Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: Propose a new query session protocol to avoid signing every request #175

Closed
2 tasks done
imotai opened this issue Nov 23, 2022 · 3 comments
Closed
2 tasks done

WIP: Propose a new query session protocol to avoid signing every request #175

imotai opened this issue Nov 23, 2022 · 3 comments
Assignees
@jingchen2222
Labels
dip discussion-required ready-to-be-executed

Comments

@imotai
Copy link
Contributor

imotai commented Nov 23, 2022
edited
Loading

Motivations

Each query in db3 needs to be signed with the user's private key. It has a poor user experience and some potential security issues, so I propose a new protocol that the signature is required only when opening the session and closing the session.
new_query_session_protocol

the protocol has the following steps

  1. open a query session with the user's signature
  2. the node checks the validity of the signature and returns a session token
  3. the SDK sends queries to the node with a valid token
  4. when the session reaches its limit of query count, the SDK closes the session with the user's signature

Solution

Security

Alternatives

Additional context

How did the others solve this problem

  • the graph, their use an API token to solve this problem in a centralized way
  • space and time, they are the same with the graph
  • kwil, they have the same problem and they need the user's private key to initialize their SDK

Discussion

Status
@imotai imotai changed the title WIP: Propose a new query session protocol to avoid sigining every request WIP: Propose a new query session protocol to avoid signing every request Nov 23, 2022
@xuman2019
Copy link
Collaborator

In the session architecture pic, is it possible to add a 'wallet' diagram element in a dApp view?

@imotai
Copy link
Contributor Author

imotai commented Nov 24, 2022
edited
Loading

In the session architecture pic, is it possible to add a 'wallet' diagram element in a dApp view?

good suggestion

@jingchen2222 jingchen2222 self-assigned this Nov 26, 2022
@jingchen2222
Copy link
Collaborator

jingchen2222 commented Nov 27, 2022
edited
Loading

CheckList

This was referenced Nov 27, 2022
Merged
Closed
@imotai imotai linked a pull request Nov 28, 2022 that will close this issue
feat: support session token #187
Merged
3 tasks
@imotai imotai removed a link to a pull request Nov 28, 2022
feat: support session token #187
Merged
3 tasks
@imotai imotai closed this as completed Dec 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jingchen2222 jingchen2222

Labels
dip discussion-required ready-to-be-executed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jingchen2222 @imotai @xuman2019