search

filecoin-project / notary-governance

114 stars 58 forks source link

Notary Application - Glif Verifier #467

Closed Schwartz10 closed 1 year ago

Schwartz10 commented 2 years ago

Notary Application

To apply to be a Fil+ Notary, please review the Notary Overview here and then fill out the following form.

Core Information

Please respond to the questions below in paragraph form, replacing the text saying "Please answer here". Include as much detail as you can in your answer!

Long Term Network Alignment

Time Commitment

Describe the nature and duration of your affiliation with the Filecoin project. Please include relevant Github handles, miner ids, significant projects or contributions (with links).

My team and I have worked closely with prominent members of the Filecoin community to deliver useful tools for the ecosystem. We’ve led and contributed to several projects in the Filecoin ecosystem, through [Glif](https://www.glif.io/) - a set of (open source, source available at https://github.com/glifio ) interoperable tools for the Filecoin network.

Stake Exposure

Please cite total token at stake (currently available, locked as collateral, vesting over time) and any substantiating evidence.

Prefer not to disclose.

Industry Reputation

In-protocol Reputation

Please describe (in detail) your activity and tenure as a member of the Filecoin community. Please note (with links where possible) any contributions made to implementations of Filecoin, the spec, documentation, or to substantially help the Filecoin ecosystem grow. 

My involvement in the Filecoin community started over 2 years ago. I've led the development of Glif, which has made a substantial impact in the ecosystem. Our wallet and safe are (afaik) used internally PL and the FF for FIL distributions. Our node hosting setup is used by many teams to experiment and build on the network without running infra. Our notary service has been live for over a year! 

I’ve been an active participant in the development of lotus, working closely with the team at Protocol Labs to write software around it, and identify issues, [here](https://github.com/filecoin-project/lotus/issues?q=is%3Aissue+author%3ASchwartz10) are a few.

In-protocol Security

Please describe your contributions to the security of Filecoin and the duration over which you've made contributions. Please also include any links or references that can substantiate your contributions. 

I've been a part of conversations relating to wallet security and replay attacks for over two years. I have actively helped other teams in the ecosystem, like the team developing the FIL MetaMask snap, avoid security pitfalls.

Organizational Reputation

Please describe the nature of your organization, including the country of registration, size of the organization, and time since inception.

Glif Ltd. is a Bahamian based entity. Glif itself is a small organization, but employs a rolodex of over 10 developers, designers, marketers, and product thinkers. Glif has been around for 2+ years.

Please share any relevant details to help substantiate information about your organization (website, named officers, links to social media profiles).

https://github.com/glifio

https://glif.io/ 
(calibration net version of our new launch) - https://apps-calibration.glif.link

Please share any relevant external information regarding your organization (e.g. news articles, social media profiles, etc.)

https://filecoin.io/blog/posts/jonathan-schwartz-open-work-labs/

Individual Reputation

Please share links to at least 2 of your (personal) social media profiles (or accounts that you are able to use) and the approximate size of your audience (i.e., followers, subscribers) for each one.

https://twitter.com/glifio
https://twitter.com/j_schwartzz
https://github.com/Schwartz10

Confirming that I am able to use these, but their respective audiences are < 500.

Diversity and Decentralization

Use Case Diversity

(Optional) Any additional information you'd like to share about the use case(s) you plan to support?

By running an automated verifier that checks for GitHub based metadata as the basis for approval for DataCap, we are able to create a process that is completely unbiased and unprejudiced in how we select clients for DataCap. This will enable a wide variety of different clients to use Filecoin to store legitimate data, without having to go through a complex or subjective process.

Allocation Plan

Concreteness of Allocation Plan

Allocation Strategy

How do you plan on allocating the DataCap requested above? Please describe your allocation strategy with as much specificity as you can. This includes the target amount per client and rate at which you'll allocate DataCap.

DataCap will be allocated through the Glif Verification website, hosted at https://verify.glif.io/. Potential clients can sign up for DataCap by connecting / logging into their GitHub account. The site checks if the GitHub account has been around for at least 180 days, and then allocates 32GB of DataCap to the linked address, at most once every 30 days. 

This enables easy testing and experimentation for Filecoin Storage use cases that no longer will have to go through a manually managed notary process.

How do you plan on securing the DataCap to ensure your organization (and its delegated members) are the ones allocating the DataCap?

We have over a year of practice securing our Filecoin notary service. We do not keep large amounts of FIL in our notary wallet.

We’ve already dealt with and stopped DDOS attacks, scripted bot attacks, fake GitHub account creation, and other funny tricks to game the system.

Client Due Diligence

How will you vet the clients that are applying for DataCap? What questions will you ask to ensure your trust is placed well and that clients can properly handle the DataCap you intend to allocate to them? 

The aim with this automatic service is to provide small amounts of DataCap freely to clients. Given the experience we had managing the Faucet during Space Race, we know this is a service that might be abused. As such we’re taking a number of steps (non-exhaustively listed here for security) in order to ensure this service is not abused. 

We require incoming clients to use a third-party OAuth service, with parameters we can tweak in order to constrict potential users to be highly likely “legitimate” users.
We rate limit the amount of DataCap allocatable to each authenticated user based on the total amount of time.
We keep the total allocation amount quite low, such that in the event someone does try to “game” the service, the risk is quite low. 
We plan on actively monitoring the in-bound requests initially to make adjustments based on potentially suspicious network activity.

What processes will you employ when granting additional DataCap to a client that has previously been verified? This includes confirming that the client is not improperly using the DataCap they were previously granted, i.e., making deals with a single SP entity.

None. The process is completely automated. The intent of this service is to enable small amounts of DataCap to individual users for testing, we do not take into account where the Client’s spend their DataCap.

Bookkeeping Plan

Do you plan on conducting all your allocation decisions in public (e.g. Github repo), private (e.g. over email, Telegram, etc), or both? 

The only records we keep are mappings from GitHub ID to the most recent verified data grant. All other bookkeeping and records can be queried and found on-chain.

We do not link Filecoin addresses back to GitHub IDs for security and privacy reasons.

In the event that an invalid GitHub profile makes a request, we log information about that request to our private Slack channel.

Where do you plan on keeping a publicly accessible record of all your allocation decisions?

Allocation decisions are made objectively against a set of predefined criteria mentioned above. These criteria will be mentioned in public at https://verify.glif.io. 

All allocations and addresses that have received DataCap can be audited on-chain. There’s also https://filplus.d.interplanetary.one/notaries/f0121877

Service Level Agreement

Engagement in Program

How much time per week, on average, are you willing to dedicate to participating in the Fil+ program? This includes making DataCap allocations (direct and/or Large Datasets), comments on discussion/issues, attendance in governance calls, messages in Slack, etc.

The goal of the notary service is to be fully automated, and therefore, the amount of time spent directly on allocations will hopefully be minimal (barring making changes to the software, maintenance, etc.). We plan to engage for roughly 0.5-1h per week, as needed, and engage in relevant discussions in the Fil+ community.

Track Record

Past allocation

Have you previously received DataCap to allocate before? If so, please link to any previous applications.

Yes - https://github.com/filecoin-project/notary-governance/issues/48

Cumulatively, how much DataCap have you previously successfully allocated? 

We've successfully allocated around 25TiB of datacap.
galen-mcandrew commented 2 years ago

Infinite Scroll - Round 3 Notary Election Scorecard.pdf

Kevin-FF-USA commented 2 years ago

Hi @Schwartz10 Congratulations! Based on this Notary election cycle's final scoring, you/your organization has qualified to be a Fil+ Notary! You will be receiving your final scored rubric soon, along with the total allocation of Datacap based on rubric scoring.

In order to confirm your participation as a Notary in the Fil+ ecosystem, please respond to the following:

  1. Please confirm that the region of operation for client applications you will focus on is North America.



  2. Please confirm each of the following items below (you can do this by quoting each of the following bullets and adding a line under each section agreeing that you'll abide by these operational principles).



    • Upfront Disclosures: Prior to being confirmed as a Notary, Notaries are expected to disclose all relevant addresses which they control, have a financial stake in, or are strongly connected to by other means. For the disclosure, the Notary should state the relevant addresses and the nature of the relationship
.

    • Promoting Client Best Practices: Notaries agree to educate approved clients about the best practices for using their DataCap (e.g. how to request additional services from miners, storing data redundantly across many miners, etc). Some reference information can be found here.


    • Commitment to efficiently serving the Network: Notaries agree to serve as fiduciaries of the Network, striving to work towards bringing useful data onto Filecoin and improving the experience for clients to do so. Notaries should generally be able to respond to Client applications and updates within 3 days, and should be comfortable communicating with Clients and Notaries if an application needs to be redirected.


    • No Self Dealing: To prevent conflicts of interest, Notaries should not allocate DataCap to Clients over which they control the private keys, or to a Client who intends to specifically spend the allocated DataCap with an address affiliated with the Notary. When in doubt, Notaries should bias towards transparency (i.e. public disclosure) or to getting a different Notary to handle the individual request.


    • Operating in Good Faith: Notaries hold a position of trust in the network, and as such it is expected that they operate keeping the Principles of this mechanism in mind. While each form of abuse cannot be exhaustively defined, Notaries are expected to bias towards caution and act in a way that promotes transparency. Notaries should expect to potentially receive requests or questions for allocation decisions (within reason) - and should make decisions with this in mind.


    • Community Governance Participation: It is expected that you will participate in the program ~1 hour a week. Along with data allocation, participation in Github issues and Slack conversations, Notaries are to make an effort to regularly attend the scheduled Governance calls. As these calls are a forum to shape this process, it is important to ensure Notaries are present to provide their context, with discussions and input.


  3. Please list any addresses you are affiliated with, and state the nature of the relationship. Please refer to the first bullet point in (2) for the definition of "affiliated", and bias towards transparency when in doubt.



  4. Please affirm that you will abide by the allocation / client due diligence plan you laid out above.



  5. (If ready) Please confirm the address that should receive DataCap. This is the address which you will use to sign messages on-chain to verify clients (through using a Ledger and the Fil+ Registry App). If you have an active (non-zero) DataCap grant from a previous election cycle, please provide a different address here.


galen-mcandrew commented 2 years ago

@Schwartz10

Please fill out this form to move forwards with the ratification process: https://airtable.com/shrs55Lzbm1wJTIRw

Kevin-FF-USA commented 2 years ago

Hello @Schwartz10!

Just a friendly ping - there is some additional information needed in order to finalize, can you please follow this link to complete by April 15th? Acceptance Form

Schwartz10 commented 2 years ago

Hey sorry for the delay on this @Kevin-FF-USA . We'll have this done by the 15th.

Also, we may change the notary address - we would edit this github issue if we do decide to change it.

Kevin-FF-USA commented 2 years ago

Thank you for the communication; just make sure you send me a message on Slack when you complete it so I can make sure all your information is correct - including new notary address.

galen-mcandrew commented 2 years ago

@Schwartz10 Currently we have your address as f3qqlzlsjxgy67wdwe5ade5ygk7omp6cnze3nr3aoxwtptjg3ar4i3w26p4rplnm7ppeeyjlwtxqawx2boioma

Is this a ledger secured address? Will you be changing this address?

filecoin-notaries-onboarding-bot[bot] commented 2 years ago

Thanks for your request! :exclamation: We have found some problems in the information provided. We could not find the Datacap requested in the information provided

    Please, take a look at the request and edit the body of the issue providing all the required information.
galen-mcandrew commented 2 years ago

Request Approved

Address

f3qqlzlsjxgy67wdwe5ade5ygk7omp6cnze3nr3aoxwtptjg3ar4i3w26p4rplnm7ppeeyjlwtxqawx2boioma

Datacap Allocated

1PiB

filecoin-plus-bot commented 2 years ago

The request has been signed by a new Root Key Holder

Message sent to Filecoin Network

bafy2bzaceaa3skfhkqabgqhdw4nozyr7ey4dupnjofmapfigob5nsjq4aym5m

You can check the status of the message here: https://filfox.info/en/message/bafy2bzaceaa3skfhkqabgqhdw4nozyr7ey4dupnjofmapfigob5nsjq4aym5m

filecoin-plus-bot commented 2 years ago

The request has been signed by a new Root Key Holder

Message sent to Filecoin Network

bafy2bzacebijnmymgpiyv5py756qcrlgeczn765lmwppym3zjwh7oqyot2v6k

You can check the status of the message here: https://filfox.info/en/message/bafy2bzacebijnmymgpiyv5py756qcrlgeczn765lmwppym3zjwh7oqyot2v6k

dkkapur commented 1 year ago

Notary address needs verification for manual approval. Not required in this case since it's an automated tool. Closing this issue for now.