Capabilities-based identity updates #31
Comments
orthecreedence
added
discussion
|
Started working on this, it's a bit crazy. Basically, the entire architecture needs to change. It's all good things, though. I originally had signatures as transaction IDs. Now, it will be the sha512 hash of the body as the transaction ID, and there can be any number of signatures on a transaction. This won't change a lot of the DAG code, but will change the transactions themselves and how they are created/saved. There's now a three-step process to saving a transactions (used to be one):
This can obviously be automated by the interface to a large extent if we have some concept of a "default" key (or maybe we use the least privileged one that can still perform the action). However, it opens the door to things like multisig, which are more and more becoming important to the project (managing group identities/transactions is a big one, which requires multisig). Just kind of starting to scratch the surface of this. First things first, going to rework the recovery system to be a generalized policy system (should be easy) then have to convert the DAG to use the new create-return-save. Should actually simplify the DAG because it no longer needs to handle signing transactions...that happens somewhere else. Wish me luck... |
|
Another note: in places we were signing/verifying before (claim, stamp, publish) we now relegate this to the transaction system. All timestamping and signing happens in the transaction itself. This means for things like claims/stamps, we are passing the entire transaction around instead of specific signed containers. This actually simplifies things quite a bit because all signing/verification happens in one place. It also does something else interesting: since making/revoking stamps are now just transactions, they can be saved to the DAG and this acts as a publishing mechanism...instead of stamps floating around in the ether and requiring some sort of external syncing, they can now be published to the public identity of the stamper which allows for very quick verifications of stamps. Note that it's not necessary to save a stamp/revocation to your identity, but if you wanted others to be able to easily verify it it would be worth it. This will close #20 once merged. |
Transaction IDs are onw a sha512 of the entry and allow multiple sigs. Policies are used for all tranactions (unimplemented, but the structure is there). Names for keys are no longer unique...keys are handled by id, and SecretKeys now have ids (their hmac). all private containers are PrivateWithHmac now, meaning their content can be verified AND their HMAC can be included in transactions. adding names to claims (again, not unique). this allows them to take the place of forward. removed forwards. they are incredibly stupid, because they duplicate claims in almost every way (except forwards had names, claims did not, which i fixed). now you can have a "Mastodon" claim that points to your mastodon account etc. restructing many container types, but mainly claims/stamps: ClaimContainer no longer exists, and claims/stamps no longer have signed content. instead, all signing and verification is done at the transaction level. this means a signed stamp is really just a normal transaction (which can be included both in the stamper or stampee's identity). similarly, publishing is no longer a separate process, but rather a new transaction type (that cannot be saved to the identity) which allows publishing to also be multisig. there's a ton of supporting shit for all the above, but that's the main stuff. a large amount of tests are broken, but the system compiles, and its time to check things in before i go off on another whim and rewire a bunch of stuff.
|
I'm happy to announce this has been merged into master. Glorious. |
It occurred to me that having having root/publish/policy keys is somewhat rigid. Instead what makes more sense is to do away with this model, and instead use the concept of a set of management keys (distinct from subkeys, which are really more for storage) and capabilities. When an identity is first created, the capabilities would still map to exactly what they are now, however they could be updated in more interesting ways, such as allowing external keys to update various parts of the identity. This would allow an identity to be cryptographically managed by many people, allowing organizations to self-manage identities without owner-gatekeepers.
So instead of a set of purpose-made keys, we would instead have the alpha key and any number of subkeys that can each have various capabilities (or none).
For now, I'm thinking of adding a capability for just about any transaction type with some obvious exceptions (
CreateIdentity,SetRoot/Policy/Publish,ExecuteRecovery, etc would not exist).Care needs to be taken to allow per-resource ownership/management. Maybe a key can only
EditSubkeyon a subkey that it created (not someone else's). So a key could have the capabilityDeleteSubkey(can delete any subkey) orDeleteSubkeyOwned(can only delete a subkey created by that key).What would be really interesting is allowing policy-based capabilities: ie, "this change is valid ONLY if signed by two of these three keys" ie any combination that can be expressed as hat is now a recovery policy (but would likely be renamed to be more general, like "signature policy").
This would also require transactions to be able to have multiple signatures. Effectively all transactions would be modeled like a recovery policy execution. It would also entirely replace the need for the recovery system because one could create a policy that allows the reset of the management keys (which is effectively what the recovery policy is).
One final thing that's swimming in my head: it would be amazing if the policies could be identity-based such that a signature from any management key in that identity is valid. That way, you could say "require a signature from two of these three identities" as opposed to "require a signature from two of these three specific identity/key pairs." The former is essentially what we want: an identity-based signature (without relying on the alpha key presence). The latter is extremely rigid. This would require each signature shipping some kind of proof that it's indeed a subkey of the alpha key, and this entire proof would need to be recorded into the transaction so it could be verified locally. I'm not sure if there's a way to condense this, but it might get unwieldy vewy quickwy if we have to ship the entire DAG for each signature).
What's left
This change is well underway. Making huge advances. Here's what needs to happen to finish the implementation:
-k/--sign-with) and applied automatically (mimics the old stamp UX). This change is mostly backwards compatible.stampandclaimfunctions work. Stamps made by the stamper are now able to be saved ot the stamper's identity and are publicly accessible, so thestampcommand should list the stamper's public stamps. That said, the stamps on claims need to be able to be listed as well, however these can be listed as a subcommand ofclaim, likestamp claim stamps <claim_id>.stamp liststamp revokestamp acceptclaim stamp listclaim stamp viewclaim stamp deletestamp stage signif the transaction satisfies a policy.Add interfaces for managing policiesMoved to Allow managing policies in CLI #36Need to sync staged transactions in private syncing. This allows a group of pepole managing an identity to all get staged transactions ready for signature.Sync metadata in private sync #37The text was updated successfully, but these errors were encountered: