Skip to content

Implement Core Credential Management System with Enhanced Security and Scalability#1

Open
opuelatei wants to merge 10 commits into
mainfrom
feat/implement-contract
Open

Implement Core Credential Management System with Enhanced Security and Scalability#1
opuelatei wants to merge 10 commits into
mainfrom
feat/implement-contract

Conversation

@opuelatei

Copy link
Copy Markdown
Owner

Description:
This PR introduces the foundational components for CredentialChain, a decentralized academic credential registry leveraging Stacks and Bitcoin. It delivers a complete system for institutions to issue, validate, and transfer credentials with enterprise-grade security and auditability.

Key Features Added:
Core Data Structures

  • credentials: Tamper-proof academic records with expiry/revocation controls
  • endorsements: Weighted multi-party validation system
  • institution-delegates: Time-bound delegated authority management
  • transfer-requests: Secure ownership transfer pipeline

Institutional Operations

  • STX-staked registration (register-institution)
  • Batch credential issuance (batch-issue-credentials)
  • Delegated authority management (add-delegate)

Verification Framework

  • Endorsements with reputation impact (endorse-credential-extended)
  • Real-time validity checks (is-credential-valid)
  • Comprehensive query functions (get-credential-info, get-endorsement-info)

Security Enhancements

  • 12 input validation functions covering:
    • Principal addresses
    • Credential metadata
    • Expiry timelines
    • Permission sets
  • Bitcoin-anchored transaction finality
  • STX-based economic security (1M uSTX minimum stake)

Code Improvements:

  • Modular validation helpers (validate-year, validate-url)
  • Batch processing with size limits (max 50 credentials/tx)
  • Error code standardization (20+ specific error conditions)
  • Gas-optimized map operations

Documentation:
📘 Full README covering:

  • Architecture overview
  • Data schema definitions
  • Error code reference
  • Security audit status
  • Mainnet deployment roadmap

This commit introduces new data maps to the CredentialChain smart contract for managing credentials, endorsements, institution delegates, and transfer requests. These maps enable the following functionalities:

- `credentials`: Tracks academic credentials issued by institutions, including metadata, verification status, and expiry details.
- `endorsements`: Records endorsements for credentials, including timestamp, weight, and comments.
- `institution-delegates`: Manages delegated authorities for institutions with permissions and expiry dates.
- `transfer-requests`: Handles credential transfer requests between owners with status and expiry tracking.

These additions are essential for implementing a robust and decentralized academic credential registry. They provide the foundation for secure credential issuance, validation, and transfer mechanisms, ensuring scalability and compliance with the system's design goals.
This commit introduces two new data maps to the CredentialChain smart contract:

- `institution-delegates`: Enables institutions to delegate authority to other principals with specific permissions and expiry dates.
- `transfer-requests`: Facilitates the management of credential transfer requests, including tracking the status, request time, expiry time, and transfer type.

Additionally, the `register-institution` function has been implemented to allow institutions to register on the platform by staking a minimum amount of tokens. This function ensures that only unregistered and active institutions can register.

These changes enhance the contract's functionality by supporting delegated operations and secure credential transfer mechanisms, aligning with the system's goal of decentralized academic credential management.
This commit introduces two key public functions to the CredentialChain smart contract:

- `add-delegate`: Allows institutions to delegate authority to other principals by specifying permissions and an expiry date. This enhances operational flexibility for institutions.
- `issue-credential`: Enables institutions to issue academic credentials to students. The function validates the institution's active status and ensures credentials are properly recorded with metadata, verification status, and expiry details.

These additions are critical for supporting decentralized credential issuance and delegated operations, aligning with the contract's goal of secure and scalable academic credential management.
… functions

This commit introduces two new public functions to enhance the CredentialChain smart contract:

- `batch-issue-credentials`: Allows institutions to issue multiple credentials in a single transaction. It validates the batch size and ensures the issuing institution is authorized, improving efficiency for large-scale credential issuance.
- `endorse-credential-extended`: Enables endorsers to validate credentials with additional metadata such as weight, comments, and endorser type. It updates the credential's endorsement count and the endorser's reputation score.

These features streamline credential issuance and endorsement processes, supporting scalability and multi-stakeholder validation in the decentralized academic credential registry.
This commit introduces the following functionalities to the CredentialChain smart contract:

- `request-credential-transfer`: Allows the current owner of a credential to request its transfer to a new owner. The function records the transfer request with details such as the credential ID, new owner, transfer type, and expiry time. It ensures the credential is not revoked before proceeding.
- `is-institution`: A helper function to verify if a given principal is an active institution.
- `process-credential-issuance`: A helper function to streamline the issuance of credentials by setting their metadata and status.

These additions enhance the contract's ability to manage credential transfers securely and efficiently while supporting modular and reusable code for credential issuance.
This commit introduces several read-only functions to the CredentialChain smart contract, enabling efficient data retrieval without modifying the blockchain state:

- `get-institution-info`: Retrieves information about a registered institution.
- `get-credential-info`: Fetches details of a specific credential by its ID and associated student.
- `get-endorsement-info`: Retrieves endorsement details for a specific credential and endorser.
- `get-delegate-info`: Fetches delegate information for a given institution and delegate.
- `is-credential-valid`: Checks if a credential is valid by verifying its status, expiry date, and verification flag.

These functions improve the contract's usability by providing essential data access for external systems and users while maintaining blockchain integrity.
…checks

This commit improves the credential management system by introducing the following enhancements:

- Added `validation-level` to the `credentials` map to track the level of validation for each credential.
- Implemented expiry checks in relevant functions to ensure credentials are only processed if they are valid and not expired.
- Updated the `is-credential-valid` read-only function to include validation for the `verified` flag, expiry date, and revocation status.

These changes strengthen the integrity of the credential management system by ensuring only valid and up-to-date credentials are processed or queried.
…al management

This commit introduces robust input validation functions to ensure data integrity and security across the CredentialChain smart contract:

- `validate-non-empty-string`: Ensures input strings are not empty.
- `validate-url`: Validates URLs for proper formatting and non-emptiness.
- `validate-year`: Checks that the year is within a reasonable range.
- `validate-expiry`: Confirms that expiry dates are in the future.
- `validate-credential-id`: Validates credential IDs for proper formatting and non-emptiness.
- `validate-permissions`: Ensures permissions lists are non-empty and valid.
- `validate-endorsement-weight`: Confirms endorsement weights are within the allowed range.

These validation functions enhance the reliability of the contract by preventing invalid or malicious data from being processed.
…dential management

This commit enhances the input validation system by introducing the following checks:

- `validate-principal`: Ensures that a principal address is not the same as the transaction sender, preventing self-delegation.
- `validate-student`: Confirms that a student address is not the same as the issuing institution, ensuring proper credential issuance.
- `validate-comment`: Validates comment text by enforcing a maximum length of 200 characters while allowing empty comments.

These validations improve the robustness of the credential management system by ensuring proper data integrity and preventing invalid or unintended inputs.
… core functions, and security details

This commit introduces a detailed README for the CredentialChain project, covering the following sections:

- **Overview**: Describes the purpose and functionality of CredentialChain.
- **Key Features**: Highlights institutional management, credential operations, verification systems, and transfer mechanisms.
- **Smart Contract Details**: Provides data structure definitions and core function descriptions.
- **Error Codes**: Lists error constants with their descriptions for better debugging and understanding.
- **Security Features**: Outlines the security measures implemented in the system.
- **Workflow Examples**: Demonstrates common use cases, such as institutional onboarding and credential lifecycle management.

This README serves as a comprehensive guide for developers and stakeholders, ensuring clarity and ease of use for the CredentialChain system.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant