Skip to content

Verifiable Credential request/commit authorization #279

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
zonotope opened this issue Dec 1, 2022 · 4 comments
Open

Verifiable Credential request/commit authorization #279

zonotope opened this issue Dec 1, 2022 · 4 comments
Labels
credentials enhancement New feature or request needs specification transactor
Milestone
3.0.0-beta1

Comments

@zonotope
Copy link
Contributor

zonotope commented Dec 1, 2022
edited
Loading

Authorize client requests with signed queries and commits against a ledger to a ledger server using claims in a verifiable credential included in the request.
@zonotope zonotope added this to the 3.0.0-alpha1 milestone Dec 1, 2022
@mpoffald
Copy link
Contributor

mpoffald commented Dec 5, 2022

@bplatz does your work in #231 include this?

@bplatz
Copy link
Contributor

bplatz commented Dec 6, 2022

This is independent, by design, of #231. #231 today expect just two things and will eventually be 3 things

  1. The verified did/identity of the request
  2. The role(s) the user is to be placed in, if any. This could happen via an intermediary step where a query happened, or might automatically get set based on the credential
  3. (not yet in there) a map/flakes of authorized claims on the credential if the credential wasn't self-signed - e.g. if an identity provider signed the credential it could make claims about the user that in turn could get utilized inside smartfunctions.

@dpetran dpetran self-assigned this Dec 6, 2022
@dpetran
Copy link
Contributor

dpetran commented Dec 6, 2022

Here's my understanding of the issue:

Queries and transactions can come wrapped in a verifiable credential. We would use the signature on the credential as an auth input to the constraint enforcer, where one constraint could be: "transactions must be signed by the holder of the private key for this public key", or perhaps nested verifiable credentials.

We need to add logic to the query and stage functions to support checking those constraints.

@dpetran dpetran removed their assignment Dec 9, 2022
@dpetran
Copy link
Contributor

dpetran commented Dec 9, 2022

My understanding is actually another issue: #292

This one is about receiving auth claims alongside of the request, verifying that they are authoritative, and then incorporating the claims into the query/transaction pipeline.

@mpoffald mpoffald modified the milestones: 3.0.0-alpha1, 3.0.0-alpha2 Dec 22, 2022
@aaj3f aaj3f modified the milestones: 3.0.0-alpha2, 3.0.0-alpha3 Mar 20, 2023
@zonotope zonotope modified the milestones: 3.0.0-alpha3, 3.0.0-beta1 May 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
credentials enhancement New feature or request needs specification transactor
Projects
None yet
Milestone
3.0.0-beta1
Development

No branches or pull requests
5 participants
@zonotope @bplatz @aaj3f @mpoffald @dpetran