oasisprotocol / oasis-core

Performant and Confidentiality-Preserving Smart Contracts + Blockchains
https://oasisprotocol.org
Apache License 2.0
338 stars 113 forks source link

registry: Node registration process should be 2 stage #2039

Open Yawning opened 5 years ago

Yawning commented 5 years ago

Followup from #2018:

Currently registering a compute/keymanager worker requires being able to attest with IAS. This is thwarting attempts to restrict IAS attestations via the proxy to valid compute/keymanager workers, since the initial registration will be impossible if such an access control check were added.

The probably correct way to do this is to have a two staged initial registration process, the first that grants attestation access, followed by the actual node registration(s) as normal.

Yawning commented 5 years ago

This issue also prevents genesis validators from being compute workers since going from no runtimes to having runtimes gets rejected by the registry currently (#2179 is an alternate fix for that problem, though it doesn't help the IAS situation).

kostko commented 4 years ago

Moving over from #3413:

Before a storage node is eligible to be elected into a storage committee it should self-report that it is fully synced. This should be done by flipping a flag in the registration descriptor (could be added into a new "storage" capability).

We should probably generalize such a 2-step registration process by having some kind of a "ready to participate in a committee" flag.