Vault Sharing With GestaltId

[addievo]

Specification

A user should be able to use a node id, OR an identity to be able to share a vault, currently vaults can be shared only with node ID's, however, sharing with identities is a crucial part of Polykey.

The desired behaviour should be that sharing a vault with a nodeId shares the vault with the entire gestalt. This is because Gestalts are addressable by both nodeIds and identityProviderIds. Furthermore, the VaultShare handlers should also be able to accept identityProviderIds as well, and take the first discovered node of the identity to trust.

There are some implications regarding discovery. For example, in the case where node B trusts node A, and hence gestalt A, but node C joins gestalt A after this, so that node B does not know that node C is in gestalt A yet.

Additional Context

There is existing discussion about how to do this in Polykey: https://github.com/MatrixAI/Polykey/issues/626. This CLI issue is derived from that.

Tasks

1. Enable sharing of vault with gestalt ID.
2. Allow for nodes from the same trusted gestalt to clone/pull a vault
3. When a vault is shared with a gestalt, implement notifications for all nodes of that gestalt
4. Update discovery mechanism when vault pull is called.

[addievo]

Currently proposed way of achieving this :

1. Use identity list to acquire all the nodeIDs associated with an identity.
2. Iterate and share vault with all nodeIDs.

[CMCDragonkai]

Without this, the user has to copy paste the node ID after listing the nodes of a gestalt.

With this, it should be possible to just directly pass in ProviderId:UserId as the target of sharing, and it would share it with ALL the nodes in the gestalt.

[CMCDragonkai]

More testing for the social discovery is needed, I don't think we have robust testing of the entire loop between social discovery and gestalt expansion or contraction.

[CMCDragonkai]

I think we should get this at the very least before re-running the CLI demo after #551 is merged.

[amydevs]

Currently proposed way of achieving this :

1. Use `identity list` to acquire all the nodeIDs associated with an identity.

2. Iterate and share vault with all nodeIDs.

IMO, this should be done in the ACL rather than like this, so that any node that joins a Gestalt automatically gains the permissions of the Gestalt

[CMCDragonkai]

That should already be true. But the social discovery system needs integration testing and/or simulation testing.

[amydevs]

There

That should already be true. But the social discovery system needs integration testing and/or simulation testing.

Idk if i see anything in acl.ts that handles permissions to nodes for gestalts. Or anything that means if you share with one node, u share with all nodes in the gestalt

[CMCDragonkai]

It should be in the gestalt graph too. Check that.

[CMCDragonkai]

This should work like this:

# using a gestalt ID
pk vaults share myvault github.com:cmcdragonkai
# using a node ID (which is still a gestalt ID)
pk vaults share myvault vm27fr...

Both provider and identity and node id are all valid gestalt IDs, so that should be supported.

[amydevs]

[CMCDragonkai]

What does this picture mean?

[CMCDragonkai]

You need to check the ACL and the GestaltGraph for if the permission union.

[CMCDragonkai]

We need to think about this in 2 dimensions:

1. Sharing a vault between nodes in the same gestalt.
2. Sharing a vault between gestalts.

In the second case, it does make sense to share to the whole other gestalt.

In the first case, this would create a bit a weird UX, where sharing a vault to another node that you own, would send notifications to all the nodes in the gestalt.

There's no gestalt synchronisation atm https://github.com/MatrixAI/Polykey/issues/190.

So in terms of achieving this, we may need to distinguish if it is shared to your own gestalt. If so, it should not send notifications to all the nodes in the gestalt. However it could still open it up to be pulled by other nodes in the same gestalt.

Alternatively vaults across all nodes in the same gestalt can be pulled freely between each other by default. Then if you were to try share it your own node in your own gestalt, then it would just do nothing. No notifications are sent. It's a noop.

I think we do the highlighted.

[CMCDragonkai]

@amydevs if you're working on this, make sure to start speccing out the tasks.

[CMCDragonkai]

Refer to https://github.com/MatrixAI/Polykey/issues/626 for additional information on this, and work to be done on both PK and PK CLI should be attached to this issue.

[tegefaulkes]

Moving this to todo since it's not actively worked on.