# Direct Invocation

The IdentityHub has implemented the first version of Direct Invocation. This update enables users to send requests to the TEE enclave directly and reduces waiting time when accessing the IDHub services. This client<>blockchain request forwarding path change redirects service requests from IDHub now to the blockchain.

Direct Invocation has streamlined the process for features like setting up a shielding key, linking identities, and generating VCs. Users can now directly send service requests to the TEE sidechain, eliminating the need to go through the Heima Network. Despite this change, the results of these actions will continue to be synchronized and logged on the Heima Network, ensuring data integrity and transparency.

Changes in the request workflows:

* (Formerly) In Indirect Invocation: IDhub <--> parachain <--> TEE sidechain <--> parachain.
* (Currently) In Direct Invocation: IDhub <--> TEE sidechain <--> parachain.

See below for the detailed request workflows.

### **Benefits and Tradeoffs**

Benefits of this change include:

* Increased speed in tasks such as setting up a shielding key, linking identities, and VC generation.
* Removal of dependency on gas fees, enabling free services, and unblocking users from obtaining HEI tokens on a substrate wallet.
* Maintaining the same level of security: Identity verification, user shielding key synchronization, and VC generation remain secure within the TEE sidechain, while VC issuance transparency remains intact through the Heima Parachain.

Are there any trade-offs?

* Temporary removal of HEI charges mechanism from VC generation.
* Certain transaction logs may become invisible.

### Request Workflows

#### Direct Invocation Request Workflows

Here is how Direct Invocation changed the request workflow. It enables users to directly send requests such as "set shielding key," "link identity," and "request remove identity" to the TEE Enclave.

{% @mermaid/diagram content="sequenceDiagram
box Client (IDHub)
participant Browser
end
box Heima Network
participant Parachain
participant Enclave
end

```
%% Setup / Get Enclave's data
Enclave->>Parachain: Register
```

Enclave->>Parachain: Get Shard and Enclave Shielding Key
Browser->>Parachain: Get Shard and Enclave Shielding Key
activate Parachain
Parachain->>Browser: Return Shard and Enclave Shielding Key
deactivate Parachain

%% Client Request
Browser->>Enclave: Request set User Shielding Key
activate Enclave
Note over Browser,Parachain: Wait for UserShieldingKeySet or Error
Enclave->>Parachain: Emit UserShieldingKeySet or Error
deactivate Enclave
activate Parachain
Parachain->>Browser: Process UserShieldingKeySet or Error
deactivate Parachain
Browser-->>Browser: Display result

```
loop [could be multiple identities]
	Browser->>Enclave: Request Link Identity
	activate Enclave
	Note over Browser,Parachain: Wait for IdentityLinked or Error
  Enclave->>Parachain: Emit IdentityLinked or Error
  deactivate Enclave
  activate Parachain
  Parachain->>Browser: Process IdentityLinked or Error 
  deactivate Parachain
  Browser-->>Browser: Display result
end

loop [could remove multiple identities]
	Browser->>Enclave: Request Remove Identity
	activate Enclave
	Note over Browser,Parachain: Wait for IdentityRemoved or Error
  Enclave->>Parachain: Emit IdentityRemoved or Error
  deactivate Enclave
  activate Parachain
  Parachain->>Browser: Process IdentityRemoved or Error 
  deactivate Parachain
  Browser-->>Browser: Display result
end" %}
```

### Indirect Invocation Request Workflow

In the previous workflow of Indirect Invocation, users were required to send a request to the Parachain initially and wait for block generation before it could reach the TEE Enclave.

{% @mermaid/diagram content="sequenceDiagram
box Client (IDHub)
participant Browser
end
box Heima Network
participant Parachain
participant Enclave
end

```
%% Setup / Get Enclave's data
Enclave->>Parachain: Register
```

Enclave->>Parachain: Get Shard and Enclave Shielding Key
Browser->>Parachain: Get Shard and Enclave Shielding Key
activate Parachain
Parachain->>Browser: Return Shard and Enclave Shielding Key
deactivate Parachain

%% Client Request
Browser->>Parachain: Request set User Shielding Key
Note over Browser,Parachain: Wait for UserShieldingKeySet or Error
activate Parachain
Parachain-->>Enclave: Emit UserShieldingKeyRequested
activate Enclave
Note over Enclave,Parachain: Enclave: Process Parachain blocks
Enclave->>Parachain: Emit UserShieldingKeySet or Error
deactivate Enclave
Parachain->>Browser: Process UserShieldingKeySet or Error
deactivate Parachain
Browser-->>Browser: Display result

```
loop [could be multiple identities]
	Browser->>Parachain: Request Link Identity
  Note over Browser,Parachain: Wait for IdentityLinked or Error
	activate Parachain
	Parachain-->>Enclave: Emit LinkIdentityRequested
  activate Enclave
  Note over Enclave,Parachain: Enclave: Process Parachain blocks
  Enclave->>Parachain: Emit IdentityLinked or Error
  deactivate Enclave
  Parachain->>Browser: Process IdentityLinked or Error 
  deactivate Parachain
  Browser-->>Browser: Display result
end

loop [could remove multiple identities]
	Browser->>Parachain: Request Remove Identity
  Note over Browser,Parachain: Wait for IdentityRemoved or Error
	activate Parachain
	Parachain-->>Enclave: Emit RemoveIdentityRequested
  activate Enclave
  Note over Enclave,Parachain: Enclave: Process Parachain blocks
  Enclave->>Parachain: Emit IdentityRemoved or Error
  deactivate Enclave
  Parachain->>Browser: Process IdentityRemoved or Error 
  deactivate Parachain
  Browser-->>Browser: Display result
end" %}
```