-
Notifications
You must be signed in to change notification settings - Fork 91
Having a generic authorization contract for each key #88
Comments
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Issue Status: 1. Open 2. Started 3. Submitted 4. Done This issue now has a funding of 350.0 DAI (350.0 USD @ $1.0/DAI) attached to it as part of the Ethereum Community Fund via ECF Web 3.0 Infrastructure Fund fund__.__
|
Issue Status: 1. Open 2. Started 3. Submitted 4. Done Work has been started. These users each claimed they can complete the work by 6 months, 4 weeks from now. 1) shine2lay has been approved to start work.
Learn more on the Gitcoin Issue Details page. |
@alexvandesande Here is my implementation plan, would love some feedback on it! Additions:
Rationale: |
@shine2lay you have been approved to start work on this bounty :) @alexvandesande please provide feedback on @shine2lay's action plan at your earliest convenience. Thanks! |
@shine2lay Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!
Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days |
1 similar comment
@shine2lay Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!
Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days |
@alexvandesande Diagrams look awesome! Great way to share info 👍 |
Something that we need to think about, which @mkosowsk raised, is how to handle multiple authorization contracts. If key A needs to call authorization contract A1 and key B calls authorization contract B1, then how does the identity handle when user A and B try to do action C? Does the contract call each authorization contract with both users on it? What if A1 doesn't know anything about user B? What if they are both authorized to do it in A1 but not in B1? We could only allow one authorization contract per identity, but I feel it would be less flexible. Another option would be to make The idea here being that auth contracts act as advisors, it's ultimately the identity's job to decide either to do something or not, so each identity contract could decide how to deal with that. In this case, they could simply ask all auth contracts for all users and if a single auth contract authorizes it, then it proceeds with the action, and lets the other know that the action was performed anyway |
@alexvandesande that is an interesting use case, I agree with your point that it is identity's job to decide on the final verdict. When I thought about implementing this, I was thinking about adding a new field called
Maybe I'll need to rethink how to handle the scenario you mentioned |
@shine2lay Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!
Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days |
1 similar comment
@shine2lay Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!
Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days |
Issue Status: 1. Open 2. Started 3. Submitted 4. Done @shine2lay due to inactivity, we have escalated this issue to Gitcoin's moderation team. Let us know if you believe this has been done in error!
Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days |
1 similar comment
Issue Status: 1. Open 2. Started 3. Submitted 4. Done @shine2lay due to inactivity, we have escalated this issue to Gitcoin's moderation team. Let us know if you believe this has been done in error!
Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days |
Hey @shine2lay, Ryan from Gitcoin here. How is this coming along? I saw your PR, #119, but haven't seen much activity on this thread or the PR in a week or so. |
@ryan-shea I was at DevCon last week, met some folks there and discussed solution for this PR. We are not entirely sure what is the best solution yet. |
@shine2lay Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!
Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days |
1 similar comment
@shine2lay Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!
Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days |
Issue Status: 1. Open 2. Started 3. Submitted 4. Done @shine2lay due to inactivity, we have escalated this issue to Gitcoin's moderation team. Let us know if you believe this has been done in error!
Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days |
1 similar comment
Issue Status: 1. Open 2. Started 3. Submitted 4. Done @shine2lay due to inactivity, we have escalated this issue to Gitcoin's moderation team. Let us know if you believe this has been done in error!
Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days |
Hey @shine2lay any additional updates on this? Snoozing the bot :) |
Hey @shine2lay and @alexvandesande, any news here? Want to check in 😄 |
@ryan-shea no updates, can't progress until marek and i have a chat. |
@shine2lay do you have a rough estimate of how long it would take you if you were to stay on? |
@ceresstation unknown. like i mentioned the main reason is that i am blocked. We are attempting to unblock it but communication has been very slow. |
hey @shine2lay any updates here? |
Currently when you approve a new device to use your app, it is by default a "management key" which means that it has unlimited powers to do anything they want to the contract. The only limits on keys are given by the
purpose
and therequiredApprovals
number set by ERC725 standard. This is insufficient.Consider the case in which you might want to add a phone that is able to add and approve new devices on the contract, but you want to set limits on how many new keys they can add in one day to prevent abuse. Or maybe you want to be able to add access to a very limited scope, maybe a key that can only interact with a single contract. To do that we need to either replace or improve the
key purpose
concept with an "authorization contract" that authorizes a key to do things according to a given set of rules.We want to keep the types of authorization contracts open, so for the purpose of this issue we would simplify with 2 example authorization contracts:
A proposed layout for how this would look for the user would be similar to the authorization screens of android or facebook apps, to be added on the "pendingAuthorization" screen:
The text was updated successfully, but these errors were encountered: