Paths proposal

[javisantos]

I found the definition of key_admin, se_admin, rule_admin a bit static as they are related with which parts of the doc can modify.

My proposal is to add paths in the authorization object to be more flexible and more self defined:

authorization: {
    profiles: [
      {
        key: '#1234',
        roles: ['edge']
      }
    ],
    rules: [
      {
        grant: ['register', 'key_admin', 'se_admin', 'rule_admin'],
        when: { id: '#1234' }
      },
      {
        grant: ['authcrypt', 'plaintext', 'sign'],
        when: { roles: 'edge' }
      },
      {
        grant: ['route', 'authcrypt'],
        when: { roles: 'cloud' }
      }
    ],
    paths: [
      {
        grant: ['/authorization/paths'],
        when: {
          any: [
            { roles: 'per_admin' },
            { id: '#1234' }
          ]
        }
      },
      {
        grant: ['/publicKey', '/authorization/profiles', '/authentication'],
        when: {
          any: [
            { roles: 'key_admin' }
          ]
        }
      },
      {
        grant: ['/authorization/rules'],
        when: { roles: 'rule_admin' }
      },
      {
        grant: ['/services'],
        when: { roles: 'se_admin' }
      }
    ]
  }

This will mean key '#1234' have this grants:

Set {
  'register',
  'key_admin',
  'se_admin',
  'rule_admin',
  'authcrypt',
  'plaintext',
  'sign'
}

And permission to modify this paths of the doc:

Set {
  '/authorization/paths',
  '/publicKey',
  '/authorization/profiles',
  '/authentication',
  '/authorization/rules',
  '/services'
}

And this can be useful if some key is allowed only to modify /services/0 for example

What do you think?

Regards

[dhh1128]

Closing now that the ticket has been moved to its new repo home (https://github.com/decentralized-identity/peer-did-method-spec/issues/7).