d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5fc90e19139ed2e618a3eba1fc90238208cef8a2
proxmox/docs/03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md
defiQUG 7ac74f432b chore: sync docs, config schemas, scripts, and meta task alignment 
- Institutional / JVMTM / reserve-provenance / GRU transport + standards JSON
- Validation and verify scripts (Blockscout labels, x402, GRU preflight, P1 local path)
- Wormhole wiring in AGENTS, MCP_SETUP, MASTER_INDEX, 04-configuration README
- Meta docs, integration gaps, live verification log, architecture updates
- CI validate-config workflow updates

Operator/LAN items, submodule working trees, and public token-aggregation edge
routes remain follow-up (see TODOS_CONSOLIDATED P1).

Made-with: Cursor
2026-03-31 22:31:39 -07:00

104 lines
3.4 KiB
Markdown
Raw Blame History

# DBIS Hyperledger Identity Stack Decision
**Last updated:** 2026-03-29
**Purpose:** Make the Aries / AnonCreds / Ursa decision path explicit for the DBIS RTGS program so these layers do not remain vague “maybe required” items.
## Current conclusion
For the current DBIS RTGS program, the identity stack is **not yet frozen** as part of the canonical RTGS rail, but the repo and live environment now prove:
- a deployed Aries agent layer on primary `6500`
- a deployed AnonCreds-capable wallet path via ACA-Py `askar-anoncreds`
The repo and live environment still do **not** yet prove:
- a deployed AnonCreds issuance / verification flow in the RTGS business path
- an explicit Ursa runtime dependency that operators must manage directly
## Recommended decision framework
### Option A — Minimal first production slice
Use:
- Chain 138 / Besu
- FireFly primary
- OMNL / Fineract
- selected HYBX sidecars
Do **not** require Aries / AnonCreds / Ursa in the first production slice.
Use this option if:
- the initial RTGS program does not require decentralized credential exchange
- institution identity and compliance are satisfied through existing banking / regulatory processes
- the team wants to avoid holding up settlement on unresolved identity-stack deployment work
### Option B — Identity-enhanced RTGS slice
Include:
- Aries agents
- AnonCreds issuer / holder / verifier roles
- Ursa-backed cryptographic path if required by the selected stack
Use this option if:
- the RTGS design requires verifiable credentials as a first-class runtime dependency
- participant admission, authorization, or compliance checks depend on decentralized identity flows
- DBIS wants credential verification to be part of the operational settlement path, not only a future capability
## Recommended default
**Recommended default:** Option A for the first production slice.
Reason:
- Aries / AnonCreds runtime is now deployed, but it is not yet integrated into the canonical RTGS flow.
- Requiring full credential issuance / verification now would still expand the critical path materially.
- The current gating problems are still in banking-rail orchestration and interoperability, not in simply hosting an identity-agent runtime.
## What must be decided if Option B is chosen
### Aries
- agent placement
- wallet / DID model
- mediation / routing model
- protocol set used in production
- operational ownership and observability
### AnonCreds
- issuer role
- holder role
- verifier role
- schema and credential-definition lifecycle
- revocation model
### Ursa
- whether it is an explicit operator-managed dependency
- whether it is only an indirect library/runtime concern
- what cryptographic controls or attestations it adds to the program
## Production-gate rule
- If Option A is chosen:
- Aries / AnonCreds / Ursa are marked `out of scope for first production slice`
- they do not block first RTGS activation
- If Option B is chosen:
- none of them can stay as planning-only items
- they must have:
- deployment runbooks
- runtime health checks
- ownership
- end-to-end validation
## Related artifacts
- [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md)
- [DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md](DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md)
- [dbis_chain_138_technical_master_plan.md](../../dbis_chain_138_technical_master_plan.md)
- [TODO_TASK_LIST_MASTER.md](../00-meta/TODO_TASK_LIST_MASTER.md)
Reference in New Issue View Git Blame Copy Permalink