CIP-0072 | Off-chain schema versioning and schema adjustments #612
Conversation
There was a problem hiding this comment.
Looks straightforward... @marcin-mazurek given that this was filed as Draft (not yet ready for review), are there any planned changes before we review it? (If not you can mark it Ready for Review, or editors can.)
rphair
added
the
Category: Metadata
|
@rphair I marked it as draft to collect some preliminary feedback internally, I'm aiming to mark it as Ready for review today. I'm sorry for the confusion, next time I'm going to ask for internal review in the repository fork. |
|
thanks @marcin-mazurek, based on what you've said in #612 (comment) I would be happy to approve it as soon as all your final changes are posted & officially marked ready. |
marcin-mazurek
changed the title
|
@rphair this is now ready for review |
There was a problem hiding this comment.
thanks @marcin-mazurek, looks good from my own point of view (not working directly with dApps) & any additional technical confirmation would also be welcome so please feel free to tag them here. 😎 cc @matiwinnetou
CIP-0072/version_1_offchain.json
Outdated
| "pattern": "(https?:\/\/(?:www\\.|(?!www))[a-zA-Z0-9][a-zA-Z0-9-]+[a-zA-Z0-9]\\.[^\\s]{2,}|www\\.[a-zA-Z0-9][a-zA-Z0-9-]+[a-zA-Z0-9]\\.[^\\s]{2,}|https?:\/\/(?:www\\.|(?!www))[a-zA-Z0-9]+\\.[^\\s]{2,}|www\\.[a-zA-Z0-9]+\\.[^\\s]{2,})" | ||
| }, | ||
| "discord": { | ||
| "type":"string", | ||
| "description": "An optional Discord link.", | ||
| "maxLength": 200, |
There was a problem hiding this comment.
What is the benefit by limiting this, if this is offchain?
There was a problem hiding this comment.
@marcin-mazurek I'd also like to know why this was added. From experience I know in the vast majority of cases it's a sensible limit, and also that the hard limit will make something fail at some future time. What is the actual risk for these values to have an arbitrary & potentially huge length?
…d other protocols. Renamed twitter to x.com
|
@rphair I made some changes, regarding the twitter vs x.com, and I modified the regex to accept more URLs and IPFS addresses. Would you pls review it again 🙏🏻 Thank you in advance ❤️ |
There was a problem hiding this comment.
thanks @danielmain everything looks even better & thanks for attending to the URL form. This is still pending acceptance by 1 other CIP reviewer (I invited them all last week) and hopefully in the meantime @marcin-mazurek will answer your pending question #612 (comment).
| "type": "string", | ||
| "description": "The platform or resource identifier (GitHub, Website, X.com, etc)" | ||
| }, | ||
| "link": { |
There was a problem hiding this comment.
All the other links have max 200 chars allowed. Should we have it here too?
There was a problem hiding this comment.
good point, thank you 😉
|
|
||
| On-chain part has a signature, which has a role to verify that a certain dApp owner made changes. In the initial version, a blake2b-256 signature was needed only for `rootHash` but following discussion, due to security concerns, decision has been made that the signature should attest the whole on-chain canonical JSON except signature field itself (because it would end up in an infinite recursion). | ||
| As any transaction in cardano network has a signature, which has a role to verify that a certain dApp owner made changes. |
There was a problem hiding this comment.
What is the rationale behind relying on transaction witnesses rather than what was originally proposed?
For me, relying on transaction signatures just adds an extra step to the verification whilst also restricting the type of keys/crypto that can be used. I also liked the property that the one registering did not have to be the one creating and submitting the Tx.
There was a problem hiding this comment.
Hi @Ryun1 thank u for the review
What is the rationale behind relying on transaction witnesses rather than what was originally proposed?
After evaluating the situation, my colleagues and I found it puzzling to require two signatures 🤷. I reached out to @matiwinnetou for clarification and discovered the additional signature was initially implemented because Blockfrost did not support witness signatures in transaction fetching a year ago. However, I personally believe that our decision should not be solely based on whether Blockfrost supports a feature or not. With tools like cardano-cli, cardano-wallet, Daedalus, and cardano-services that do support witness signatures, it seems more logical and efficient to make this CIP simpler by adhering to this available technology.
Just adds an extra step to the verification whilst also restricting the type of keys/crypto that can be used.
Indeed, our goal is to streamline the process. By focusing on simplification, we can avoid unnecessary steps in verification and avoid limiting the types of keys/crypto that can be used.
I also liked the property that the one registering did not have to be the one creating and submitting the Tx.
While this flexibility might seem advantageous, I view the requirement for the same key used in initial dApp registration for updates (such as domain changes or rebranding) as a beneficial feature. It adds a layer of security and consistency, ensuring that only authorized updates are made to a dApp.
|
Hey @marcin-mazurek, These are some sizable changes and I am curious for the reasons behind these changes. Since this is a proposed CIP, I would generally be hesitant to make such changes without incrementing the version. |
1- Simplify the dApp registration for: dApp developers and the team behind implementing the CIP |
Removed |
We incremented it to 2.0.0 also in file names, is that ok? |
Reduce effort for dApp developers when registering and reduce abiguity |
We bumped it to 2.0.0 and as far we know there are no implementations out there yet |
| } | ||
| }, | ||
| "required":[ | ||
| "subject", | ||
| "rootHash", | ||
| "type", | ||
| "signature" | ||
| "type" |
There was a problem hiding this comment.
I think we are missing the additionalProperties: false here. According to the docs by default any additional properties are allowed, which is not the case for the on-chain json. Accoring to the CIP-72 additional properties are allowed for the off-chain json, but it doesn't say the same for the on-chain one, so I guess we should restrict it.
CIP-0072/README.md
Outdated
| @@ -51,7 +52,7 @@ Stores and auditors should be able to follow the chain and find when a new dApp | |||
|
|
|||
| ### **On-chain dApp Registration Certificate** | |||
|
|
|||
| The on-chain dApp registration certificate MUST follow canonical JSON and be serialised according to RFC 8785 (https://www.rfc-editor.org/rfc/rfc8785). This stipulation is to avoid any ambigiutines in the signature calculation. | |||
| The on-chain dApp registration certificate MUST follow canonical JSON and be serialised according to RFC 8785 (https://www.rfc-editor.org/rfc/rfc8785). | |||
There was a problem hiding this comment.
Since we removed the signature, we don't need to be canonical anymore
…o-foundation#612) * Specify hashing algorithm for rootHash calculation * Add off-chain version property * Update categories with Lace DApp Store category list * Add DApp screenshot and company detail fields * Remove duplicated/ambiguous website property * Add some property length constraints and describe image requirements * Specify property length limit for the rest `social` props * Fix a typo * Enhanced the regex for URLs to be more permissive by allowing ipfs and other protocols. Renamed twitter to x.com * Removed extra signature in the on-chain metadata * Applied suggestions to have flexible social links * Logo and screenshots gives you the posibility to add base64 images and changed version to follow semver * Added examples using the new schema * Follow semver for all versions * Removed optional links, images only via base64. Added 3 new fields * Changed some descriptions and added some mandatory fields * Added screenshots as mandatory * Removed ftp for links * Added short description to be mandatory * Applied suggestions after review * Bump version to 2.0.0 and removed schema topic in rationale * There is no point defining a schema if it can be violated 🤷 * Applied suggestion, we are not signing the off-chain data anymore. * URL settings simplified * Fixed version to follow semver --------- Co-authored-by: Daniel Main <daniel@funktional.dev> Co-authored-by: Daniel Main <daniel.main.cernhoff@icloud.com>
Lace team would like to add a
versionproperty for versioning off-chain metadata following the pattern from CIP-25 as well as propose some updates to the schema based on the development done so far.Additionally, we would like to clarify the algorithm used for root hash calculation to avoid ambiguity.