We skipped the TS meeting in the week before 7th Sep to arrange an MVP development plan for a technology discussed much earlier in the year. This note is about the meeting held on 11th Friday at 7pm.
Express of trust -> not to the TokenScript digest any more
Express of trust can be done in one of 2 ways: by a transaction to a special express-of-trust address, or by smart contract metadata. Per 2019, we agreed (against Tore's better instinct) that the express-of-trust is expressed towards a TokenScript digest (a specific TokenScript).
Today it's no longer practical thanks to the Ethereum transaction fee. On top of that, Tore has always been right that the key holders and the contract deployer/administrator are not the same people so the trust should be expressed on the signing key, not on individual TokenScript files.
There are 3 solutions:
- Express of trust is expressed towards the hash of the signing key.
- Express of trust is expressed towards the certificate of the signing key (if exist).
- Express of trust is expressed towards the CommonName (in most cases, a domain name).
We decided for the direction of the move but didn't decide which of the two solutions in that meeting, instead, collect a bit of feedback and decide it in the next meeting.
Depoyment unit is the card
Furthermore, a new signing tool is to be made that automatically signs:
- all attributes/contracts plus one card.
- Repeat that for each card.
- Finally, the whole file is signed.
That means, for a TokenScript that has 10 cards, 11 signatures will be produced. It is implied that in each signature only the needed resources are signed with each card.
This allows the deployment - typically, deploy for use on a website - to choose which card to deploy on which web page. Furthermore, a deployment tool will be made so that a web developer can take multiple tokenscripts and combine the relevant information into a single deployable file.
This used to be called "mesh-up" but I prefer not to give it a name as it merely is a deployment method. Instead of saying it's a mesh-up of tokenscript files for depoyment, we simply say that a website builder can deploy the needed cards from various tokenscripts.