Comments (6)
Need to consider how to connect in a server (or mobile) environment v connect in a web environment.
- Server environment will require access to a blockchain private key that is used to authenticate with Ceramic.
- Web environment will use 3ID-connect.
Both separate process will result in the creation of a DID object that can be used to sign and encrypt data via a 3ID.
Proposed architecture
packages/connect-web
: Uses 3ID Connect to authenticate a user and generate aDID
instancepackages/connect-node
: UsesEthereumAuthProvider
from Ceramic to wrap a private key and blockchain network. This is injected into a@3id/manager
instance that can produce aDID
instance.packages/datastore
: Accepts a DID instance and replicates the existing datastore capabilities
However, the above fails to work in a web environment if we are wanting a user to authorize access to a specific application context. Under the above model, the web environment has granted full access to the current website to the 3ID, rather than delegating access to an application context that has limited access (ie: can't write to the user's profile).
I have asked the Ceramic team on Discord about this application context issue.
Can hopefully build into connect-web
and connect-node
the application specific authorization.
from verida-js.
I have asked the Ceramic team on Discord about this application context issue.
From Ceramic discord:
The plan right now for IDX "spaces" i.e. encrypted definitions/records can be found here: https://github.com/ceramicnetwork/CIP/blob/main/CIPs/CIP-11/CIP-11.md#idx-keychain-definition
A read of this indicates any support will require changes to Ethereum libraries, while the current 3id-connect
library doesn't support paths (3id-did-provider
does, in theory).
I don't feel we can rely on ceramic / IDX for this capability at this stage, so will need to roll out own.
Security: At the moment web applications using 3ID's gain full access to sign and encrypt using that 3ID, providing no ability to restrict access between different web applications.
We can solve this by enforcing our single sign on to only work via a mobile application, but that's not ideal long term.
from verida-js.
From the proposed architecture above:
packages/connect-web
: Uses 3ID Connect to authenticate a user and generate a DID instance
After further investigation 3id-connect
does everything we need here, so no need for a separate Verida helper library.
packages/connect-node
: Uses EthereumAuthProvider from Ceramic to wrap a private key and blockchain network. This is injected into a @3id/manager instance that can produce a DID instance.
This has been implemented with working tests as packages/3id-utils-node
. See 4579439.
from verida-js.
Ceramic + IDX introduces latency issues in web or mobile environments
Doing some basic tests with https://self.id shows a variable time to connect anywhere from 4-8 seconds. This isn't great, however this should only be required on the mobile app when a user first connects and will then be cached.
Tests of fetching an existing user's IDX profile returned a result in ~1 second, which should be fine.
from verida-js.
Ceramic + IDX won't work within React Native environment
According to Ceramic discord others are working on this, so assume it's not an issue.
Create a web based PoC that validates the above approach to using 3ID to store and unlock per application databases will work as expected
Decision is to use Verida's Single Sing on to support this as Ceramic won't support it any time soon.
from verida-js.
The core packages that support this are now complete:
- https://github.com/verida/verida-js/tree/main/packages/3id-utils-node (Utility to generate 3ID's from Ethereum private keys)
- https://github.com/verida/verida-js/tree/main/packages/storage-link (Utility to create named secure storage contexts for 3ID's)
- https://github.com/verida/verida-js/tree/main/packages/storage-keyring (Utility to create a keyring for a given seed. Used by
storage-link
)
from verida-js.
Related Issues (20)
- [vda-reward-client] Create client package for `vda-reward-contract`
- Do not pass the `openUrl` property on the deep link
- Redefine the engine requirement and the typescript config
- Allow optional Polygon private key for read-only operations
- Update default RPC URLs
- [vda-node-xxx] Update for `StorageNodeRegistry` contract update
- Implement getPublicProfile() HOT 1
- Refactor how DIDs and Verida networks work
- Update to node 18 and Lerna 7+ HOT 1
- Harmonise publish to NPM
- Harmonise build configuration
- Investigate error `Unable to create DID: Already exists` when the RPC seems to be down
- Investigate error `Unable to send message. Recipient does not have an inbox for that context (Verida: Vault)` when the RPC seems to be down
- Add JSON file for banksia testnet HOT 1
- Migrate to Amoy
- [verifiable-credentials] Generated verifiable credential has incorrect data
- Enable web apps to open external databases they don't own HOT 1
- The `@verida/account-web-vault` package doesn't work in a Next.js application by default HOT 1
- PouchDB database locations should be configurable or default to somewhere guaranteed to be writable.
- [vda-reward-client] Update `claim()` function
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from verida-js.