faisal00813
diff --git a/‎docs/configuration.md
+10-19 b/‎docs/configuration.md
+10-19
diff --git a/‎docs/how-tos/fully-qualified-did-support.md
+162 b/‎docs/how-tos/fully-qualified-did-support.md
+162
diff --git a/‎docs/how-tos/transaction-author-agreement.md
+138 b/‎docs/how-tos/transaction-author-agreement.md
+138
diff --git a/‎libindy/include/indy_ledger.h
+3-1 b/‎libindy/include/indy_ledger.h
+3-1
diff --git a/‎libindy/src/api/ledger.rs
+3-1 b/‎libindy/src/api/ledger.rs
+3-1
diff --git a/‎libindy/src/api/payments.rs
+3-1 b/‎libindy/src/api/payments.rs
+3-1
diff --git a/‎wrappers/ios/libindy-pod/Indy/Wrapper/IndyLedger.h
+3-1 b/‎wrappers/ios/libindy-pod/Indy/Wrapper/IndyLedger.h
+3-1
@@ -14,6 +14,9 @@ This document contains information on how Indy-SDK components can be configured.
     * [Error Handling](#error-handling)
     * [Runtime](#runtime)
     * [Transaction Endorser](#eransaction-endorser)
+    * [Transaction Author Agreement](#transaction-author-agreement)
+    * [Fully-Qualified Identifiers](#fully-qualified-Identifiers)
+
 * [Indy-CLI](#indy-cLI)
     * [Options](#options)
     * [Config](#config)
@@ -160,6 +163,12 @@ Instead, I will have a relationship with an endorser who will endorse my transac
 1. Transaction author sends the request to the Endorser (out of scope).
 1. Transaction Endorser signs the request (as of now `indy_multi_sign_request` must be called, not `indy_sign_request`) and submits it to the ledger.
 
+#### Transaction Author Agreement
+See [document](./how-tos/transaction-author-agreement.md)
+
+#### Fully-Qualified Identifiers
+See [document](./how-tos/fully-qualified-did-support.md)
+
 ## Indy-CLI
 There is a Command Line Interface (CLI) built over Libindy which provides a set of commands to:
 * Manage wallets
@@ -213,22 +222,4 @@ An example of a batch script:
     ```
 
 #### Transaction Author Agreement
-CLI uses session-based approach to work with Transaction Author Agreement.
-
-##### TAA acceptance Workflow
-1. On CLI start: Pass a config JSON file containing a label of mechanism how a user is going to accept a transaction author agreement.
-    `indy-cli --config <path-to-config-json-file>` where config looks like:
-    ```
-    {
-      "taaAcceptanceMechanism": "Click Agreement",
-      .....
-    }
-    ```
-    The list of available acceptance mechanisms can be received by sending `get_acceptance_mechanisms` request to ledger.
-1. On `pool connect` command execution: User will be asked if he would like to accept TAA.
-User either can accept it or skip and accept it later by `pool show-taa` command.
-    
-    Note that accepting TAA one time on `pool connect` or `pool show-taa` is a CLI-specific behavior that actually caches value for future uses.
-    Actual TAA check will be performed on write requests sending only.
-
-1. On write request sending to Ledger: TAA will be appended to requests.
+See [document](./how-tos/transaction-author-agreement.md)
@@ -0,0 +1,162 @@
+## Fully-Qualified identifiers
+
+General format of fully-qualified identifier is `<prefix>:<method>:<value>`.
+* Prefix: specifies entity type:
+    * `did` - DID
+    * `schema` - Schema Id
+    * `creddef` - Credential Definition Id
+    * `revreg` - Revocation registry Id
+* Method: specifies the network this entity belongs to.
+* Value: the main part of identifier.
+
+### Libindy
+
+##### Creation
+
+* use `indy_create_and_store_my_did` function with specifying of `method_name` field inside `did_info` parameter to create fully qualified DID. 
+    ```
+    (did, verkey) = indy_create_and_store_my_did(..., '{"method_name": "indy"}')
+    ```
+
+* use `indy_qualify_did` function to update DID stored in the wallet to make it fully qualified, or to do other DID maintenance.
+This functions also updates all DID related entities stored in the wallet to point on new identifier.
+    ```
+    fully_qualified_did = indy_qualify_did(did)
+    ```
+
+Every time you use fully-qualified DID to create a dependent entity like `Schema`, `Credential Definition` or `Revocation Registry Definition` they will have fully qualified form also.   
+
+#### Anoncreds workflow
+
+As we have released Fully-Qualified identifiers, we can work with both identifier formats in a compatible way. 
+There are some cases when Fully-Qualified entity must be converted to Unqualified form.
+You can use `indy_to_unqualified` function for these cases.
+
+This function can accept the following entities: 
+* DID
+* SchemaId 
+* CredentialDefinitionId 
+* RevocationRegistryId 
+* Schema
+* CredentialDefinition
+* RevocationRegistryDefinition
+* CredentialOffer
+* CredentialRequest
+* ProofRequest
+
+Examples:
+* DID:  
+    ```
+    indy_to_unqualified("did:sov:NcYxiDXkpYi6ov5FcYDi1e") == "NcYxiDXkpYi6ov5FcYDi1e"
+    ```
+* SchemaId:
+    ```
+    indy
+    ```
+* CredentialDefinitionId:
+    ```
+    indy_to_unqualified("creddef:sov:did:sov:NcYxiDXkpYi6ov5FcYDi1e:3:CL:schema:sov:did:sov:NcYxiDXkpYi6ov5FcYDi1e:2:gvt:1.0:tag") == "NcYxiDXkpYi6ov5FcYDi1e:3:CL:NcYxiDXkpYi6ov5FcYDi1e:2:gvt:1.0:tag"
+    ```
+
+
+Let's consider Credential Issuance and Proof Presentation for different cases.
+
+* FQ - fully-qualified
+* U - unqualified
+
+##### Credential Issuance
+
+* Issuer (FQ) - Holder (U) 
+    * Issuer creates DID in the fully qualified way. 
+      Schema and CredentialDefinition created based on this DID will be fully-qualified also.
+      There are two cases here:
+        * Issuer use Ledger to publish related transactions - these entities will be unqualified automatically. So, Prover and Verifier will get unqualified form from the Ledger.
+        * Issuer don't use Ledger - he must call `indy_to_unqualified` with `cred_offer_json` to get unqualified form.
+        
+    * Issuer creates Credential Offer for Holder using fully-qualified Credential Definition Id. 
+      The next step Issuer must call `indy_to_unqualified` with `cred_offer_json` to get unqualified form of Credential Offer. 
+      Issuer must send this unqualified form to Holder and must use it later on credential creation.
+      
+    * The next steps from Issuer and Holder do as usual.
+      Credential will contain unqualified identifiers.
+      Holder can make unqualified Proofs.
+    
+* Issuer (FQ) - Holder (FQ)
+    * All steps Issuer and Holder do as usual.
+      All identifiers will be in fully-qualified form.
+      Credential will contain fully-qualified identifiers. 
+      Holder can make as unqualified as fully-qualified Proofs depend on Proof Request.
+      
+* Issuer (U) - Holder (U)
+    * All steps Issuer and Holder do as usual.
+      All identifiers will be in unqualified form.
+      Credential will contain unqualified identifiers.
+      Holder can make unqualified Proofs.
+      
+* Issuer (U) - Holder (FQ) 
+    * All steps Issuer and Holder do as usual.
+     Holder can handle unqualified identifiers as well.
+     All identifiers will be in unqualified form.
+     Credential will contain unqualified identifiers.
+     Holder can make unqualified Proofs.
+
+##### Proof Presentation
+
+Proof Requests supports versioning (`ver` field). 
+This field specifies whether proof must be full qualified or not. 
+This also specifies whether proof request restrictions are full qualified or not:
+- omit or set "1.0" to use unqualified identifiers. 
+- set "2.0" to use fully qualified identifiers. 
+
+    * All steps Issuer and Holder do as usual.
+
+
+
+* Verifier (FQ) - Prover (U) 
+    * Verifier should set `ver` field as '1.0' or omit it on Proof Request.
+        * if restrictions are fully-qualified Verifier must call `indy_to_unqualified` function with `proof_request_json` to get unqualified form. 
+        * if there are no restrictions or they are in unqualified form -- no additional steps are needed.
+    
+    * There are no changes from Prover side on Proof preparation.
+    
+    * Verifier -- proof verification -- must use *_id's (`schema_id`, `cred_def_id`, `rev_reg_id`) listed in `proof[identifiers]` as the keys for corresponding `schemas_json`, `credential_defs_json`, `rev_reg_defs_json`, `rev_regs_json` objects.
+
+* Verifier (FQ) - Prover (FQ) 
+    * Verifier can use as fully-qualified as unqualified format on ProofRequest preparation (set corresponded `ver`). 
+        - omit or set "1.0" to get unqualified Proof
+        - "2.0" to get fully-qualified Proof
+    
+    * There are no changes from Prover side on Proof preparation.
+
+    * Verifier -- proof verification -- must use *_id's (`schema_id`, `cred_def_id`, `rev_reg_id`) listed in `proof[identifiers]` as the keys for corresponding `schemas_json`, `credential_defs_json`, `rev_reg_defs_json`, `rev_regs_json` objects.
+
+* Verifier (U) - Prover (FQ) 
+    * Verifier should set `ver` field as '1.0' or omit it on Proof Request preparation.
+    
+    * There are no changes from Prover side on Proof preparation. Generated Proof will be in unqualified form.
+    
+    * All steps Verifier and Prover do as usual.
+
+* Verifier (U) - Prover (U) 
+    * All steps Verifier and Prover do as usual.
+      All identifiers will be if unqualified form.
+
+##### Ledger API limitations
+* You can create ledger requests with passing both Fully-Qualified and Unqualified entities. Out requests will be in unqualified form.  
+* All Ledger API parsers return entities in unqualified form. 
+* Cashing API return result in the same form as used ID.
+
+
+### Indy-CLI
+
+##### Creation
+Use `did new` command with passing `method` parameter to create fully-qualified DID.
+
+Example: `did new method=indy`
+
+### Libvcx
+
+##### Agent provisioning
+1. Prepare provisioning config json. Append `did_method` field to this config.
+2. Call `vcx_provision_agent` function with this config json. As result all generated DIDs will be in fully-qualified form.
+3. Credential Issuance and Proof Presentation related entities will be generated automatically based on the type of remote DID.
@@ -0,0 +1,138 @@
+## Transaction Author Agreement
+
+Due to legal nuances Indy network should support flow to receive explicit confirmation from any transaction author that he accepts the following reality. The ledger is public and immutable and by writing data to the ledger the user will not be able to exercise the right to be forgotten, so no personal data should be published to the ledger. For some instances this flow may be must have, but not required for other instances at all. So this functionality should be implemented on Indy side as optional.
+
+Actors and Terms: 
+* Transaction Author (TA) - Any person who would like to write any data to the ledger
+* Transaction Author Agreement (TAA) - The text of agreement between network users and government
+* Acceptance mechanism list (AML) - Description of the ways how the user may accept TAA
+
+IndySDK provides API to:
+* Build request for setting TAA and AML on the Ledger.
+* Build request for getting TAA and AML set on the Ledger.
+* Append TAA acceptance data to request before signing and submitting of them to the Ledger.
+
+
+### Liibndy
+
+#####  Trustee set up AML and TAA on the Ledger
+1. Set AML on the Ledger:
+```
+acceptance_mechanisms_request = build_acceptance_mechanisms_request(.., '{"example label":"example description"}', "1.0", ...)
+sign_and_submit_request(.., acceptance_mechanisms_request)
+```
+2. Set TAA on the Ledger:
+```
+txn_author_agreement_request = build_txn_author_agreement_request(.., "example TAA text", "1.0", ...)
+sign_and_submit_request(.., txn_author_agreement_request)
+```
+
+3. Use empty text to reset TAA on the ledger.
+
+Please NOTE that AML should be set first.
+
+
+##### User get AML and TAA set on the Ledger
+1. Get AML set on the Ledger:
+```
+get_acceptance_mechanisms_request = build_get_acceptance_mechanisms_request(.., current_timestamp, ...)
+response = submit_request(.., get_acceptance_mechanisms_request)
+aml = response["result"]["data"]["aml"]
+```
+Result data is a map where keys are AML labels and values are their descriptions.    
+You should choose one label for future usage. 
+
+In our case:
+- AML looks: `{"example label":"example description"}`.
+- We will use `example label` label later to append TAA data to request.
+
+2. Get TAA set on the Ledger:
+```
+get_txn_author_agreement_request = build_get_txn_author_agreement_request(..)
+response = submit_request(.., txn_author_agreement_request)
+text = response["result"]["data"]["text"] // example TAA text
+version = response["result"]["data"]["version"] //1.0
+```
+
+We will use `text` and `version` later to append TAA data to request.
+Otherwise you can calculate `digest` as sha256 hash on concatenated strings: `version` || `text`.
+In our case `digest` is sha256(`1.0example TAA text`)
+
+##### User send write transactions to the Ledger
+```
+nym_req = indy_build_nym_request(...)
+time_of_acceptance = get_current_timestamp
+nym_req = indy_append_txn_author_agreement_acceptance_to_request(nym_req, "example TAA text", "1.0", null, "example label", time_of_acceptance)
+indy_sign_and_submit_request(.., nym_req)
+```
+
+**Note**: The flow for sending of Payment transaction is different because plugin does signing internal.
+You must pass TAA data as part of `extra` parameter.
+```
+extra = indy_prepare_payment_extra_with_acceptance_data(..., "example TAA text", "1.0", null, "example label", time_of_acceptance)
+payment_req = indy_build_payment_req(..., extra)
+submit_request(.., payment_req)
+```
+
+### Indy-CLI
+
+CLI uses session-based approach to work with Transaction Author Agreement.
+
+##### TAA setup workflow
+* `ledger txn-acceptance-mechanisms` - send TAA Acceptance Mechanisms to the Ledger
+
+    Example: `ledger txn-acceptance-mechanisms aml={"Click Agreement":"some description"} version=1` 
+    
+* `ledger txn-author-agreement` - send Transaction Author Agreement to the Ledger. 
+
+    Example: `ledger txn-author-agreement text="Indy transaction agreement" version=1` 
+    
+##### TAA acceptance workflow
+1. On CLI start: Pass a config JSON file containing a label of mechanism how a user is going to accept a transaction author agreement.
+    `indy-cli --config <path-to-config-json-file>` where config looks like:
+    ```
+    {
+      "taaAcceptanceMechanism": "Click Agreement",
+      .....
+    }
+    ```
+    The list of available acceptance mechanisms can be received by sending `get_acceptance_mechanisms` request to ledger.
+1. On `pool connect` command execution: User will be asked if he would like to accept TAA.
+User either can accept it or skip and accept it later by `pool show-taa` command.
+    
+    Note that accepting TAA one time on `pool connect` or `pool show-taa` is a CLI-specific behavior that actually caches value for future uses.
+    Actual TAA check will be performed on write requests sending only.
+
+1. On write request sending to Ledger: TAA will be appended to requests.
+
+### Libvcx
+
+VCX stores TAA data into internal settings which defines library behaviour and use it write transaction sending.
+
+There are two ways of setting TAA:
+
+1. using `vcx_init_with_config` function.
+This function is some kind of entry point which initializes library. 
+It accepts `config` as a parameter, does it processing and stores some values into the internal state for future needs.
+So, you can append the TAA data to this config:
+```
+{ 
+ ...., 
+ "author_agreement": "{
+    \"taaDigest\": \"string\", 
+    \"acceptanceMechanismType\":\ "string\", 
+    \"timeOfAcceptance\": u64}" 
+ },
+ ...
+}
+```
+This TAA data will be used for sending write transactions to Ledger. 
+You either can specify `taaDigest` or combination of `text: "string"` and `version: "string"` fields.
+
+Please NOTE that vcx config values must be represented as strings.
+
+2. using `vcx_set_active_txn_author_agreement_meta` function at any time after initialization 
+This function set transaction author agreement data as active (or change) which will be used for sending write transactions to Ledger. 
+
+
+Use `vcx_get_ledger_author_agreement` function to get author agreement and acceptance mechanisms set on the Ledger.
@@ -1226,7 +1226,9 @@ extern "C" {
     /// text and version - (optional) raw data about TAA from ledger.
     ///     These parameters should be passed together.
     ///     These parameters are required if taa_digest parameter is omitted.
-    /// taa_digest - (optional) hash on text and version. This parameter is required if text and version parameters are omitted.
+    /// taa_digest - (optional) digest on text and version.
+    ///     Digest is sha256 hash calculated on concatenated strings: version || text.
+    ///     This parameter is required if text and version parameters are omitted.
     /// mechanism - mechanism how user has accepted the TAA
     /// time - UTC timestamp when user has accepted the TAA. Note that the time portion will be discarded to avoid a privacy risk.
     ///
 
@@ -2191,7 +2191,9 @@ pub extern fn indy_build_get_acceptance_mechanisms_request(command_handle: Comma
 /// text and version - (optional) raw data about TAA from ledger.
 ///     These parameters should be passed together.
 ///     These parameters are required if taa_digest parameter is omitted.
-/// taa_digest - (optional) digest on text and version. This parameter is required if text and version parameters are omitted.
+/// taa_digest - (optional) digest on text and version.
+///     Digest is sha256 hash calculated on concatenated strings: version || text.
+///     This parameter is required if text and version parameters are omitted.
 /// mechanism - mechanism how user has accepted the TAA
 /// time - UTC timestamp when user has accepted the TAA. Note that the time portion will be discarded to avoid a privacy risk.
 /// cb: Callback that takes command result as parameter.
 
@@ -897,7 +897,9 @@ pub extern fn indy_parse_payment_response(command_handle: CommandHandle,
 /// text and version - (optional) raw data about TAA from ledger.
 ///     These parameters should be passed together.
 ///     These parameters are required if taa_digest parameter is omitted.
-/// taa_digest - (optional) digest on text and version. This parameter is required if text and version parameters are omitted.
+/// taa_digest - (optional) digest on text and version.
+///     Digest is sha256 hash calculated on concatenated strings: version || text.
+///     This parameter is required if text and version parameters are omitted.
 /// mechanism - mechanism how user has accepted the TAA
 /// time - UTC timestamp when user has accepted the TAA
 /// cb: Callback that takes command result as parameter.
 
@@ -804,7 +804,9 @@
  @param version (Optional) version of TAA from ledger.
      text and version should be passed together.
      text and version are required if taaDigest parameter is omitted.
- @param taaDigest (Optional) hash on text and version. This parameter is required if text and version parameters are omitted.
+ @param taaDigest (Optional) digest on text and version.
+  Digest is sha256 hash calculated on concatenated strings: version || text.
+  This parameter is required if text and version parameters are omitted.
  @param accMechType mechanism how user has accepted the TAA
  @param timeOfAcceptance UTC timestamp when user has accepted the TAA. Note that the time portion will be discarded to avoid a privacy risk.