[WIP] Generate Space proofs on the fly, on access/claim
#1555
Conversation
| // This collection also includes the attestation delegations which validate | ||
| // prove those delegations. | ||
| const sessionProofsResult = await createSessionProofsForLogins( | ||
| loginDelegations, |
There was a problem hiding this comment.
If there is none, what happens?
| // delegations for them. But they won't have any proofs on them. They're proof | ||
| // of login, but don't serve to give the Agent any actual capabilities. That's | ||
| // our job. | ||
| const loginDelegations = storedDelegationsResult.ok.filter((delegation) => { |
There was a problem hiding this comment.
So, it's my understanding that access/delegate and access/claim are general purpose. I think it's ok to add functionality from access/confirm here but it would be nice (slash not a breaking change) to retain existing ability to stash/retrieve any delegation. I think with the current implementation you'd not receive anything unless ucan:* delegations are found?
There was a problem hiding this comment.
Ah, yes, that's true. We should just translate those and leave the rest in the output.
|
@alanshaw Hmm. I'm worried that Ucanto doesn't like this trick. It tries to resolve the |
| // These delegations will actually have proofs granting access to the spaces. | ||
| // This collection also includes the attestation delegations which validate | ||
| // prove those delegations. | ||
| const sessionProofsResult = await createSessionProofsForLogins( |
There was a problem hiding this comment.
could we put this (and probably some of the logic above) behind a feature flag of some sort? (we don't have a formal feature flagging system, but I think we might have some floating around in env vars which is probably the way to go for now?)
I'm just a little concerned about the impact this might have on the performance of this invocation handler and would like to be able to switch it on and off - refreshing the space list is nice but I want to make sure we can disable it for now if it starts causing trouble...
There was a problem hiding this comment.
are we that concerned? I feel like "access/claim" is hardly a big hot path.
There was a problem hiding this comment.
and are we really talking about a lot of work? Making session proofs is not a huge endeavor I would imagine. but maybe I'm missing historical context.
There was a problem hiding this comment.
ah so what worries me is that
a) we poll access/claim pretty aggressively from the client during login and
b) unless I'm mistaken there are at least one but possibly many network requests/dynamo queries inside createSessionProofsForLogins
totally possible this doesn't amount to enough work to be a concern, but I'd at least like to have some sort of profiling in place to keep an eye on it
Can you elaborate? When do you call ucanto & what is the error? |
|
Never mind the below! I see now that the outer delegation is self-signed, so it never even looks at the inner one. Just a poor example on my part. Maybe the point is moot—I'm using Ucanto's import * as Server from '@ucanto/server'
import { capability, URI, Schema, ok } from '@ucanto/validator'
import { ed25519, Verifier } from '@ucanto/principal'
const authority = await ed25519.Signer.generate()
export const drive = capability({
can: 'car/drive',
with: URI.match({ protocol: 'did:' }),
derives: ok,
})
const alice = await ed25519.Signer.generate()
const bob = await ed25519.Signer.generate()
const alicesCar = await ed25519.Signer.generate()
const delegation = await drive.delegate({
issuer: alice,
audience: bob,
// !!! Wrong `with`!
with: alice.did(),
expiration: Infinity,
proofs: [
await drive.delegate({
issuer: alicesCar,
audience: alice,
with: alicesCar.did(),
expiration: Infinity,
proofs: [],
facts: [],
}),
],
facts: [],
})
const claimResult = await Server.claim(
drive,
[delegation /* , attestation */],
{
authority,
principal: Verifier,
validateAuthorization: () => ({ ok: {} }),
}
)
console.log(claimResult)That doesn't even have the same I've been trying to use |
| // These delegations will actually have proofs granting access to the spaces. | ||
| // This collection also includes the attestation delegations which validate | ||
| // prove those delegations. | ||
| const sessionProofsResult = await createSessionProofsForLogins( |
There was a problem hiding this comment.
are we that concerned? I feel like "access/claim" is hardly a big hot path.
| // These delegations will actually have proofs granting access to the spaces. | ||
| // This collection also includes the attestation delegations which validate | ||
| // prove those delegations. | ||
| const sessionProofsResult = await createSessionProofsForLogins( |
There was a problem hiding this comment.
and are we really talking about a lot of work? Making session proofs is not a huge endeavor I would imagine. but maybe I'm missing historical context.
The bulk of the work for storacha/project-tracking#125
This together with
w3uicallingaccess/claimon page load will make new spaces appear on the page without logging out.The Strategy
access/confirm, where we previously created a*/ucan:*delegation with proofs for each space, we now create one with no proofs. This delegation technically provides no capability, but serves as a signal inaccess/claim.access/claim, we look for the Agent's*/ucan:*delegations in the store, and translate them on the fly into ones containing proofs for the relevant spaces. This is legitimate, because*/ucan:*means the Agent has been granted access to anything the Account can do, it just doesn't have the proofs that Account can do anything yet. We're just putting 2 and 2 together.Remaining
*/ucan:*delegation before recreating it. Ifaccess/confirmdoesn't create an attestation,access/claimwill still happily make one for its new delegation. That's a (minor?) security issue. If the delegation is in our store, we can probably trust it, but better to care about the attestation.