-
Notifications
You must be signed in to change notification settings - Fork 71
Data Object, Attestation, Certificate
Data objects are data used in signed transactions, in smart contract output (e.g. Ethereum Event), and in attestations.
A data object is either used as an attestation (therefore signed) or in a transaction (therefore also signed). Work is in progress to use it to replace ABI in DvP transactions for security reasons (more in DvP Security). Since signed-data can't be altered without invalidating the signature, it has to stand the test of time and interoperability challenges. Since it often consumes gas it also needs to be small.
Objects need a Schema – the schema could be a unique registered number, or often in standards, a variable-length URI, typically with a version or date included https://standardschema.org/car-loan-system/2019-11 or …/v2
In present design drafts, a data object typically starts with an objectClass. This may change.
An Attestation is an Data Object with a Signature. If defined looser, it refers to anything that is signed, since signing is the act of attesting something. If defined stricter, it has two variations: pure attestation, which cannot be transferred, and convertible attestations, which can be converted into a blockchain token and thus is transferrable. Identity attestation belongs to the former category, while Ticket attestation - attesting to one's right to enter a football venue - belongs to the latter.
Traditional (x.509) certificates are a subset of attestations. An attestation can attest to any Data Object, while a certificate attests to a public key. One can have an attestation that attests to no public key (nor other forms of it like Ethereum address), for example, in a bid ("I'm willing to buy a cryptokitty with blue eyes at $30 each, valid till tomorrow"), but a certificate must contain a public key because it is what a certificate attests to.
Here is an example of how the two can be used together. Alice wishes to send 3 ethers to Bob, but he doesn't know Bob's Ethereum address. She signs a message authorising whoever can prove that he is Bob to redeem 3 Ether from her wallet (a contract). That is an attestation. Bob acquires a certificate from an authority, binding his identity to an Ethereum address. He can then use the attestation from Alice, plus his own certificate, to redeem the money from Alice's wallet.
The example simply illustrates the concept of attestation and certificate. In reality, such a protocol has to be modified to be used anonymously.