[Oracles] Supported Protocols

[shargon]

We can discuss about Oracle HTTP Protocols here:

With protocols we should implement in HTTP?

(Main topic discussion Syscall and ApplicationEngine #1275)
(Initial discussion #1243 (comment))

---

Summarized by Erik:

Supported schema: http, https, neofs
Supported http methods: GET, POST*

*Whether or not to support POST is still controversial.

[shargon]

My opinion.

We should allow GET and POST. Because are the most common used, and also, sometimes the API (like our RPC), required to send a little information by POST.

[erikzhang]

We should support http and neofs. Another protocol we need to consider is https.

For http and https, I think we only need to support GET.

For neofs, we need a URI standard. Please discuss here: #1256

[realloc]

According to W3Tech report more then 56% of websites use https by default, so https support is a must, not an option, even for just getting information from regular web sites.

Because Smart Contracts most probably would interact with dApp backends, there also must be support for at least both POST and GET verbs, because it's part of JSON RPC standard and both POST and GET are used in most REST APIs.

[shargon]

Agree with @realloc

[igormcoelho]

Agree, https should be default, and we will need GET/POST for REST,and standard auth. neofs and http will also be fundamental. @shargon any way we can.enforce name resolution via dnssec? It could be important too, although oracle voting.may also "fix" this (or not).

[shargon]

any way we can.enforce name resolution via dnssec?

I am not sure if dotnet core allow this, but we can try it

[shargon]

In fact, I think that we should only allow HTTPS schema, and not HTTP

Tech benefits:

• More secure

Economic benefits:

• If the certificate pinning is defined in the ABI. If they need to update it, the project will use the GAS for the manifest upgrade.

[erikzhang]

Agree with @shargon . We should allow https only.

[igormcoelho]

Good, I also think that https is much better. Yet, if its self signed certificate, or "untrusted" entity, one should pass the allowed identification for the oracle to know what to expect... would this be passed on tx header as well? It could be good I think.

[erikzhang]

Maybe we need to have a built-in trusted certification authority list? Otherwise, non-determinism may occur.

[lock9]

If we need everyone to share the same rules, I suspect this should be done inside a smart contract, like the network policy smart contract.
Isn't this a basic requirement for id systems?

[belane]

It has been decided to start with the implementation of HTTP-GET.
Once finished, continue with HTTP-POST, HTTP 2.0, ...

I would also like to define the different limits and how are we going to store these values (oracle policy?)

• Connection timeout.
• Download timeout.
• Request max size.
• Response max size.
• Response max size after filtering.

[doubiliu]

@belane Hi,Belane. I think we should add a GRPC protocol. Have you started?Or NGD can help to implement.

[realloc]

For NeoFS Oracle there is no need for generic grpc protocol support. Please see NeoFS protocol bindings, there is C# support. Additionally we are preparing a wrapper library for C# with more http-like abstraction layer,

[Tommo-L]

Look forward to publishing as a Nuget package.

[belane]

@belane Hi,Belane. I think we should add a GRPC protocol. Have you started?Or NGD can help to implement.

gRPC sounds cool @doubiliu. No, I hadn't thought about it, do you think we should prioritize it over others?

[doubiliu]

Can be synchronized, if your time is priority, ngd can help to achieve it

[erikzhang]

I don't think gRPC is our priority, so don't implement it yet.

[shargon]

I think that NeoFs maybe only will require POST for upload the files, is this correct? @realloc

For NeoFS Oracle there is no need for generic grpc protocol support. Please see NeoFS protocol bindings, there is C# support. Additionally we are preparing a wrapper library for C# with more http-like abstraction layer,

I tried to find the protocol bindings without luck, can you share the direct link please?

[realloc]

@shargon, Not exactly. NeoFS can't be used via http gate from within the Smart Contract or Oracle, so http POST would not work. There should be a separate NeoFS Oracle using NeoFS API directly. Semantically it would be very similar to http PUT, but implementation is different.

We plan to release updated C# bindings early next week, but current quarantine measures may slow us down a little.

[erikzhang]

NeoFS can't be used via http gate from within the Smart Contract or Oracle...

Why not?

[realloc]

@erikzhang It would break the decentralized nature of NeoFS integration with Neo. While NeoFS network is decentralized and all nodes speak the same NeoFS API, http gates are separate single instanced applications. They do not form any resilient decentralized network, they just proxy requests.

[erikzhang]

@shargon I think it's okay. We access NeoFS through this form of URI:

neofs://{containerId}/{objectId}

It has nothing to do with http.

[vncoelho]

grpc looks like to be a good idea, https://github.com/NeoResearch/libbft has been created using that.