Open rosarp-gobazzinga opened 7 months ago
@saikatdas0790 Yes. I have updated this as per our discussion.
@rosarp-gobazzinga Can we add more details to these steps in a separate diagram in the same document?
I am unclear on the following:
get_delegation
a method available on the signing canister?@rosarp-gobazzinga @rupansh Hypothetical question, could we do the canister signature off chain if required? Imagine, for whatever reason, the on chain canister signer shuts off. With the random seed that we will have stored, could we rewrite the logic in canister signers to issue the signature ourselves from the auth server to ultimately generate a delegation that we can pass to the browser and that the user's canister can recognize as the same principal when the frontend calls into the canister?
Main premice here is that, canisters have root certificates which are being used to sign the delegations. This key part is not available off chain or anywhere else. We are considering this solution so that we dont have to store private key by ourselves. Its being part of on-chain certificates. What we are currently doing is off-chain and we will have to store private keys for users in such case.
Let's discuss during a subsequent meeting
@rosarp-gobazzinga Ideally a good idea to push code implementation as part of a separate pull request. I'm a big fan of frequent pull requests with small set of changes
@rupansh can review code
I generally do separate changes. Will separate out these two changes. In this PR, only workflow diagram was pushed.
@rosarp-gobazzinga Does this have the changes that we discussed today morning?