Open fungc-io opened 1 year ago
Hi @chpapa,
I've created the pitch based on our previous discussions few months ago. With elaboration in the "Solution" part, trying to give the solution more concrete shape.
What do you think about it?
One thing i'm not sure is the "redirection rules" under Support in Authgear > Portal, not sure if we should allow configuring these rules in Portal or only in custom defined workflows
@fungc-io
A few thoughts on the concept/directions:
identify
step; We do need to think about how passkey, oauth etc could be compatible with this?It can be a redirection rules if the signup process include filling the profile? If the user's country is China, block the signup and redirect to the China server. If the user changes country later, the developer can either forbid this action, or run the migration API later
Let me put in this into Rabbit Hole
If the application uses other authenticators like passkey/oauth, the application should determine the user's region first before triggering the authentication. Authgear cannot redirect the user based on that.
After the product meeting on 2023-08-02, I read skimmed through GDPR and PIPL.
Pseudonymized data is still considered as personal data by GDPR. Therefore even if we store pseudonymized identifiers (like email addresses and phone numbers) in a centralized database, this approach could violate the law.
Does this mean we can rule out the option of having a centralized database to ensure identities (e.g. email addresses and phone numbers) are unique across all regions for a given project?
Given that two-phase-commit protocol is complex and can degrade the performance, I think we can also rule out this option.
Then, can we conclude that identifier uniqueness is something that we need give up?
Since we do not have a centralized database, all servers in different regions must be known to each other. They have to ask each other if an identifier already exists in another region. We need to design a protocol for the servers in different regions to communicate.
[x] Try to setup cockroachdb in local with multi region nodes
[x] Try to setup regional table
[x] Run authgear server with regional table
[ ] Stress test
[ ] Observe behavior of failing / disconnected nodes (Check survival goals)
[ ] Try to migrate some data
[ ] Try to backup data
[ ] Setup a real multi region cluster and try it
Original migrations cannot be run, follow this to create a migration for cockroach db: https://www.cockroachlabs.com/docs/stable/migrate-from-postgres
ALTER TABLE
statements cannot be run inside a transaction with UPDATE / INSERT
ALTER TABLE
statements seems time consuming even for empty table
Remove brin indexes, replace with btree
jsonb is not indexable, use jsonb_col::text
which change it to text
pg_partman is not supported, see if we still need to partition _audit_log.
Triggers are not implemented.
pg_notify cannot be used. Possible replacement: https://www.cockroachlabs.com/docs/stable/change-data-capture-overview
Setting up multi-region database & table
SHOW REGIONS FROM CLUSTER;
ALTER DATABASE {database} SET PRIMARY REGION "{region}"; -- (Require enterprise license)
ALTER DATABASE {database} ADD REGION "{region2}";
SET enable_multiregion_placement_policy=on;
ALTER DATABASE {database} PLACEMENT RESTRICTED;
ALTER TABLE {table} SET LOCALITY REGIONAL BY ROW;
### App server
- Multi app server (TBC)
- Multi redis instances (TBC)
Problem
In some countries, there are geographical limit on the registered server used to store the user data.
For example in China, the Personal Information Protection Law (PIPL) demand that the personal information of a Chinese Citizen including the mobile number the user used to log in should be stored in a server registered in China.
For an application that serves customers across countries, this means that according to a enduser’s identity
Research
In this section, we will look at how some MNCs approach this problem
NIKE International
+86
numbers cannot be registeredApple
Solution
Overview
Let’s say a user want to serve both customers from both China and other countries.
For PIPL compliance, the user can set up two servers in China and, for example, HK respectively
+86
numbers should be blockedqq.com
163.com
, if they are using the HK server, ask the user to restart the signup process in the CN server.Note
If the Chinese users are expected to use the app from outside China, their network speed may be affected by the Chinese network. A tunnel is recommended communicate to the China server.
Benefits of this approach
Support in Authgear
qq.com
163.com
, redirect the user to the China ServerRabbit Holes