Problem description
When a need arises to revoke/invalidate previously generated VCs/VPs as per #611 Guardian will invalidate the corresponding Policy execution path which follows the invalid step. This can ultimately result in invalidating tokens, and potentially require replacing them with newly minted (correct) tokens, following the policy section re-run with corrected data/VCs/VPs.
This ticket captures the requirements for the latter 'token recall' stage of this process.
Requirements
Summary of the flow
When a particular step Guardian would issue a revocation message for the MRV VC doc in the corresponding topic as the first step, which would invalidate the corresponding section of the trustchain, including the issued tokens.
The tokens are then put into the ‘invalid’ pool in the smart contract that manages them (based on the serial numbers), which limits the scope of the operations that can be performed on them - e.g. ownership transfer is prohibited. The corrected MRV will then be re-submitted (manually if needed) and the corresponding artefacts defined in the Policy workflow re-executed, and the tokens re-issued.
The tokens are NFTs, and can be owned by different entities who might have bought it on the open market so any operations on them needs these entities approval. Therefore the original issuer would produce a ‘recall’ message for invalid tokens, and create a swap contract. The owners of the invalid tokens would then convert them into valid ones using this 'swap' facility.
Details
The flow of events for the recall is as follows:
- ‘recall’ message issued, ‘recalled’ tokens are listed in the ‘error’ pool (the list of serial numbers - they are NFTs so uniquely identifiable)
- new corrected tokens get issued
- ‘swap’ contract is established by the original issuer of the tokens
- owners of ‘recalled’ tokens use the contract to swap theirs for the correct one
- ‘error’ NFTs are burned (or kept in the error pool indefinitely) by the original issuer
The original issuer finances all operations required for the recall (since it was their mistake in the first place). When the current owners of the tokens need to execute a swap action the original issuer finances the operation (through a mechanism similar to the ‘gas station’ concept from Eth)
Definition of done
Full token lifecycle management mechanism exists and is driven by Guardian policies.
Acceptance criteria
Policy authors can define in the policy the required recall flow, which is actualised by the Guardian
Problem description
When a need arises to revoke/invalidate previously generated VCs/VPs as per #611 Guardian will invalidate the corresponding Policy execution path which follows the invalid step. This can ultimately result in invalidating tokens, and potentially require replacing them with newly minted (correct) tokens, following the policy section re-run with corrected data/VCs/VPs.
This ticket captures the requirements for the latter 'token recall' stage of this process.
Requirements
Summary of the flow
When a particular step Guardian would issue a revocation message for the MRV VC doc in the corresponding topic as the first step, which would invalidate the corresponding section of the trustchain, including the issued tokens.
The tokens are then put into the ‘invalid’ pool in the smart contract that manages them (based on the serial numbers), which limits the scope of the operations that can be performed on them - e.g. ownership transfer is prohibited. The corrected MRV will then be re-submitted (manually if needed) and the corresponding artefacts defined in the Policy workflow re-executed, and the tokens re-issued.
The tokens are NFTs, and can be owned by different entities who might have bought it on the open market so any operations on them needs these entities approval. Therefore the original issuer would produce a ‘recall’ message for invalid tokens, and create a swap contract. The owners of the invalid tokens would then convert them into valid ones using this 'swap' facility.
Details
The flow of events for the recall is as follows:
The original issuer finances all operations required for the recall (since it was their mistake in the first place). When the current owners of the tokens need to execute a swap action the original issuer finances the operation (through a mechanism similar to the ‘gas station’ concept from Eth)
Definition of done
Full token lifecycle management mechanism exists and is driven by Guardian policies.
Acceptance criteria
Policy authors can define in the policy the required recall flow, which is actualised by the Guardian