Chat thread with signed messages

[bourgeoa]

Tasks :

• [ ] manage pod keys

  • [x] ontologies
  • https://w3id.org/security : Proof, VerificationMethod, proofValue
  • http://www.w3.org/ns/auth/cert : PrivateKey, PublicKey, key (used for publicKey)
  • solid ontology shall replace cert ontology that do not cover privateKey : creation of 2 new terms privateKey and publicKey
  • [x] create keys : Schnorr alg and secp256k1 elliptic curves ( key is 64 bytes length). more recent tan ECDSA on same elliptic curve and shorter keys
  • [x] Keys URI location and content:
  • [x] publicKey parentSettings/profile/keys/publicKey.ttl triple => :me solid:publicKey keyString # keystring is 64 char hex string
  • [x] privateKey parentSettings/settings/keys/privateKey.ttl /settings/ is discovered from WebID preference file triple => :me solid:privateKey keyString # keystring is 64 char hex string
  • [x] parentSetting is used for both Keys URI location
  • [x] secure keys with READ only on key resources and acl:default Read on key container
  • [x] repair publicKey keeping private key
  • [ ] add key type description ? SS256 + SHA256 ? where ? JWT or JWS ?
  • [x] a WebID could have multiple key/keyPairs. Through using different key URIs

• [x] chat logic

  • [x] proof on default object message (id, date created, content, maker) replacedBy, deleted and threads are not included. These should link to new signed things This is not actually the case for deleted
  • [x] add thread logic. Thread members property.

• [x] chat channel

  • [x] see https://github.com/SolidOS/chat-pane/pull/100
    • must be Append only for authenticated users
    • ReadWrite for chat creator (owner)
  • [x] index.ttl : ReadWrite for authenticated agents and owner https://github.com/SolidOS/chat-pane/pull/102

• [x] sign and verify object message. Cover Threads

  • [x] simple message
  • [x] edit message : replacedBy => sign new msg + verify same maker
  • [x] deleted message => verify the triple with a second signature or create a new thing. and verify same maker. There is actually an optional parameter
  • [x] links to new messages. Not needed

• [x] UI

  • [x] UI signed message with verify = false
  • [x] UI for unsigned message
  • [x] thread

• [ ] tests

• [ ] push key management in solid-logic ?

• [ ] documentation

[bourgeoa]

Ontology and keys

• Ontology Looking for an ontology to describe keys (privateKey, publicKey), and may be keyType (asymetric RS256, SHA256)
  • https://w3id.org/security
  • https://www.w3.org/ns/auth/cert
  • https://oeg-upm.github.io/devops-infra/ontology/certificate/index-en.html

• key resources : actually uses a Class vocab (this is not a valid predicate)

  
  # Actually
  :me cert:PrivateKey "string" # in a resource READ only for the owner
  :me cert:PublicKey "string"; # in an other resource Read only for everybody:msgId cert:proofValue proofString;
  :msgId cert:proofValue proofString;
  
  # Could be replaced by
  :me cert:key keyString; # keystring is the private or publicKey
  :msgId cert:proofValue proofString;
  or
  :me solid:secp256k1PrivateKey keyString;
  :me solid:secp256k1PublicKey keyString;
  :msgId solid:schnorrSignature proofString; # could replace proofValue

- keys discovery
  This is actually in a fixed location (/profile/keys/privateKey.ttl and publicKey.ttl) in a pod storage.
  - PodStorage is discovered using : 
    - first pim: storage from webID document with a priority rootWwebib in case of multiple pim:storage
    - and if none parsing recursively the webID URI for pim:Storage link Headers 
  - Shall the container/resources location be recorded in webID document or in settings. The risk is misuse by user
    publicKey could be located in the WebID document. Mis-use could be limited : 
    - with automatic rebuild out of the privateKey (this is already implemented if publicKey is invalid/undefined) 
    - and also if the publicKey is stored with the message

key discovery

### Signature issues
  - chat members  (Append Only)
    - `automatic` : shall a chat member sign, unsigned messages whenever this member is logged in ? This could be limited to displayed messages
  - owner/managers functions (they are able to add Write authorization)
    - `on demand to owner` : remove deleted messages ? 
      Even not displayed, the deleted messages are readable by going to the tree structure
      Deleting messages definitely make them not restorable, we may encode/decode them with an owner/managers symmetric key
    - `on demand to owner` : changing privateKey, this returns invalid signature
       Owner can remove invalid chat members signature and allow automatic rebuild signature when a chat user relogs 

### How to consider WebID being deleted ?
Actually all related messages will have an invalid signature
  - a fallback with the public key stored in each message is possible (the key is a rather short ans clean string, 
  - or globally at the chat channel level in index.ttl- but with authorization issues (ReadAppend) ?

### Chat channel issues

Global options and individual chat options are available in the same resource index.ttl
The chat channel authorization, apply by default : 
- `ReadWriteControl` by creator. May be limited to `ReadWrite`. In which case an Owner can edit the ACL
- `ReadAppend` by all authenticated members.
- `Read` by everybody

This means that `individual options can be set but not modified`.

[melvincarvalho]

:me solid:pubkey  keyString # keystring is 64 char hex string
:me solid:privkey keyString # keystring is 64 char hex string

Or some variant of this

In general, lower case hex strings are most common in implementations

You dont even need to wait for the terms to get upstream because the labels will display nicely enough, and the functionality will be in the library

[bourgeoa]

@timbl @angelo-v @megoth Working chat with thread and signed messages. Tested with NSS. Needs following PRs

• rdflib
  • https://github.com/linkeddata/rdflib.js/pull/638
  • https://github.com/linkeddata/rdflib.js/pull/633 or https://github.com/linkeddata/rdflib.js/pull/636 see detail in issue https://github.com/linkeddata/rdflib.js/issues/631
• solid-ui #550
• chat-pane https://github.com/SolidOS/chat-pane/pull/103
• NSS latest main for PUT with Append

[megoth]

Hey, I see that I'm tagged here. Just FYI I don't have any excess energy to spend on rdflib.js or SolidOS at the moment =/ Just so there's no expectation that I'll be able to do this work.