I'm making some exercises to get to know Daml and one of the exercises involves the transfer of an Asset from a Party to another Party. Everything works correctly, but I’ve noticed that the owner of the previous Asset contract is marked as ‘Witness’ of the new Asset contract (At Assets.Asset:Asset, the contract with ID #8:2 has Alice marked with a W, Witness).
I was intrigued with that. What does it means a Party being a ‘Witness’ of a contract and what are its implications? I didn’t found an answer for it in the documentation…
Here is some of the code I’ve used. I’ve applied the propose-accept pattern.
template HolderRole
with
operator : Party
holder : Party
where
signatory operator, holder
key (operator, holder) : (Party, Party)
maintainer key._1
controller holder can
nonconsuming ProposeAssetTransfer : ContractId AssetTransferProposal
with
receiver : Party
assetCid : ContractId Asset
do
exercise assetCid ProposeTransfer with receiver
nonconsuming AcceptAssetTransfer : ContractId Asset
with
assetTransferProposalCid : ContractId AssetTransferProposal
do
exercise assetTransferProposalCid AssetTransferProposal_Accept
template Asset
with
issuer : Party
owner : Party
symbol : Text
quantity : Decimal
where
signatory issuer, owner
controller owner can
ProposeTransfer : ContractId AssetTransferProposal
with
receiver : Party
do
create AssetTransferProposal with receiver, asset = this, assetCid = self
template AssetTransferProposal
with
receiver : Party
asset : Asset
assetCid : ContractId Asset
where
signatory asset.owner, asset.issuer
controller receiver can
AssetTransferProposal_Accept : ContractId Asset
do
create asset with owner = receiver
assetTransferTest = script do
...
-- Transfer an Asset to another Party
assetTransferProposalCid <- submit alice do
exerciseByKeyCmd #HolderRole (operator, alice) ProposeAssetTransfer
with receiver = bob, assetCid = assetCid
-- Accept a transfer
submit bob do
exerciseByKeyCmd #HolderRole (operator, bob) AcceptAssetTransfer
with assetTransferProposalCid = assetTransferProposalCid
This means that Alice saw the creation of the new contract (#8:2) because she was a party to the old contract (#6:2) at the time it was consumed by Bob exercising AcceptAssetTransfer on HolderRole. The implications are that Alice could see that Bob became the new owner of Asset but will not see any future events that involve Asset such as it being archived as a result of sending the asset to another Party.
Additionally even though Alice saw/witnessed the creation of the new contract she cannot query for it after the one time event where she witnessed it.
Sometimes the docs are a bit hard to search so here's some relevant links:
A simple overview of the meaning of S, O, W, and D in the Script output
The ledger privacy model
A more detailed explanation on witnessing and divulgence
An explanation of contract consumption in general
As this question was also asked simultaneously on our forum further discussion may be located here.
Related
I want to look at libraries that can implement crypto functions to validate digital signatures.
There's no built-in function to validate signatures in Daml. All signature validation happens through the signatory declaration on templates which should be flexible enough via various patterns to handle signatures validation however you need.
It would be helpful to understand what you're trying to achieve with signature verification.
In cryptocurrencies, public cryptographic primitives are needed since public keys define the identity, in other words the signatures need to be verifiable publicly. In Daml this is usually not needed, since party defines the identity and most information is inherently private to some group. As such, public verification isn't a common use case.
One way to use cryptographic primitives alongside Daml is to have clients of the Ledger API(s) sign and verify signatures. For example, if I want to authenticate that a specific human is performing an action based on a smart card in their possession, part of the workflow could include:
a party verifier create a random nonce as a challenge which is written to a contract
a party alice use her smart card to sign the nonce and submitting the signature as a choice parameter
party verifier validate the signature in order to progress the workflow
If you are using DAML, below is the code to accept crypto coin issued, here you can add your conditional verify or check coinAgreement.issuer go here
For e.g. verify he is both issuer and owner
coinIssuerVerify <- queryFilter #coinIssuerVerify issuer
(\cI -> (cI.issuer == issuer) && (cI.owner == owner))
template CoinIssue
with
coinAgreement: CoinIssueAgreement
where
signatory coinAgreement.issuer
controller coinAgreement.owner can
AcceptCoinProposal
: ContractId CoinIssueAgreement
do create coinAgreement
So i got this problem with with authorization. I made a small voting system that contains an amount of actors contracts that are given in scenario (see actor template below). I need every party that I have defined in my yaml file to be able to see these contracts. However only the party that created the contract, can see it. DAML is built around authorization so only those specified are able to see and use a contract (party is signatory or observer). But then how would i make every contract of a certain template visible to all parties? I can't specify them as a observer. Is it maybe possible to define a template containing a observer list that has all parties inputted and i can forward to every actor contract instance as observer?
template Actor
with
created_by : Party
username : Text
name : Text
email : Text
bankIban : Text
role : Text
where
signatory created_by
I think the idiomatic way to achieve this is not to model it within DAML itself.
You instead codify this logic in an external auth system by hooking it up to something like auth0 as explained in https://blog.daml.com/daml-driven/easy-authentication-for-your-distributed-app-with-daml-and-auth0. Eg think how you'd normally do it in a RDBMS. You'd have users table, they have a role, a role can have permissions etc.
You can then introduce a generic party called ActorAccess (Role) and make it an observer of the Actor contract. You then configure auth0 to give Alice and Bob this grant to actAs this party or something like this.
https://docs.daml.com/app-dev/authentication.html, has a couple of fields in the token called readAs, actAs which achieve different goals based on the table in the docs.
auth0 will then issue a JWT token with these details and you can subscribe to the ledger api event stream and observe the events by this template type now that Alice and Bob are stakeholders of whatever contracts have ActorAccess party on it.
No idea if that is correct but worth a go.
So i figured it out. For those struggling with this in the future. My suggestion for possible solution worked. I created a template Observer which i inputted the parties in scenario. I then created another template called Create_actor allowing to create an Actor template with a choice inputting the observer template as datatype and referencing to observer:
template Observers
with
superuser : Party
observers : Set Party
where
signatory superuser
template Create_Actor
with
current_login : Party
username : Text
name : Text
email : Text
bankIban : Text
role : Text
observers_list_id : ContractId Observers
where
signatory current_login
choice Load_all_actor_observers : ContractId Actor
controller current_login
do
observers_list <- fetch observers_list_id
create Actor with created_by = current_login; username = username; name = name; email = email; observers_list_id = observers_list_id; observers = observers_list.observers, bankIban = bankIban; role = role
template Actor
with
created_by : Party
username : Text
name : Text
email : Text
bankIban : Text
role : Text
observers_list_id : ContractId Observers
observers : Set Party
where
signatory created_by
observer observers
I was goin through the documentation of INDY , in the example with alice,faber and thrift , the part where the credentials are validated is mentioned as
Acme got all the requested attributes. Now Acme wants to check the
Validity Proof. To do it Acme first must get every Credential Schema
and corresponding Credential Definition for each identifier presented
in the Proof, the same way that Alice did it. Now Acme has everything
to check Job-Application Proof from Alice.
Where can I find more details on this validation process ? At this moment acme has apply_job_prrof sent by the Alice agent.
Has this apply job proof ,been signed by Alice ?
So Identification information ,the Transcript details , ( the actual
details are fetched from the blockchain by alice and she just adds
it to the payload ) ?
How does the validation actually work ? What stops Alice from
fabricating a wrong payload?
Indy implements the Aries approach to credential verification. See the following Aries RFC standard:
https://github.com/hyperledger/aries-rfcs/tree/master/features/0037-present-proof
The Indy anoncreds design is detailed here:
https://github.com/hyperledger/indy-sdk/tree/master/docs/design/002-anoncreds
The step-by-step example is here:
https://github.com/hyperledger/indy-sdk/tree/master/docs/how-tos/negotiate-proof
And the cryptographic details are in Hyperledger Ursa:
https://github.com/hyperledger/ursa-docs/tree/master/specs/anoncreds1
I have an account which I registered as an amazon developer. (Let's call this the developer account)
I have another account which I am treating as the seller account (also an amazon developer account). (Let's call this seller account)
I want my developer account to make requests to amazon on behalf of the seller.
So seller calls my developer app, which talks to Amazon.
According to the terms and conditions, I must use the developer's access and secret key.
I have given my seller the developer ID and I have a Seller Id, Marketplace Id, and a MWS Auth Token.
However, I'm not sure how to get a MWSConnection working since it appears boto doesn't have a parameter for entering the MWS Auth Token
I have tried.
access_key_id = developer_access_key_id
secret_key = developer_secret_key
seller_id = seller_id
MWSConnection(access_key_id, secret_key, SellerId=seller_id)
This results in a failure of AccessDenied
Is there a way to get this working, where I (the developer) can make a request on behalf of someone else (the seller)?
Some things that may not be your problem, but might be
A couple of stabs at what may be your problems before a more explicit solution:
boto3 doesn't support MWS. If you're using it, it will not work. Use boto
MWS in regions that are not North America (NA) require additional configuration that you may not be providing
What your problem probably is...
You're coming in and trying to set the SellerID in the args of MWS with:
MWSConnection(access_key_id, secret_key, SellerId=seller_id)
You should probably be doing it like this instead:
from boto import mws
from boto.mws.connection import MWSConnection
accessKey = developer_access_key_id # Python prefers camelCase
secretKey = developer_secret_key # Python prefers camelCase
merchantID = "XXXXXXXXXX" # You never specified this
mws = MWSConnection(accessKey, secretKey)
mws.Merchant = merchantID
mws.SellerId = merchantID
While it is possible to pass in the SellerId through a keyword argument I believe that you have to specify all the named arguments unless you know what their explicit order is.
Arguments to a python function are essentially a dictionary and python just does some convenience for you to line up the order of invocation with the order of declaration. That's why you can be explicit and use argumentName = argumentValue, ... in any order in the invocation and still have your function work.
I am developing application with In app feature and need to purchase again and again according to need of user, but the application gets crash when we try to purchase product again with fallowing error message--The original purchase must be reported as fulfilled before you can try to repurchase
I tried using ReportProductFulfillment(pID); but not sure about the position to use this method,
please suggest me what to do?
Note-my product is consumable
Thanks.
Had you used this method?Please try this When receipt came from server(Windows Store).
ReportProductFulfillment(productId);
// Summary:
// Notifies the marketplace that the application has delivered the paid-for
// goods to the user. You cannot repurchase a product until you have confirmed
// its delivery using this method
//
// Parameters:
// productId:
// The ID of the product that has been delivered to the user.
public static void ReportProductFulfillment(string productId);