-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
API for validation? #54
Comments
What you need to do now that we have customizable capabilities is verify your UCAN in terms of some custom capability semantics. Sorry that it's not as simple as |
Ah ha thanks. I think I remember briefly chatting about this. The main thing being that there is no programmable way to check if a UCAN with a given cap is allowed to sign a new UCAN with another capability. I suppose there are two types of validation then — you could check if simply the merkle-list integrity of the UCAN and proof UCAN are valid (that the child has a reference to the parent), then you also need to check if the parent is able to create the given child capabilities. |
Now that I think about it; the parent UCAN is just a string in the |
Oh well, there is - that's what we do with UCAN stores: We look through all the UCANs to find one that can grant given capability: Lines 43 to 69 in 92d2281
However, on the server side you'd still need to check the originator of your capabilities against your records, which is what the
Yeah - you're right. UCAN proofs can either be strings or CIDs (although CIDs aren't supported yet). So initially there's nothing to check before we've resolved them. However, we can resolve/parse them recursively and check them while we're doing that. That's what happens in Initially I thought that that'd be the entry point to the library with the lower-level stuff ( It's great that you bring this stuff up. We'll want to revamp the public-facing API at some point, once we understand the whole problem space really well (we're in the process of figuring this out). This has given me some ideas. |
Thanks for the explanation.
Although, thinking more about this, we also have to check that the signatures are ok — the parent needs to sign the child I think. But this should be checked by Chained.fromToken So we need to use For example, lets say that our application logic allows you to create a UCAN that gives read access to any subdirectory that you have access to. my UCAN capabilities: [
{
"wnfs": "example.fission.name/public/",
"cap": "READ"
}, a new UCAN I created capabilities: [
{
"wnfs": "example.fission.name/public/photos/",
"cap": "READ"
}, That's an example that is dependent on arbitrary application logic, as to whether that is allowed or not. I think that is the part that is confusing for me still. I've been looking at the test for attenuation — https://github.com/ucan-wg/ts-ucan/blob/main/tests/attenuation.test.ts — but I think the tests may be too low level for me in this case. My plan was to write a test that demonstrates using |
There's a test that essentially tests the thing you've described. Maybe that helps? ts-ucan/tests/capabilitiy/wnfs.test.ts Lines 13 to 39 in 92d2281
(Also wanted to note that Regarding everything else you wrote: It all seems consistent with my idea of how stuff works 👍 |
Thanks for pointing me in that direction of the test. I will probably look at it later today |
Thanks you for the help. Today I worked on writing a test, however I never did get typescript to stop underlining things 😞 Someday I need to learn what I'm doing. https://github.com/nichoth/ts-ucan/blob/nichoth/hasCapability-test/tests/attenuation.test.ts#L213
I don't want to make extra work for anyone BTW, just thought I would share what I'm doing so far. |
Hey! Don't feel bad ❤️ |
I just created a PR for you that I hope helps figuring all of this out: nichoth#1 |
Thanks! I merged and made a very small update so that the TS compiler is happy -- https://github.com/nichoth/ts-ucan/blob/nichoth/hasCapability-test/tests/attenuation.test.ts#L213 |
Another update -- i wrote a few tests that are useful for me -- https://github.com/nichoth/ts-ucan/blob/nichoth/hasCapability-test/tests/attenuation.test.ts#L229 Remaining questions -- const testSemantics = {
// ??? what is `tryParsing` used for?
tryParsing(cap: Capability): Capability | null {
return cap
},
So to check if a UCAN is allowed, you would want to use Chained.fromToken to check if the signatures are valid, then use That will be my next task — writing a test that demonstrates a good flow for checking if a UCAN is valid for allowing some arbitrary permission. |
In the example from your code it isn't used for anything. But in general, it can be used to pre-process capabilities for (1) filtering out capabilities you don't know how to process (the UCAN might contain capabilities meant to be used for another service that you don't know it's capability semantics for) and (2) converting them into a custom type of your choice to make the implementation of See for example the implementation of the public WNFS capability, which essentially parses the capability that contains a path as a string into a path as an array of path segments: ts-ucan/src/capability/wnfs.ts Lines 35 to 58 in 979ea39
I see that the current API is confusing. I want to reduce the API surface in the future by removing the need for the |
I was wondering what the API is for validating ucans. In my little demo app i used something
ucan.isValid
-- https://github.com/nichoth/ucan-demo/blob/main/src/index.js#L296 -- but I don't see it documented anywhere now.There is this great example for creating a token -- https://github.com/ucan-wg/ts-ucan#example . it would be great to have something similar for validating the ucan chain.
The text was updated successfully, but these errors were encountered: