-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chat can impersonate any webId #90
Comments
Some details on the registering of Registering can be an chat extension to the At registering time a
With this :
|
We may have only a The pod chat owner should be able to rebuild a |
Another way of doing this is to use the server-side shape validation. To specify a shape which insists not only that a given shape s senr, but also that the USER and the DATETIME are used as fields in the shape. |
Adding to what @bourgeoa said, maybe we could define a more generic solution for encrypting data in Solid, not just for chats. For example, we could have triples such as this in the profile: <#me>
solid:privateKey <./key.pem> ;
solid:publicKey <./key.pub> . Where Using these keys, we could add "proofs" to other triples/resources. For example, in a chat:
Such that the value of the Also, something nice about this is that it can be a client-client standard, so server implementations don't have to change for this to be supported. |
@NoelDeMartin thanks. The proof functions could be in solid-logic. |
@bourgeoa I guess they could be in the type indexes, but that requires using two specs (the type index spec, and the new "security" spec). So I think it's easier just to have it directly on the profile (or extended profile). But sure, I don't see any problem with having them elsewhere if there is any good reason. About where to have to functions to generate proofs, yes we could have them in solid-logic but it's also important that the spec indicates how the proofs are generated, so that anyone can implement their own algorithm. |
@NoelDeMartin Does the security spec covers the client-client ? I thought it was covering client-server.
Are you speaking of the content uses to create the proof. For the chat case which should be Append only the use of the message absolute URI as proof should be enough. Well relative to chat URI might be enough and retain possibility to move the chat to a new pod location. I have discovered the nostr-tools. n04 https://github.com/nbd-wtf/nostr-tools#encrypting-and-decrypting-direct-messages could cover our needs. |
Well, my proposal is to make it client-client because that way we don't have to wait for servers to implement anything. But sure, it'd be a lot better to make it in the server.
Yeah I suppose if the chat is append-only, the URI would be enough but I don't think we should rely on this. Also because append-only means users can't delete messages, which is an issue. On the flip side, if it's not append-only it means anyone can delete other people's messages :(. But I can't think of a way to work around that without modifying the server spec. |
@timbl Suggested that a good compromise would be to keep it append-only for most people, but moderators would be able to delete messages. Building on top of that idea, we could allow people to edit or delete messages, but it would initially be a "soft edit" or "soft delete" (meaning that the document would contain the history of messages, but the UI wouldn't show it). Then, moderators could "approve" those actions and make them effective by really editing/deleting the comments and removing the soft operations. |
Yes, that would be a good compromise to only allow moderators or admis ti delete messages. For everyone else it is an append-only world. |
One model is that the chat for the day is a folder like
You can make it with a post or a PATCH. Then in the listing of the folder, we save the creator of the file and expose it in the metadata. This is an existing idea which there should be an issue for somewhere. It needs a server change |
Ontologies to use for the credentials verification and proof.
The predicate To describe the signature process this can be done using the verifiable credentials examples. The key being permanent for each webID there is no need to store it in the message. The process can be described only once in the chat index.ttl. |
There are RSA et more recently ECDSA certificate types (letsencrypt is is using ECDSA as from version 2 by default. nostr-tools offers wrapper functions to create and use ECDSA certificates. |
@SharonStrats
As an inspiration for this process we can use :
|
I'm wondering what initiates the key pair generation and our transition plan. IdeasKey Generation
Transition plan
|
At this stage yes. There is no server side specification
It is an app process and should be fully automatic.
I think that's correct.
I was thinking to have a date parameter or better to display in red or any other colour messages without a proof. This is different from messages where the proof fails. |
A small remark on this: I'd suggest to sign all message fields. In particular also the timestamp and recipient. There's some more discussion here on what could go wrong, feel free to poke me for questions on this: https://forum.solidproject.org/t/update-pod-chat-messenger-2-0-solid-pod-messaging-app/6141/13 |
Agreed I forgot the timestamp. When I wrote messageID I was thinking of the messageUri, that will include what you called the recipient. |
This is a real problem. See the discussion in https://gitter.im/solid/solidos?at=63c8360a3031eb336184db17
Some ideas appeared in the discussion :
Allowed Groups
.The text was updated successfully, but these errors were encountered: