w3-accounts #12
w3-accounts #12
Conversation
Gozala
requested review from
alanshaw,
hugomrdias,
jchris,
mikeal,
olizilla,
vasco-santos and
yusefnapora
Co-authored-by: Vasco Santos <santos.vasco10@gmail.com>
w3-account.md
Outdated
|
|
||
| ## Account | ||
|
|
||
| User account is a [principal][] identified by [`did:mailto`][] (listed in a UCAN's `iss` or `aud` field). |
There was a problem hiding this comment.
Why have this be did:mailto: and not mailto: ?
The former begs the question of how that did method works, i.e. how to create, read (resolve to did doc), update, and delete dids using that method. The spec for that seems to be a placeholder atm. Understandable, but still I'm struggling to imagine how exactly the read/resolve would work for a did:mailto.
Using just mailto: URIs would sidestep needing to define the did method, and in this spec or ucans, we could define processing rules however we want, all without needing to shoehorn in did semantics.
If we do really want to define/use a did:mailto, how would did resolution work (e.g. here is how did:dns resolution works)
There was a problem hiding this comment.
Why have this be did:mailto: and not mailto: ?
Because principals in UCAN spec are DIDs, if they were arbitrary URIs than using just mailto: URI would have made a lot more sense. Perhaps we can work towards allowing UCANs to use arbitrary URIs in principals, but I would pursue that separately and then update to just mailto: as opposed to getting blocked on that.
If we do really want to define/use a did:mailto, how would did resolution work (e.g. here is how did:dns resolution works)
My plan had been do spec that out here https://github.com/ucan-wg/did-mailto, but I don't have bandwidth for that right now.
There was a problem hiding this comment.
how to create, read (resolve to did doc), update, and delete dids using that method.
In nutshell, resolution schema is you send them an email asking what's their DID document and they respond you back with did:key corresponding to their document
| }], | ||
| exp: null | ||
| sig: "..." | ||
| } |
There was a problem hiding this comment.
Example below illustrates did:dns:web3.storage = did:key:root allowing did:key:zJune to identify as did:dns:web3.storage as long as delegation is valid. This allows did:key:zJune to issue an outer UCAN and sign it with did:key:zJune, however it needs to provide proof of delegation from did:key:root authorizing it do it.
{
iss: "did:dns:web3.storage",
aud: "did:key:someone",
// Delegates some capability to the did:dns:web3.storage resource.
// Capability is not really important, it's just that it CAN delegate capability for `did:dns:web3.storage`
att: [{ can: "inbox/add", with: "did:dns:web3.storage" }],
sig: "..." // <- signed with did:key:zJune because proof above
// 👇 proof that did:key:zJune could issue ucan on behalf of did:dns:web3.storage
prf: [{
iss: "did:dns:web3.storage", // <- Maybe this should be did:key:root here
aud: "did:dns:web3.storage", // <- delegating to did:dns:web3.storage to align principals
// Says that UCAN's issued by `did:dns:web3.storage` may be signed by
// did:key:zJune.
// This basically says that did:key:zJune is a session key which expires in july
att: [{
with: "did:dns:web3.storage",
can: "ucan/sign",
nb: { as: "did:key:zJune" }
}],
exp: july,
sig: "..." // <- Must be signed by the key did:dns:web3.storage resolves to
}],
exp: hour
}There was a problem hiding this comment.
@expede can you please provide feedback on this
There was a problem hiding this comment.
@Gozala wrt send/message, that's new right? I notice that it is of the form verb/noun whereas most of the time our caps name convention is more like noun/verb
There was a problem hiding this comment.
Yeah just ignore this, I was sketching this while speaking to @expede over the call so it's pretty sloppy and out of the context here
There was a problem hiding this comment.
Hey @expede have you had a chance to consider this ? In our call, I believe you said you were ok with general idea, yet wanted to ponder more about actual representation
There was a problem hiding this comment.
Sorry for the post-merge feedback @Gozala !
wrt send/message, that's new right? I notice that it is of the form verb/noun whereas most of the time our caps name convention is more like noun/verb
@gobengo I've been thinking about this in a UCAN "standard library" as msg/send, which cuts across email, text messaging, message passing, etc etc.
iss: "did:dns:web3.storage", // <- Maybe this should be did:key:root here aud: "did:dns:web3.storage",
I continue to find iss == aud deeply strange. I agree with your comment "Maybe this should be did:key:root here".
Rather than granting the ability to sign "as" another DID, I think it's cleaner to make this a "forwarding edge", which follows much more the capabilities worldview. I think that the end result is the same, so it's just naming.
Time 1: carol --[fwd_all]--> dan
Time 2: alice --[can: foo]--> bob --[can: foo]--> carol
Time 3: dan --[can: foo]--> frank
BECAUSE we can substitute a link:
alice --[can: foo]--> bob --[can: foo]--> carol
|
[fwd_all]
|
V
dan --[can: foo]--> frank
End result: Frank can use Alice's foo
This is kind of like "signing as" Carol, but it's only at the level of authority, not identity. Alice saying "you can sign as Bob" is going to get really confusing unless you want to do DID management, which IMO should be at a DID layer. I think you can manage all of this cleanly at the layer of capabilities.
This is a powerful enough feature that has enough uses that I propose that we add this as a first-class feature to UCAN at some stage. In the meantime, I propose that we call this something other than "signing as".
Here's some delegations in this model:
w3s --[fwd_all]--> didJune
w3s --[fwd_all]--> didJuly
w3s --[fwd_all]--> didAug
## Super simple case, nothing unusual ##
w3s --[fwd_all]--> didJune --[w3s's foo]--> alice
## More complex case with new forwarding concept ##
bob --[bob's bar]--> w3s
|
[fwd_all]
|
V
didJune --[bob's bar]--> carol
Here's that last one concretely:
{
iss: "did:key:june",
aud: "did:key:carol",
att: [{ can: "thing/doSomthing", with: "resource://example.com" }],
sig: "...",
prf: [
{
iss: "did:key:zBob",
aud: "did:dns:web3.storage",
att: [{
with: "resource://exmaple.com",
can: "thing/doSomething"
}],
exp: august2022,
sig: "..."
},
{
iss: "did:dns:web3.storage",
aud: "did:key:june",
att: [{
with: "did:dns:web3.storage",
can: "ucan/forward_all" // we can come up with a better label
}],
exp: november2022,
sig: "..."
}
]
}
w3-account.md
Outdated
| ```ts | ||
| { | ||
| iss: "did:key:zAgent", | ||
| aud: "did:dns:web3.storage", |
There was a problem hiding this comment.
I seem to recall somewhere you were deciding between whether to use did:dns or did:web. Where did that land?
One tradeoff that comes to mind is that updates to did:dns may be more eventually consistent (because ttls), whereas did:web might give us more predictability about how fast we can expect updates to propagate.
Another tradeoff though is did:web requires an ssl cert and tcp socket. So that may be more overhead than we want.
So for my edification: Why did you choose did:dns and not did:web?
There was a problem hiding this comment.
General idea is agnostic of choice between did:dns and did:web we could choose one that makes most sense or both. That said I think did:web is probably a going to be a better choice however
|
I think it would be helpful to have something like a sequence diagram explaining how the capabilities specified here would be used together to accomplish a use case. |
Co-authored-by: Benjamin Goering <171782+gobengo@users.noreply.github.com>
|
Refactored document a bit to align spec with user flow. Added a sequence diagram to illustrate the user flow |
@Gozala nice ty. any objection if at some point later I try to rewrite it as a mermaidjs sequence diagram so it's prettier? https://mermaid-js.github.io/mermaid/#/sequenceDiagram
|
I'd be delighted if you do |
| aud: "did:dns:web3.storage", | ||
| att: [{ | ||
| with: "did:key:zAgent", | ||
| can: "ucan/issue", |
There was a problem hiding this comment.
could it be like recovery/authorize-email-resovery? If not rename, am I at least understanding it right?
There was a problem hiding this comment.
It's more like user/login
Wrote a specification for explaining accounts and how they correlate with spaces