Hi @alfert ,
Thanks for asking this question.
First, please note that the OST sidechains are public. All transactions recorded on OST sidechains are on public sidechains that anyone can view and audit. So, it’s not a private chain in any way. You can view the OST sidechains at https://view.ost.com. You can also sync and run OpenST Mosaic (alpha) nodes yourself: https://github.com/OpenST/mosaic-chains
In the current version of OST Platform (for public pilots), transactions will be validated through a Proof of Authority (PoA) consensus mechanism. Under PoA, the network consists of a permissioned set of trusted validators approved by OST to verify transactions. Under PoA, OST approves validators to join the network based on an assessment of how much skin in the game they have to run a secure and trusted network. The OST Platform is starting with PoA, first with OST as the only validator and then expanding to other permissioned validators, to provide for initial platform stability and to kick off the network and the economic incentives needed for validators to participate.
We are planning to decentralize the network in phases. Once the network is well established, we will transition validation to a completely decentralized Proof of Stake consensus mechanism as part of OpenST Mosaic. More details on OpenST mosaic can be found in its whitepaper here: https://github.com/OpenST/mosaic-contracts/blob/develop/docs/mosaicv0.pdf
That’s correct you don’t need API KEY and API Secret in Wallet SDK. Wallet SDK uses a different auth mechanism. Read more about Wallet SDK Authentication here: https://dev.ost.com/platform/docs/sdk/getting_started/authentication/#wallet-sdk-authentication
Using Wallet SDK, you can only fetch information that is related to the user using mobile application. Transaction information has addresses of receiver and sender. You cannot get more details about these addresses as Wallet SDK can’t fetch that information. So, It is recommended that you use Server Side SDK (available in PHP, Ruby, Node.js and JAVA) to get the transaction information.
Read more about transaction API here: https://dev.ost.com/platform/docs/api/#transactions
We removed device_name & device_uuid from the Mobile SDK.
However, for providing better UX, you can choose to capture and store them on YOUR server.
If you do capture them, please make sure that your application’s GDPR complience is not violated.
We shall update the documentation soon. Thanks for pointing it out
quick question in building up the test sdk on this part of the instructions to build build a demo wallet where does this file go
v). Adding SDK configuration file
Create OstWalletSdk.plist file. This file has configuration attributes used by OstWalletSdk. You should copy paste the configuration values from below snippet.
does it go into xcode as a snipet or am i making a plist file to go in a folder somewhere.
im sure its me i just need to be clear
Hi, we've been working on making Brand Token setup minting and distributing as easy possible for OST Platform customers, including ways to make it risk free to get started with minimal investment. This involves both technology and business/financial decisions. We've also been gathering direct input and feedback from OST clients and prospects on various facets Brand Token minting. And, we've been developing token rules and logic to help aid this, to accomplish the needs and desires of real clients.
As @benjaminbollen points out, we'll release specs when ready. And, OST will not be a custodial service.
Yes, you are correct. The passphrasePrefix must only be fetched when needed.
The security guidelines are provided here:
On a side note, all device-manager operations need user authentication.
User is authenticated using biometric OR they can enter the active pin.
As pin is never (and should never be) stored in it's raw form even in the application, we need need passphrasePrefix to regenerate the pin to key to authentication.
In current state, the demo-app is only meant for testing the Sdk.