Details
-
Story
-
Status: Complete
-
Medium
-
Resolution: Done
-
None
-
None
-
None
-
EV 18.16 Releasing 1.6
-
Unset
Description
Story
As a trustee of a network that has implemented a payment system, I want to use that payment system to manage writes (in particular credential definitions and schemas) to the ledger instead of requiring the use of trust anchors.
Acceptance Criteria
- Create a configuration setting: "writes-require-trust-anchor", default to True
- When the configuration is false, all users have permission to write to the ledger.
- When the configuration is true, the Trust Anchor role is required to write.
- The permission should affect all write transactions.
- Permissions should continue to enforce that only owners of existing transactions can edit them (no change to this behavior).
- The Trust Anchor role should continue to exist in case it is needed in the future.
Notes
- Payment of fees during a write is enforced by plugins, and not part of the core ledger.
- The work to make this configuration flexible across all permissions is being tracked in
INDY-1527. - We assume that all nodes in a network set this property consistently. If n-f Stewards set this flag to not require TrustAnchor role, then it will not be required the same as with other consensus driven configuration.
- We decided against only removing the need for the Trust Anchor role for credential definitions and schema definitions, but still requiring it for writing nyms.
- Requiring a Trust Anchor in order to writing a nym transaction would help us to ensure that best practices are being used--personal data is not being written to the ledger (GDPR compliance).
- We decided that it is premature to enforce best practices regarding nyms early in the life of the ledger. We should wait to see our recommendations proved in practice before adopting inflexible policies.
- We decided that we should wait until users of Indy have created formal policies for on-boarding Trust Anchors.