feat(0035): update to include account identification #525
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| --- | ||
| title: ILP Over HTTP | ||
| draft: 3 | ||
| --- | ||
|
|
||
| # ILP Over HTTP | ||
|
|
@@ -32,6 +32,7 @@ Host: example.com | |
| Accept: application/octet-stream | ||
| Content-Type: application/octet-stream | ||
| Authorization: Bearer zxcljvoizuu09wqqpowipoalksdflksjdgxclvkjl0s909asdf | ||
| ILP-Account-Name: alice | ||
|
|
||
| < Body: Binary OER-Encoded ILP Prepare Packet > | ||
| ``` | ||
|
|
@@ -40,7 +41,8 @@ Authorization: Bearer zxcljvoizuu09wqqpowipoalksdflksjdgxclvkjl0s909asdf | |
|
|
||
| - **Path** - A connector MAY specify any HTTP path for their peer to send ILP packets to. | ||
| - **Host Header** - The standard [HTTP Host Header](https://tools.ietf.org/html/rfc2616#section-14.23) indicating the domain of the HTTP server the Request is sent to. | ||
| - **Content-Type / Accept Headers** - MUST be set to `application/octet-stream`.\ | ||
| - **ILP-Account-Name** - An optional header used to identify the account for which the request is being made. | ||
|
There was a problem hiding this comment. Could you expand on what this header is for? I'm wondering about a couple of points:
There was a problem hiding this comment. I think we should either close this PR or else move this header into a section that details (non-normatively) how peers might use extra headers to help with authentication. For example, the current Java implementation of ILP-over-HTTP supports a JWT authentication mode where the entire token can trivially be used in a performant manner without any additional headers. Also, read more about my current opinion here: https://forum.interledger.org/t/connector-auth-model/517/4?u=sappenin There was a problem hiding this comment. Agree. I don't think having this as a normative requirement makes sense. I do think we should have at least one auth scheme that all implementations MUST support and this should be a well defined standard. That manifests as some changes to the "Authentication" section to include some normative requirements. I'll write those up. |
||
| - **Body** - ILP Packet encoded using OER, as specified in [RFC 27: Interledger Protocol V4](./0027-interledger-protocol-4/0027-interledger-protocol-4.md). | ||
|
|
||
| ### Response | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we call this
ILP-Account-Idinstead?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I prefer the id suffix over name. I know @adrianhopebailie was a fan of using
ilp-peer-id. Do we have a consensus onpeervsaccountThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should use
accounthere, but perhaps it's a naming ambiguity thing. Ifpeer==account, then it doesn't matter.However, in my mind,
peer!=accountbecause a peer could have multiple accounts potentially (e.g., imagine you and me are peered with one credential that can operate across currencies/accounts).However, in ILP, I don't think we should introduce that type of peering because it's much simpler to just have accounts. So, I vote for
accountand we can (maybe never) use thepeerterm in the future.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For all the reasons @sappenin lists above I agree that
peer != account.But, in this context I think we are talking about a peer not an account 😄
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you clarify why? I'd like to not introduce peering into ILP if we can help it. In my mind it's actually simpler and more secure to only have accounts, with each account using a different auth credential.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't peering what ILP is all about?
I guess in this context we should be clear about what "type" of account we're talking about.
E.g. If I have an "account" with a an ILSP then I have both a "peer/user account" (identified by my peer id or something) and a "financial account" (which may be identified by some other identifier or just my peer id) which is the record of my balance.
Therefor I think we need to distinguish between my peer id and account id and in the context of sending an ILP packet to a peer I want to identify myself using my peer id and let my peer decide which financial account my packets impact.