Updating DDOs Frequently


#1

Do we anticipate that DDOs will be able to be updated frequently? If one were using a DID to discover a service endpoint that was recorded in a DDO, how frequently could that endpoint be updated?

Once per week, day, hour, minute?

[Update: I should clarify that by “update” I mean associate a DID with a new DDO, not change the existing DDO.]


#2

Since Sovrin is designed to be much more performant than permissionless ledgers, I assume DDOs can be updated “often”, but I don’t know how “often” :slight_smile:

If you have information associated with your DID (service endpoints, or anything else) that changes “very often”, then you can have that information off-chain (e.g. behind an XDI endpoint), and update it any time you want.


#3

Phil, that’s a really good question with implications for the Sovrin Trust Framework. By my understanding, Sovrin, like DNS, is not being designed for a high frequency of writes, which all have to be validated by consensus, but for a high frequency of reads, which don’t.

But what should the Sovrin Trust Framework actually say about limiting the frequency of writes? What should the Sovrin community do if an identity owner (or group of owners) are pounding the ledger with writes?

Thoughts?


#4

DNS is an interesting example. I think it would be ideal if the DID (for DNS purposes) pointed to a DDO that had the DNS elements in it directly since this would make it dirt simple for people to use (i.e. don’t need a separate server to do the actual resolution and it’s well distributed).

On average, DNS is updated relatively infrequently, although it’s bursty.


#5

Limiting frequency is an interesting topic since there are various ways to solve for that. Mostly they’re the same ones we’d use to protect against DDoS attacks:

  1. Charge for writes
  2. Require some proof of work for a write
  3. Bump the problem to the stewards and make them come up with their own solution by merely requiring, via the trust framework agreements, that they limit them.

#6

@phil The idea that you could add DNS elements directly into a DDO is a new one and fascinating. You’re right that its “serverless” (from the standpoint of the identity owner—all the servers are run by stewards). But if that practice caught on, the load on the overall Sovrin ledger would be dramatically higher that we’re expecting now.

Interesting to think about, however.


#7

@phil RE limiting the frequency of writes (i.e., to prevent abuse), it’s really an extension of the question of how Sovrin as a public permissioned ledger can prevent Sybil attacks. Your list matches the four basic (non-exclusive) options described in the Privacy vs. Accountability writeup that the Sovrin Trust Framework Working Group is deliberating.

Since the Trust Framework Working Group is going to be developing a recommendation this month, I invite anyone who has not reviewed that writeup to contribute their thoughts.