RFC: Users #49
Comments
|
How about a model where user has 2 sets of keys:
In this setup we should be able to change passwords, the hard part though is ensuring we can revoke access from the cc @pgte - Is there related research I missed? |
|
@magik6k could you explain a little more what each key would be used for, and how to update passwords? |
|
Ah I think I understand what you're saying - the Account Key is used as the "master", for example it is used to derive an IPNS key that points to an IPFS record containing the other keys. Revoking access should be fairly straightforward if the other keys are stored with associated data indicating whether they are still valid (for example they may have expired or have been revoked) For example let's say a user wants to sign a comment she has written on a Pull Request.
The Account key derives an IPNS key that points to an Account record on IPFS. The Account record contains a list of tuples In the case where a user wants to
The renderer of any signed data (eg a Pull Request comment) must
This system depends on ensuring that the Account key is never compromised. This could be mitigated by having an expiry and renewal mechanism for the Account key. |
|
I'm planning to read through a bunch of these for more ideas: |
|
The peer-star team are working on peer-star-identity which should take care of a lot of the requirements for Users on IGiS. Unique usernames would still be an outstanding issue. Filecoin will likely have naming, or alternatively we could go with local names |
|
With respect to the unique usernames issue, the handshake project is attempting to replace DNS root servers / zone files with a blockchain. The project paper mentions a strategy for mitigating squatting that we could make use of - they reserve the top 100k domains in Alexa for entities that can prove ownership using DNSSec (eg coke.com). We could similarly reserve usernames that existed before a certain date on github / twitter / etc for users who can prove ownership through verifiable claims (attestations). peer-star-identity will provide verifiable claims management for DID |
Users should have
These fields can be stored in an IPFS object referenced by an IPNS key
Ideally keys can be abrogated, username is unique and dynamic
Usernames
Decentralized unique usernames are difficult as described by Zooko's triangle. Could be achieved using
Relatively slow to create and requires spending some resources / money to get a username
Similar to how email addresses work, where a username is attached to a domain eg [email protected]
The domain takes care of ensuring uniqueness, authentication, and password recovery etc
Domain is somewhat centralized
User chooses a username, and if there's a conflict on some page (eg two users with the same username make comments on a PR), UI highlights the difference (eg different avatars or colours) and possibly allows the client to assign her own nickname to that user.
Spoofing can be somewhat mitigated by the UI using unique visual cues (eg auto-generated avatar, append shortened id to username)
Authentication
hash(username || password)=>secret key=> IPNS keyUsername and password are static
No password recovery mechanism or abrogation
username@domain
Authenticate against domain, responds with
secret key=> IPNS keyPrivate key is kept at domain
Username and password can be dynamic
Public key is stored in some publicly accessible place with an associated username (eg keybase.io, github gist, tweet, blockchain)
Username format is eg [email protected] or [email protected]
Private key must be manually transferred between devices
The text was updated successfully, but these errors were encountered: