Litentry Doc

Direct Invocation

Direct Invocation empowers clients to directly request the Enclave Sidechain while ensuring data integrity by posting the results on the Parachain.
The IdentityHub has implemented the first version of Direct Invocation. This update enables users to send requests to the TEE enclave directly and reduces waiting time when accessing the IDHub services. This client<>blockchain request forwarding path change redirects service requests from IDHub now to the blockchain.
Direct Invocation has streamlined the process for features like setting up a shielding key, linking identities, and generating VCs. Users can now directly send service requests to the TEE sidechain, eliminating the need to go through the Litentry Parachain. Despite this change, the results of these actions will continue to be synchronized and logged on the Litentry Parachain, ensuring data integrity and transparency.
Changes in the request workflows:
  • (Formerly) In Indirect Invocation: IDhub <--> parachain <--> TEE sidechain <--> parachain.
  • (Currently) In Direct Invocation: IDhub <--> TEE sidechain <--> parachain.
See below for the detailed request workflows.

Benefits and Tradeoffs

Benefits of this change include:
  • Increased speed in tasks such as setting up a shielding key, linking identities, and VC generation.
  • Removal of dependency on gas fees, enabling free services, and unblocking users from obtaining LIT tokens on a substrate wallet.
  • Maintaining the same level of security: Identity verification, user shielding key synchronization, and VC generation remain secure within the TEE sidechain, while VC issuance transparency remains intact through the Litentry Parachain.
Are there any trade-offs?
  • Temporary removal of LIT charges mechanism from VC generation.
  • Certain transaction logs may become invisible.

Request Workflows

Direct Invocation Request Workflows

Here is how Direct Invocation changed the request workflow. It enables users to directly send requests such as "set shielding key," "link identity," and "request remove identity" to the TEE Enclave.

Indirect Invocation Request Workflow

In the previous workflow of Indirect Invocation, users were required to send a request to the Parachain initially and wait for block generation before it could reach the TEE Enclave.