feat: draft did:dns and did:web spec #7
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
expede
reviewed
Nov 21, 2022
Comment on lines
+127
to
+143
| ## Pipelining dellegations | ||
|
|
||
| [UCAN][] specification does not offer a way for two delegation chains to be pipelined into one. In our described scenario we have two delegation chains: | ||
|
|
||
| 1. `did:key:zAlice -> did:dns:w3.storage` | ||
| 2. `did:dns:w3.storage -> did:key:zService -> did:key:zRotation` | ||
|
|
||
| From which we would like to construct a delegation of the capability delegated in (1) issued by the the (rightmost) audience in (2). | ||
|
|
||
| ``` | ||
| did:key:zAlice -> did:dns:w3.storage -> did:key:zService -> did:key:zRotation -> did:key:zAli | ||
| ``` | ||
|
|
||
| To accomplish this we propose that: | ||
|
|
||
| - To issue delegation from `did:key:zRotation` with a valid proof chain (2) proving that `did:key:zRotation` has been delegated all capabilities from `did:dns:w3.storage`. | ||
| - Embed proof chain (1) in `fct` as a verifable evidence that `did:dns:w3.storage` has been delegated capabilities for `did:key:zAlice`. |
There was a problem hiding this comment.
Interesting idea 💡 Certainly not against this in principle.
This may open up some new avenues for a confused deputy because it relies on any possible UCAN that you learn about in the rest of the network. Arguably this similar to using the ambient authority at the root of a delegation chain, but involves anyone that delegates to the forwarding principal even if they're offline. Aside from phishing, I'll have to think more on specific attacks.
There was a problem hiding this comment.
Please note that it is implied that:
- Every delegation is still checked for revocation.
did:dns:w3.storageresolution still occurs and if it resolves to different key validation will fail.
It is true that you can incorporate any of the delegation you can find on the network, but unless principal it was delegated to redelegated to you it's not possible to utilize it.
There was a problem hiding this comment.
I think the more that I think about it, the more comfortable I am with it 👍
expede
reviewed
Nov 21, 2022
| can: "*" | ||
| } | ||
| ] | ||
| }, |
There was a problem hiding this comment.
If we decide to support pipelining, I wonder if we can put this in the prf field and just support this directly?
There was a problem hiding this comment.
(Since this is "evidence", which is another name for a proof!)
There was a problem hiding this comment.
I think we could, in fact I proposed that as option (2) in ucan-wg/spec#130. I mostly avoided here as it would directly violate principal alignment requirement
expede
reviewed
Nov 21, 2022
expede
reviewed
Nov 21, 2022
Closed
hugomrdias
suggested changes
Nov 30, 2022
|
|
||
| > There are other ways Alice could arrange delegation from `did:key:zAlice` to `did:key:zAli` with different tradeoffs. Evaluating them would be a good idea for a system designer, here we defining solution when no other option offers desired tradeoffs. --> | ||
|
|
||
| To address described limitation we propose use of [`did:dns`] or [`did:web`] principals so that delegation from `did:key:zAlice` no loner is tied to a specific key. This would get us step further, but still we run into a problem, after key rotation delegation to `did:key:zAli` is no longer valid as the key that signed it is no longer the one did document resolves to. |
There was a problem hiding this comment.
Suggested change
| To address described limitation we propose use of [`did:dns`] or [`did:web`] principals so that delegation from `did:key:zAlice` no loner is tied to a specific key. This would get us step further, but still we run into a problem, after key rotation delegation to `did:key:zAli` is no longer valid as the key that signed it is no longer the one did document resolves to. | |
| To address described limitation we propose use of [`did:dns`] or [`did:web`] principals so that delegation from `did:key:zAlice` no longer is tied to a specific key. This would get us step further, but still we run into a problem where after a key rotation, the delegation to `did:key:zAlice` is no longer valid as the key that signed it is no longer the one the did document resolves to. |
|
|
||
| To address described limitation we propose use of [`did:dns`] or [`did:web`] principals so that delegation from `did:key:zAlice` no loner is tied to a specific key. This would get us step further, but still we run into a problem, after key rotation delegation to `did:key:zAli` is no longer valid as the key that signed it is no longer the one did document resolves to. | ||
|
|
||
| This specification describes solution to the second order problem by requiring that [`did:key`] that [`did:dns`] and [`did:web`] resolve to MUST assume an ambient authority over (pre-resolution) DID, which it MAY delegate to other principals through standard UCAN delegation. |
There was a problem hiding this comment.
Suggested change
| This specification describes solution to the second order problem by requiring that [`did:key`] that [`did:dns`] and [`did:web`] resolve to MUST assume an ambient authority over (pre-resolution) DID, which it MAY delegate to other principals through standard UCAN delegation. | |
| This specification describes a solution to the second order problem by requiring that the [`did:key`] that[`did:dns`] and [`did:web`] resolve to MUST assume an ambient authority over (pre-resolution) DID, which it MAY delegate to other principals through standard UCAN delegation. |
|
|
||
| This specification describes solution to the second order problem by requiring that [`did:key`] that [`did:dns`] and [`did:web`] resolve to MUST assume an ambient authority over (pre-resolution) DID, which it MAY delegate to other principals through standard UCAN delegation. | ||
|
|
||
| > Expample below illustrates `did:dns:w3.storage` delegating own resource to `did:key:zService`, which in turn redelegates it to `did:key:zRotation`. |
There was a problem hiding this comment.
Suggested change
| > Expample below illustrates `did:dns:w3.storage` delegating own resource to `did:key:zService`, which in turn redelegates it to `did:key:zRotation`. | |
| > Example below illustrates `did:dns:w3.storage` delegating own resource to `did:key:zService`, which in turn redelegates it to `did:key:zRotation`. |
|
|
||
| > Expample below illustrates `did:dns:w3.storage` delegating own resource to `did:key:zService`, which in turn redelegates it to `did:key:zRotation`. | ||
| > | ||
| > This setup allows primary key (one that DID document resolves to) to be kept very safe e.g. on a piece of paper in safe deposit box, is it is only needed to delegate capabilities to `did:key:zService`. That key also is only used for rating keys and therefor can be stored securily e.g. in hardware key. |
There was a problem hiding this comment.
Suggested change
| > This setup allows primary key (one that DID document resolves to) to be kept very safe e.g. on a piece of paper in safe deposit box, is it is only needed to delegate capabilities to `did:key:zService`. That key also is only used for rating keys and therefor can be stored securily e.g. in hardware key. | |
| > This setup allows primary key (one that DID document resolves to) to be kept very safe e.g. on a piece of paper in safe deposit box, as it is only needed to delegate capabilities to `did:key:zService`. That key also is only used to rotate keys and therefor can be stored securely e.g. in hardware key. |
|
|
||
| Above delegations MAY be embedded inside a relevant UCAN tokens, so that key in rotation at the moment of delegation MAY assume full authority over corresponding [`did:dns`][] or [`did:web`][] resource. | ||
|
|
||
| > Example below illustrates `did:key:zRotation` delegating `did:key:zAli` capabilities derived from `did:dns:w3.storage` through `did:key:zService`. It embeds adove described delegation chain inside fact to provide a verifiable evidence that it can redelegate capbilities on `did:dns:w3.storage` bahalf |
There was a problem hiding this comment.
Suggested change
| > Example below illustrates `did:key:zRotation` delegating `did:key:zAli` capabilities derived from `did:dns:w3.storage` through `did:key:zService`. It embeds adove described delegation chain inside fact to provide a verifiable evidence that it can redelegate capbilities on `did:dns:w3.storage` bahalf | |
| > Example below illustrates `did:key:zRotation` delegating `did:key:zAli` capabilities derived from `did:dns:w3.storage` through `did:key:zService`. It embeds above described delegation chain inside facts to provide a verifiable evidence that it can redelegate capabilities on `did:dns:w3.storage` behalf |
|
|
||
| [UCAN][] specification does not describe an ability to delegate authority over the resources delegating prinipcal MAY hold in the future. This makes it impossible for `did:dns:w3.storage` key to delegate capability that `did:key:zAlice` will delegate to it in the future. | ||
|
|
||
| To overcome this limitation here we propose delegation with `att: []` and `exp: null` to be treated as delegation of complete authority: |
There was a problem hiding this comment.
this would need to be added to the ucan spec, right?
|
|
||
| ## Pipelining dellegations | ||
|
|
||
| [UCAN][] specification does not offer a way for two delegation chains to be pipelined into one. In our described scenario we have two delegation chains: |
There was a problem hiding this comment.
Suggested change
| [UCAN][] specification does not offer a way for two delegation chains to be pipelined into one. In our described scenario we have two delegation chains: | |
| [UCAN][] specification does not offer a way for two delegation chains to be pipelined into one. In our described scenario we have two delegation chains: |
| 1. `did:key:zAlice -> did:dns:w3.storage` | ||
| 2. `did:dns:w3.storage -> did:key:zService -> did:key:zRotation` | ||
|
|
||
| From which we would like to construct a delegation of the capability delegated in (1) issued by the the (rightmost) audience in (2). |
There was a problem hiding this comment.
Suggested change
| From which we would like to construct a delegation of the capability delegated in (1) issued by the the (rightmost) audience in (2). | |
| From which we would like to construct a delegation of the capability delegated in (1) issued by the (rightmost) audience in (2). |
| To accomplish this we propose that: | ||
|
|
||
| - To issue delegation from `did:key:zRotation` with a valid proof chain (2) proving that `did:key:zRotation` has been delegated all capabilities from `did:dns:w3.storage`. | ||
| - Embed proof chain (1) in `fct` as a verifable evidence that `did:dns:w3.storage` has been delegated capabilities for `did:key:zAlice`. |
There was a problem hiding this comment.
Suggested change
| - Embed proof chain (1) in `fct` as a verifable evidence that `did:dns:w3.storage` has been delegated capabilities for `did:key:zAlice`. | |
| - Embed proof chain (1) in `fct` as a verifiable evidence that `did:dns:w3.storage` has been delegated capabilities for `did:key:zAlice`. |
| It can also be interpreted as `did:dns:w3.storage` stating to be "also known as" | ||
| `did:key:zService` allowing it to delegate whatever `did:dns:w3.storage` CAN. | ||
|
|
||
| ## Pipelining dellegations |
There was a problem hiding this comment.
Suggested change
| ## Pipelining dellegations | |
| ## Pipelining delegations |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.