ucan-wg / delegation

1 stars 1 forks source link

Explicit `null` to omit subject (powerline) #11

Open expede opened 8 months ago

expede commented 8 months ago

I chatted with @matheus23 earlier today about the updated powerline syntax & changes from past iterations. [Philipp, feel free to correct me if I'm wrong on any of the below but wanted to capture here.]

TL;DR he's in favour, but raised that it's too easy to omit the sub field accidentally. Two suggestions:

  1. Require that you use an explicit sub: null if omitted
  2. Use a glob sub: "did:*

The glob has the disadvantage that it looks like you can restrict DIDs by scheme (did:dns:*), when I'm pretty sure that's not the behaviour that we want.

I am in favour of making the Null explicit. In most libraries you're already going to have to give have some variation on audience: Option<DID>, so let's just render None to null as a default.

Any objections?

Gozala commented 8 months ago

It seems consistent with exp so sounds good to me.

Gozala commented 4 months ago

I think we have discussed this in the past, but can't recall conclusions we came to so I apologize to bring this up again, but maybe we can capture decisions this time around.

One alternative we could consider is to constraint subject via delegation policy. I think side effect would be that by default all delegations would be more like power lines which may not be the right default, but on the flip side it would make it a lot easier to express cases where more then one subjects is involved.

Similarly we could use policy to restrict delegation channel e.g. using synthetic selector that gives you iterator of iss in the chain so you could say ["some", ".@.prf[]", ["==", '.iss', "did:key:zAlice"]].

expede commented 4 months ago

but can't recall conclusions we came [...] using synthetic selector that gives you iterator of iss

My understanding was that we were punting on delegations restricting things beyond the args field, due to the many implications that it would incur (such as the "do not redelegate" bit, etc)

expede commented 4 months ago

@gozala at least looking at my implementation from around that time, I think that we had landed on "Require that you use an explicit sub: null if omitted"

more then one subjects is involved

Can you give me a concrete example?

Gozala commented 4 months ago

I’m ok with punning and using null to redelegate all resources explicitly