Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hardware Authenticators not compatible with KvStore #42

Closed
fmorency opened this issue Mar 28, 2023 · 2 comments · Fixed by #75
Closed

Hardware Authenticators not compatible with KvStore #42

fmorency opened this issue Mar 28, 2023 · 2 comments · Fixed by #75
Assignees
@stanleyjones
Labels
bug Something isn't working

Comments

@fmorency
Copy link
Contributor

One can create/import a hardware authenticator MANY identity when using a kvstore backend. The application should not display the option to the user as the kvstore backend does not currently support hardware authenticator.

2023-03-28_14-04
2023-03-28_14-06
@fmorency fmorency added the bug Something isn't working label Mar 28, 2023
@stanleyjones
Copy link
Contributor

@fmorency Question on implementation here...

Technically, we don't need to communicate with the idStore once the identity has been created and/or retrieved. Should we:

  1. Disable the "Hardware Authenticator" creation/import option if the selected neighborhood doesn't support idStore but still allow the user to use a previously created/imported identity on a non-idStore neighborhood.
  2. Fall back to a neighborhood that does support idStore if the selected neighborhood doesn't (i.e. create/import the ID on the Manifest Ledger unless otherwise specified).
  3. Disable Hardware Authenticator based identities completely (i.e. require the user to select a different identity) if the selected neighborhood doesn't support idStore.

Those are in rough order of my preference.

@fmorency
Copy link
Contributor Author

@stanleyjones

I prefer 3. as the less risky approach until we can manage HSM through a 3rd party such as Web3Auth.

  1. I think it can be confusing for users and might result in unwanted operations. The user experience is of utmost importance here.
  2. I don't like the idea of server X, e.g., kvstore, depending on a non-specific server Y, e.g., leger, for identities.
  3. This is the way.

@stanleyjones stanleyjones mentioned this issue Sep 14, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stanleyjones stanleyjones

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Disable Hardware Authenticator identities for unsupported Neighborhoods stanleyjones/gwen
2 participants
@stanleyjones @fmorency