Open valiafetisov opened 1 year ago
For each state (
External
,Draft
, andFinal
), there is aTO_{STATE}
permission that can be assigned.
Core Unit Administrator
s from changing Final
to Draft
, which would require adding 9(?) other new rightsCore Unit Administrator
edit any Budget Statement
in Draft
state?). Therefore, the "ownership" check (or rather check that the document is attached to the same Core Unit as Core Unit Administrator
) would still need to be written in code, inside document model (or its permission layer, up to you)
Based on the above, I would propose to:
CORE_UNIT_ADMINISTRATOR
, CORE_UNIT_AUDITOR
, etc)
Based on the proposal, we need to agree on:
document-model-libs
roles
)eth:0x...
eth:0x...
addressTypically, a delegated identity is tied to an application instance or an application session that needs to act (sign messages) on the user’s behalf
Literally signing all requests using deligated identity is possible, but will make API interactions much more complicated. Current tooling such as for example graphql playground does not support this type of authentication. In my opinion it's important to keep JWT tokens as a means of authentication to streamline adoption of the API.
I also see more harm than value in "rolling your own authentication" for the web. There is a standard for authenticating with wallets described in EIP-4361. It does work for the "primary identity", but it's not directly suitable for the "delegated identity" (one example reason: then, every request will need to be turned into two to include challange (nonce) to prevent replay attacks, which is a lot of overhead for someone wanting to implement API requests)
The Delegate Identity is then approved by the user by signing a transaction with their Primary Identity (this typically happens on Renown), and by submitting this transaction to the blockchain
I'm not sure why we need to do something on chain if it was suggested above in the document to use off-chain message singing to avoid transaction fees. Keeping signed message in our database (for the potential auditability) is effectively the same thing (for this particular use case) as submitting it on-chain.
Burn Message
Same here: this can be done via off-chain message that is then (stored in our database as a proof). Please elaborate on the need of the on-chain transaction here and how does it play together.
Timestamp Attestations
To validate that the message was indeed signed not earlier than x point of time, we can also include hash of the latest block. If the exact timestamp is required, then it's better to do on-chain transaction by the user or our service independentry from the user. I don't think using Twitter as attestation service is suitable for decentralised application.
Goal
Agree on the overall functionality related to auth
Context
Since the initial version of the authentication was already implemented in powerhouse-inc/switchboard#16 and powerhouse-inc/switchboard#28, it's time to make it production-ready and close all open questions.
Tasks