Open ruffiano89 opened 2 years ago
@ruffiano89 How to secure Update API? anybody on the internet can connect to my Blox and update my DID document. and because you use IPNS there is no validation by hash.
@ruffiano89
any suggestions for namespace fula.diddoc:
import {create, update, resolve} from "fula.diddoc"
?
@ruffiano89
for testing can you please provide a sample Content: object
?
or instruction how i can generate it?
@ruffiano89 any suggestions for namespace fula.diddoc:
import {create, update, resolve} from "fula.diddoc"
?
import fulaProvider from 'fula-provider' const didProvider = fulaProvider(ipfs) didProvider.create() didProvider.resolve() didProvider.update()
@ruffiano89 for testing can you please provide a sample
Content: object
? or instruction how i can generate it?
I will add source code into fula-sec with test case and you can use as reference. Pls, feel free to ask any question.
@ruffiano89 How to secure Update API? anybody on the internet can connect to my Blox and update my DID document. and because you use IPNS there is no validation by hash.
await ipfs.name.publish(path, {key: keyName,}) we will add here pem key which is temporarily key after publishing we will remove it. key is only belongs to specific user which is owner.
@ruffiano89 How to secure Update API? anybody on the internet can connect to my Blox and update my DID document. and because you use IPNS there is no validation by hash. await ipfs.name.publish(path, {key: keyName,}) we will add here pem key which is temporarily key after publishing we will remove it. key is only belongs to specific user which is owner.
How the owner get the pem key?
@ruffiano89 How to secure Update API? anybody on the internet can connect to my Blox and update my DID document. and because you use IPNS there is no validation by hash. await ipfs.name.publish(path, {key: keyName,}) we will add here pem key which is temporarily key after publishing we will remove it. key is only belongs to specific user which is owner.
How the owner get the pem key?
Each time when we publish new content or update user will use encrypted pem key. after all process should be removed, because its temp pem key. we dont need keep always
@ruffiano89 How the client (fula) generate pem key? Is it coming from blox ? How the blox know this is owner? How owner can access other to use this API?
Required:
Create
Resolve
Update
Create: Param (content: object) Returns Content: object
Resolve: Param (peerId: string) Returns (Content: Object)
Update: Call Resolve function and get Content with peerID Update previous content with new Content