View Issue Details

IDProjectCategoryView StatusLast Update
0006365Talermerchant backend API (HTTP specification)public2021-08-24 16:23
ReporterFlorian Dold Assigned Tojonathanbuchanan  
PrioritynormalSeverityfeatureReproducibilityhave not tried
Status closedResolutionfixed 
Product Versiongit (master) 
Target Version0.8Fixed in Version0.8 
Summary0006365: allow "forgettable" fields in contract terms
DescriptionWith some fields in the contract terms, the merchant doesn't really have any good reason to store them long term.
For example, it can be reasonably expected that the merchant deletes the delivery address after the delivery happened.

However, when the delivery address is in the contract terms, deleting this part would change the hash of the contract terms.

Thus, some fields of the contract terms should be "forgettable", in the sense that only the hash counts, and the merchant can delete the plain value after it is not needed anymore.

E-mail citation for a possible generic solution below.


Would make sense to have parts of the contract terms that are
"forgettable". It makes computing the contract terms hash harder
though, so we should agree on some sensible, generic rules where we
don't have to change to much to make more parts forgettable!

I'd propose the following scheme that makes introducing this rather cheap:

  delivery_location: {
    country: "Switzerland",
    city: "Zurich",
    street: "Foostreet",
  _forgettable: ["delivery_location"],


  delivery_location: null,
  _forgotten: {
    delivery_location: <hash of forgotten delivery_location>

have *exactly* the same hash code. At the same time, the
"forgettability" is completely transparent to applications that don't
care about it!
TagsNo tags attached.


Christian Grothoff

2020-07-16 00:53

manager   ~0016463

We need a salt to make brute-forcing forgettable parts impossible. I propose that the salt is included in the forgettable attribute, thus:

  delivery_location: {
    country: "Switzerland",
    city: "Zurich",
    street: "Foostreet",
  _forgettable: { "delivery_location" : "SALTVALUE" } ,

Christian Grothoff

2020-07-16 01:58

manager   ~0016464

Draft implementation done in 90e756dd..e1ad498b, needs testing.

Christian Grothoff

2020-07-16 14:52

manager   ~0016466

Implemented in 5658c4c5..c326a5bd. Needs wallet support and a merchant API.

For the merchant API, I'm thinking of an endpoint
PATCH /private/order/$ORDER_ID/forget
where the uploaded JSON includes an array of paths to fields to forget. Those must have already been forgettable (otherwise 409 conflict). We need paths as we may want to forget some attributed deeply nested inside of an object or array inside of the contract. For the path specification, I think the 'jq' command line tool includes a good design for the syntax.

Christian Grothoff

2020-07-16 14:53

manager   ~0016467

Jonathan: please draft a specification for such an endpoint (docs.git), and then after review by Florian or myself, please implement it. This has a low priority at this point, so feel free to pick it up when it fits your mood.


2020-07-22 21:40

developer   ~0016502

Implemented as of 68978c9..0314d6d.

Issue History

Date Modified Username Field Change
2020-06-04 17:45 Florian Dold New Issue
2020-06-04 17:45 Florian Dold Status new => assigned
2020-06-04 17:45 Florian Dold Assigned To => Marcello Stanisci
2020-07-15 20:44 Christian Grothoff Assigned To Marcello Stanisci => Christian Grothoff
2020-07-16 00:27 Christian Grothoff Severity minor => feature
2020-07-16 00:53 Christian Grothoff Note Added: 0016463
2020-07-16 01:58 Christian Grothoff Note Added: 0016464
2020-07-16 14:52 Christian Grothoff Note Added: 0016466
2020-07-16 14:52 Christian Grothoff Assigned To Christian Grothoff => jonathanbuchanan
2020-07-16 14:53 Christian Grothoff Note Added: 0016467
2020-07-22 21:40 jonathanbuchanan Status assigned => resolved
2020-07-22 21:40 jonathanbuchanan Resolution open => fixed
2020-07-22 21:40 jonathanbuchanan Note Added: 0016502
2020-07-22 22:03 Christian Grothoff Product Version => git (master)
2020-07-22 22:03 Christian Grothoff Fixed in Version => 0.8
2020-07-22 22:03 Christian Grothoff Target Version => 0.8
2021-08-24 16:23 Christian Grothoff Status resolved => closed