iamcarbon
commented
3 years ago A potential Schema.
Actor record {
id: UUID
}
// Actors include
Person : Actor record { }
Service : Actor record { }
Organization : Actor record { }
Actor::Key_reset_policy record {
quorum: Integer, // The number of trustees that must agree to let the actor reset their key
trustees: [ ] Trustee
}
// A trustline establishes trust between two parties (or keys) for a specific purpose.
// 1. To assert our identity (that we control our current private key)
// 2. That the trustee hold an asset on our behalf and will provide it on demand
// By trusting a actor, we inherently trust their currently active key (which may be rotated frequently)
Trustee ≡ Actor | Key
Trustline record {
truster: Actor,
trustee: Trustee,
acting_as: Verifier of Identity | Holder of Asset
expires?: Timestamp
}
Controller ≡ Actor | Key
// A record records data about an object (and represents an object at a point in time)
Record class {
uuid : UUID,
object : Object,
hash : [ ] byte,
data : [ ], // the object's schema should define the serialization format of the data
transaction : Transaction
}
// The entity or service controlling an object isn't always it's owner
// An owner may delegate control, reassert control, or transfer ownership of an object through a transaction
// Ownership of an object may change over time
// An object may also represent a physical or virtual asset with varying quantities
// Records record the changes of an object over time
Object class {
uuid : UUID,
record : Record, // Current record representing the object's data
controller : Controller
}
// Rather then signing individual records, consider signing the transactions used to commit the record. The transactions could have multiple parties.
Ownership record {
object: Object,
owner: Actor | Key,
timestamp : Timestamp, // when the ownership began
disposed?: Timestamp // when the ownership ended (through sale, forfeiture, end of life, etc)
}
Cryptography::Key record {
uuid: UUID,
type: Cryptography::Algorithm,
revocation?: Cryptography::Key::Revocation,
expires?: Timestamp,
controller: Actor
}
// A key may perform any action on behalf of it's controller that does not violate a system policy or protocol
Cryptography::Key::Revocation {
transaction: Transaction, // the transaction used to revoke the key
reason: Rotated | Compromised,
timestamp: Timestamp
}
// We may also want to include additional authenticated data to allow additional data to be verified (e.g. roughtime)
Signature record {
key : Cryptography::Key,
aad? : any,
value : [ ] byte,
timestamp : Timestamp
}
Transaction record {
uuid: UUID,
signatures: [ ] Signature,
committed: Timestamp
}
danielcrenna
Identifying all actors by their public key prevents an actor from rotating or revoking their key. By pointing owners to a versioned actor record, the system could support rotating and revoking keys.
A trusted ledger of key revocations could also be used to prove whether a record signed at a point in time was valid.
By establishing a set of trusted actors, a key recovery method could be introduced that allows trusted actors to commit a key rotation transaction through a cryptographically verified quorum.
Perhaps one of these actors is a friend. A T2 chip. Or FIDO key.