-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ERC-2477 the discussion #2483
Comments
Hi there. Let's discuss ERC-2477. What is it? |
Hey the following is not true :
At Sandbox we use IPFS content-addressable url and as such these url guarantees correctness and immutability (as our contract does not allow change of metatdata uri) On that note, why not simply reuse the tokenURI standatrds and have the uri contain the hash of the data (even if it lives on a DNS domain) like |
I am glad to see it is getting used that way! Can you please provide some references for Sandbox, marketing page and implementation details? You are correct, we could have created a convention to shove hashes into a URL. There are a few reasons we have not chosen this. The strongest reason is that the World Wide Web has the same problem and they chose to use the Sub-Resource Integrity approach, which is a separate data field. And perhaps this discussion can help to strengthen the rationale in the text. Other supplementary reasons are:
|
Regarding our use of IPFS for metadata, you can find it here : https://github.com/pixowl/sandbox-smart-contracts/blob/master/src/Asset/ERC1155ERC721.sol |
As for having a separate method just for integrity, I guess it make sense, but why not instead use the multicodec format a la https://eips.ethereum.org/EIPS/eip-1577 ? And if you still need to use tokenURI / uri for backward compatibility (or because you still want to handle the serving of the data through your domain) the multicodec can serve as the integrity of the data served at As for |
I don't think it is useful to limit to what you call "Non fungible token". I think it should apply to any standard that have a tokenURI / uri method or even future standard that can reference EIP-2477. |
Thank you, all great points. Updates made: |
Hi @fulldecent I have still few comments that merit consideration in my opinion :`
This is not true, specifying the integrity of the schema in the document would not change how JSON-LD works. the @Schema would still be valid. You would just need to add an integrity field. This is backward compatible with json-ld. I would also like to see discussion on the use of a contentHash a la https://eips.ethereum.org/EIPS/eip-1577 The idea would be replace tokenURI and uri function with a more strict mechanism so integrity is builtin. New standard could use it instead of tokenURI and for old standard, they woudl still provide tokenURI as fallback but the integrity would be provided by 1577 The 2477 interface would then simply be
|
@wighawag, thank you, you have good points to bring up.
|
How do you see the scenario where the metatdata do not change but the schema does ? Were you thinking of the case where the new schema is still backward compatible with the old metadata ? Note I was not proposing to remove But if you want 2477 for existing standard, the content hash fucntion would be on top of the |
Here is a real world scenario for schema changes without metadata changes: KnightStory is "an innovative mobile RPG powered by blockchain". And according to Etherscan, its tokens are the top ERC-721 asset which has associated JSON metadata (measured by transfers, past 7 days). One of the tokens IDs is 765908694 And the Here is the token metadata: {
"name":"Lamlam",
"language":"en-US",
"image":"https://cryptodozer.io/static/images/dozer/meta/dolls/91.png",
"attributes":{"id":"91","type":"Fancy01","grade":"rainbow","star":"1"}
} There is no schema. So if this application has deployed using ERC-2477 they would have a I don't have anything bad to say about the developers at KnightStory, I don't know them. But if my experience is any indication, people will implement ERC-2477 by copying the reference implementation and (maybe) adjusting the code indent level to match the rest of the code that they just pasted it into. This means, no, I'm not expecting them to think about implementing a proper well-thought-out, internationalized, forward-thinking data schema when adding the integrity feature to that token. So I expect it will be common that people deploy ERC-2477 applications hastily, and I would like to support this development methodology by allowing them to upgrade their schema (using This includes adding a schema when previously there was none, and also as you mentioned, upgrading to a new backwards compatible schema (e.g. adding documentation to existing properties).
I don't follow here. The hash for metadata A: {
"$schema": "https://example.com/schemas/v1.json",
"$schemaIntegrity": "sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo="
"data": "moar"
} does NOT equal the hash of metadata B: {
"$schema": "https://example.com/schemas/v2.json",
"$schemaIntegrity": "sha256-someotherintegrity======================"
"data": "moar"
} So changing the schema URL in a metadata would require updating However, a looser coupling is possible: {
"$schema": "https://example.com/schemas/schema.json",
"data": "moar"
} And that allows the changing the schema only by updating the web server and updating Regarding contenthash. This specification (is it a specification?) is too new to consider building on top of. For example they have not made a 1.0 release, they are not committed to a policy of making backwards-compatible releases and they have minimal adoption outside of the IPFS Project. W3C is a much more reliable and stable specification to build on top of and so the ERC-2477 specification builds on top of SRI. That said, it could be helpful to mention the multicodec's table database (https://github.com/multiformats/multicodec/blob/master/table.csv). But I would keep this as a non-normative reference until the IPFS Project gets that file referenced in from the W3C specification (which they should totally do). |
Posting 0xcert/framework#663 here as an implementation example. |
So the only use case for having schema integrity on-chain is that the schema can change ? For those that care of the schema not being able to change, the extra function is pointless What I meant by
Was that having the schema in the metadata itself, still allow you to use different schema for later token, since the schema is per metadata. |
The latest update includes an in-depth design review, including pictures and a explanation of which designs require which on-chain data changes for which metadata changes. Also a specification is added for $schemaIntegrity inside JSON files. |
I am considering this above comment as spam. It is unrelated to this EIP, and it is proposes an incompatible alternative to NFT (i.e. not strictly compatible). I am saying nothing here about whether that proposal is good or bad. |
Let's move forward with this. We've been using it for more than a year, the implementation is good and the benefit is there. @fulldecent |
Any reason why this isn't moving forward? I believe it is ready to move to review status. |
@xpepermint @MoMannn Thank you. I addressed all remaining points in the draft and sent the PR which should be automatically merged. @coinfork do you have any implementation to share for this standard and are you good to publish? |
@fulldecent awesome, thank you! |
We can include more implementations here and at least one consumer |
There has been no activity on this issue for two months. It will be closed in a week if no further activity occurs. If you would like to move this EIP forward, please respond to any outstanding feedback or add a comment indicating that you have addressed all required feedback and are ready for a review. |
This issue was closed due to inactivity. If you are still pursuing it, feel free to reopen it and respond to any feedback or request a review in a comment. |
To discuss ERC-2477...
Simple Summary
This specification defines a mechanism by which clients may verify that a fetched token metadata document has been delivered without unexpected manipulation.
This is the Web3 counterpart of the W3C Subresource Integrity (SRI) specification.
The text was updated successfully, but these errors were encountered: