this?

Number of replies: 0

kent

2023-09-04T23:08:18.000Z

Same thing happens on registry creation.

Number of replies: 0

kent

2023-09-04T23:08:31.000Z

All in Kubernetes, of course.

Number of replies: 0

kent

2023-09-04T23:14:03.000Z

Hmm, I’m also not seeing the typical logs you’d expect like `Sending TEL events to witnesses`

Number of replies: 0

pfeairheller

2023-09-04T23:14:50.000Z

Are you polling until `done: True`?

Number of replies: 0

pfeairheller

2023-09-04T23:15:25.000Z

They are (almost always) asynchronous operations, So you are required to poll on the operation until it indicates that it is complete.

Number of replies: 0

kent

2023-09-04T23:18:46.000Z

yes, in every case

Number of replies: 0

kent

2023-09-04T23:20:11.000Z

This problem seems to be related to how I’m running KERIA in Kubernetes. I was just able to get everything to work while running the witness only in K8s and running KERIA and the vLEI server locally. I must have something wrong in my KERIA K8s configuration. I’ll keep trying things. I’m sure it’s just something small.

Number of replies: 0

pfeairheller

Are the AIDs you are creating using witnesses? Are the witnesses returning receipts. When you see the AID in the `get` call, how many receipts are there?

Number of replies: 12

kent

Which GET call are you thinking of, the one for `/identifiers/<my_id>` or the long running op?

pfeairheller

The former

kent

A GET to `/identifiers/dc_primary` for the `dc_primary` identifier returns the following ```{ "name": "dc_primary", "prefix": "EOCoYugn-KTYdMbvpRTFFZLowzK1_CyJFOYuhN7ap3Fq", "salty": { "sxlt": "1AAHYY40ZAiTVZw5UEOjnrC2u47j5iWVHqezwItB3oHChlYgJ_EYWAF7zCQYj0ILRJi4rLceTNysfNB4yyQvf9DP2C3aozXvCZHl", "pidx": 0, "kidx": 0, "stem": "signify:aid", "tier": "low", "dcode": "E", "icodes": [ "A" ], "ncodes": [ "A" ], "transferable": true }, "transferable": true, "state": { "vn": [ 1, 0 ], "i": "EOCoYugn-KTYdMbvpRTFFZLowzK1_CyJFOYuhN7ap3Fq", "s": "1", "p": "EOCoYugn-KTYdMbvpRTFFZLowzK1_CyJFOYuhN7ap3Fq", "d": "ELAIUJzdMs6VBAhV0vxaGhYw4IWJDmFOYaWpzzYp3-PD", "f": "1", "dt": "2023-09-04T23:36:59.415301+00:00", "et": "ixn", "kt": "1", "k": [ "DPlGzbTVFzvMQfSeLRt9E39G2KabOOouvqZg56XmSblM" ], "nt": "1", "n": [ "EGjoiaNo61i5sjuOAtGBB_Ojj9OSAG7rW3J0b5UpZTTQ" ], "bt": "1", "b": [ "BHOcmjmmDVU0LiK94GB19sTUfh0flyELkEKUvWI9qxWe" ], "c": [], "ee": { "s": "0", "d": "EOCoYugn-KTYdMbvpRTFFZLowzK1_CyJFOYuhN7ap3Fq", "br": [], "ba": [] }, "di": "" }, "windexes": [] }```

kent

This is after I refresh my webpage using SignifyTS which stops it from listening to the long running op. I suspect it’s as you said that the long running op never finishes.

pfeairheller

You have a backer threshold of 1 and 0 windexes

pfeairheller

That means that you have an unwitnessed event

kent

ah

kent

So my KERIA instance must not be communicating properly with my witness instance.

kent

Thanks

kent

Its so weird that it works just fine with KERIA outside of k8s and not inside k8s, even though the witness is in k8s.

pfeairheller

When it works, are you using the witness inside of k8s?

kent