Comments (10)
As per @sergmetelin the Mindset we need to have is that Hedera is the Source of Truth. Every single record needs to go to Hedera first. Everything needs to be attested by the Root Authority. All of this needs to be recorded on the Hedera Consensus Service.
As per @sergmetelin , we should use IPFS for now. Everything is public and all SDK’s are available.
Definition Of Done is in the Schemas, there needs to be post a link to the Schema in the topic after we post the Schema on IPFS, we also post a Topic Message. Topic needs to be an auditable log of everything that the Root Authority does. Currently, there is no access to the linked Schema, therefore it is not auditable. Root Authority needs to create a schema, the schema is posted to IPFS, then the ID is posted to the topic. Every Root Authority action needs to be recorded under that topic, every schema, every credential. Policy has its own topic, and Root Authority has its own topic. From the moment the Root Authority came in, the Guardian should be tracking ALL of the events. Its important to have Hedera as a Source of Truth in disaster recovery (DR) situations (Shawn needs to add this as another Issue)
DOD – A Hedera Improvement Proposal, new Features, Frameworks, all in a Public manner needs to be issued describing how this works. This may be an addition to HIP 28 or a HIP 28 Updated. A flag describing how the Policy Engine works. Creating a HIP will be an entirely new Issue, @envisionblockchainpm to create as an Action Item.
from guardian.
We need to gather more requirements from Hedera on this ticket during todays Grooming.
from guardian.
Next step is to have a discussion on this as per this mornings Scrum.
from guardian.
Next Step for this is to have a meeting with developers, Serg and for Andrey to have a Review Document completed prior to this meeting. Shawn to get Serg's timing on meeting next week for another Discovery Session,
from guardian.
Next step is on Andrey to reach out to Serg for a one on one Tech Talk
from guardian.
@sergmetelin Upon deeper analysis I have concerns that using IPFS here provides any real advantages. I'll summarise them here, and hopefully we can discuss them either in a meeting of asynchronously in the ticket.
There are three options of enabling storage of information on IPFS:
- running your own nodes
- paying a service provider such as Pinata for hosting content in IPFS
- a combination of the two above
To host data on IPFS it requires running you own server, and saving content onto it. By default this information would be only available on this one server (not replicated), and only for the duration while the application/node is running. There is a way of making the data replicate which involve costs (Filecoin), or the data only gets replicated when someone else from elsewhere needs to access the file, and I believe for a limited time.
Instantiating and operating an IPFS node is not a trivial task, and is likely to provide a barrier to entry comparable to, if not more severe, using an unfamiliar API. Introducing IPFS technology will complicate Guardian solution architecture. It is much easier and cheaper to achieve geo-replicated and backed-up storage using commercial cloud providers services.
For demo/test environment running your own node seems to be the only option since costs and account setup etc for just with storing test/demo data seems to be unacceptable.
The alternative is to use Pinata service offering for IPFS access. This is simpler since no technical operations are required, and simpler to implement because Pinata offers an API for storage and retrieval. However it involves costs (if the usage goes beyond the very small volume of 'free tier') and complexities of setting up and maintaining accounts. It also introduces dependency on the external commercial service provider.
I propose we reassess the benefits of using IPFS, and consider alternatives such as for example introducing a solution based on a new set of Guardian APIs for discovering and accessing published schemas and policies on the instance. Each each instance of the Guardian would have a well-known API access point which can be accessed in various ways.
from guardian.
As of today, Andrey is discussing this with @sergmetelin .
from guardian.
The outcome of the conversation is the following design which is an MVP for the public availability of schemas and policies only:
- Local Guardian instance includes a DB which contains drafts and 'cached' published policies and schemas
- When a schema or a policy version is published it becomes immutable and is uploaded onto the IPFS via nft.storage API. NFT Storage guarantees the permanence of the uploaded info on IPFS.
- The ID of the published schema/policy is posted into the corresponding Hedera topic.
- This should work with the versioning functionality as per #46
There will be another ticket to do with the 'discoverability' of assets (Policies, Schemas) and their 'import' into a Guardian instance for DR and other reasons.
There is a broader ticket #324 that covers all the work we are going to do to decentralise Guardian, beyond to just publishing schemas/policies on IPFS.
Please note that published data need to be verifiably immutable as per #162.
from guardian.
Next step:
- @Pyatakov design session with development for the functionality
from guardian.
Alex has this been Designed and have you reviewed with the Development Team?
from guardian.
Related Issues (20)
- Error 500 Can not resolve reference: ipfs://xxx: Create a new project as pp / TestNet
- Comparing schemas returns 422 in some cases
- Policies with a side navigation bar work incorrectly when the cache is turned on
- Filtering data for blocks is stateful API, introduce stateless data filters for API usage. HOT 2
- Implement Form View for Image Tags
- Need to implement Messaging functionality like Q&A
- Emissions Reduction/Removals (ERRs)Calculation Pre-Calculator in Guardian HOT 2
- Error when using the "Record/Run" function in Guardian
- Suggestions: Label text doesn't fit well in cards and also the view of card and model is different
- Restore doesn't work for accounts with custom DID if user uses generated DID
- Indexer API HOT 1
- Refreshing of available filter state on Guardian (Potential Caching Issue) HOT 2
- [Dry run API] Creation of new users returns all users. HOT 2
- [UI/DATA BUG]: Dupplicated project after it has been approved by the SR HOT 2
- Policy Table Updates: Make table cell height increasing base on content
- 429 status code error when minting token through Managed Guardian Service (MGS) on TestNet HOT 1
- Wrong fonts and styles in warning dialog
- Compare: in Policy/Schemas after clicking on left menu (not links) page showing white screen
- Exporting Project Data in CSV format
- Feedback Management
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from guardian.