Last Call - Chain Agnostic CApability Object#74
Last Call - Chain Agnostic CApability Object#74ligi merged 15 commits intoChainAgnostic:masterfrom ukstv:cacao
Conversation
|
Should |
True. Thank you. When writing the first draft, I mistakingly looked at an old version of did-pkh specification, which did not include chain information. Changed the spec here. |
Co-authored-by: Charles E. Lehner <[email protected]>
|
Is there a preferred precision for the Unix time stamps? Microsecond? Nanosecond? |
|
w3c/vc-data-model#846 |
|
It seems there is a round-trip inconsistancy between SIWE's string representation and CACAO. Valid SIWE messages can contain timestamps which have timezone offsets, which is included in the signing/verification input. When such a message is converted to CACAO form the timestamps are converted into UNIX time, discarding the time zone. Verifying the signature for such a CACAO would fail, as re-serializing the fields into SIWE form will represent all timestamps as UTC. I'm not opposed to requiring/generally expecting UTC timestamps but the SIWE spec doesnt require it, so not all SIWE messages will be losslessly convertable to CACAO form. |
|
@chunningham huh, I was under the impression that SIWE required the timestamp to always be UTC. |
|
@chunningham thanks for the notice. Apparently, |
|
@ukstv also, does ISO8601 support ms or not? If they do we need to solve for ms since UNIX timestamps are in seconds only. |
It does. Instead of unix timestamp we have to use full ISO8601 specifier, as string. |
|
If possible, I'd suggest RFC3339 as it's a little more restrictive, but in ways that most people would expect (ISO8601 allows for example "2022-100" = 100th day of 2022). IME when most people say ISO8601 they mean RFC3339. IIRC the SIWE spec is being updated to resolve the inconsistancy between ISO8601 in spec text and RFC3339 in the ABNF, in favour of RFC3339 everywhere (as ultimately the goal is for the message to be layperson-readable). |
|
Updated the spec. Now date-time values are encoded as a string, which should be formatted as per RFC3339. Added a note on possible inclusion of milliseconds. Also, updated the example. Now it contains correct dates and issuer now is proper |
ukstv
changed the title
|
I was proposing to @oed a JSON-RPC method where a dapp can use a chain-agnostic interface to request a CACAO object by providing the payload params only and receiving a full object for CACAO with a header and a signature However I think that the type for message construction (eg. eip-4361) should be specified from the dapp side as well and this would require splitting how CACAO types are currently specified Essentially we now have two types:
From my POV the responsibility of defining message construction is of the Dapp and and defining signature verification if of the wallet.. so if we split these two types then we could have a much better API between the two The dapp requests a CACAO signature by providing a header and payload with type eip4361 and then the wallet can return the full CACAO object with a signature that includes the type eip191 or eip1271 |
|
So an example would be something like this? {
h: {
t: 'eip4361'
},
p: { ... }
s: {
m: {
t: 'eip191'
},
s: ...
}
}Or maybe assume signature always have a type? {
h: {
t: 'eip4361'
},
p: { ... }
s: {
t: 'eip191'
s: ...
}
} |
|
I'd assume signatures always have a type, to prevent ambiguity. Is it possible to include a compound object as the signature value? Specifically I've worked a little on a ZCAP-LD representation for CACAO with a linked data proof as the signature value (speculatively with type |
|
@oed correct, the second one would be the preferred one {
h: {
t: 'eip4361'
},
p: { ... }
s: {
t: 'eip191'
s: ...
}
} |
|
Discussed on today's call: draft will be updated to reflect split typing, if ready for review before next meeting we will tag reviewers from both implementing companies and an editor. |
|
Updated the spec for split typing, mentioning future registries for signatures and payloads. @chunningham what is the best way to link to your CACAO implementation? |
oed
left a comment
oed
left a comment
There was a problem hiding this comment.
Looks good, I have one requested change though.
|
I'm still working around some ipld issues. I just moved laptops but will upload the repo shortly. I've also noticed that nonce is an int in this model, while SIWE uses alphanumeric strings, is that an issue? |
|
@chunningham In the schema description, nonce is |
oed
left a comment
oed
left a comment
There was a problem hiding this comment.
Should be good to merge now 👍
|
I think I found a bug in the example: Shouldn't be this rather the following? Two things:
|
CAIPs/caip-draft_cacao.md
Outdated
| "iat": "2022-02-21T13:06:33.933+03:00", | ||
| "iss": "did:pkh:eip155:1:0xBAc675C310721717Cd4A37F6cbeA1F081b1C2a07", | ||
| "nbf": "2022-02-21T13:06:33.940+03:00", | ||
| "uri": "http://localhost:3000/login", |
There was a problem hiding this comment.
Shouldn't this be domain and if it is domain, we need only the authority part.
CAIPs/caip-draft_cacao.md
Outdated
| "t": "eip4361" | ||
| }, | ||
| "p": { | ||
| "aud": "http://localhost:3000", |
There was a problem hiding this comment.
Shouldn't this be the URI, in that case http://localhost:3000/login?
|
Nice catch @awoie! |
Co-authored-by: Charles E. Lehner <[email protected]>
Co-authored-by: Charles E. Lehner <[email protected]>
|
Thank you @awoie !! Changed the example to conform with the spec. |
8 participants
caip:
title: CACAO: Chain Agnostic CApability Object
author: Sergey Ukustov (@ukstv)
discussions-to: #74
status: Draft
type: Standard
created: 2021-11-01
updated: 2021-11-01
Simple Summary
Represent a chain-agnostic Object Capability (OCAP), created using EIP-4361 (or similar for other blockchains), as an IPLD object.
Abstract
In this document we define a way to present a result of EIP-4361 "Sign-in with Ethereum"
signing operation as an IPLD-based object capability (OCAP).
As we expect other blockchains to follow a path similar to Ethereum, CAIP seems to be the best place for such a proposal.
Motivation
"Sign-in with Ethereum" is a way for a user to authenticate into a service, and provide authorization. In essence, it is a signature of a well-formed payload, that can be read by a human as well as a machine.
We could see this as a stepping point for a rich capability-based authorization system.
In order to do this, we would like to have a standardized IPLD-based representation of the payload and the signature, that together comprise a capability.
Specification
Container format
We start construction with declaring a container format, that represents a signed payload.
It should contain meta-information, payload and signatures. For reference let's call such container CACAO.
We use IPLD schema language to describe the format.
Reminder, unless a field is marked
optional, it is mandatory.Header uniquely identifies the payload format:
For now, we expect this to be "eip4361" only. In the future, we anticipate creating a specialized registry for payload formats.
For "eip4361" the payload structure must be presented as follows:
It is important to note, that issuer here is did:pkh, which includes both blockchain address and blockchain network information.
Also, as per EIP-4361 "Sign-in with Ethereum" specificaction,
iat,nbf, andexpare encoded as RFC 3339date-time, which could include milliseconds precision.The signature in essence is just bytes, but we have to give a hint on how the signature verification should work.
At the moment, we limit the signature verification by two types:
eip191indicates that that signature is made by an Ethereum externally owned account (EOA),eip1271indicates that the signature is made by an Etereum contract account (like Gnosis Safe or Argent); the verification should be done according to EIP-1271.In the future, we anticipate creating a specialized registry for signature types.
This construction allows a dApp to uniformly request a SIWE signature regardless of the user's account nature. The user's wallet determines if it should use an EOA or a contract account.
Signature Verification
We reconstruct the EIP4361 payload as follows:
Signature verification goes according to
tinSignatureMeta:eip191: use EIP-191,eip1271: use EIP1271.Serialization
As a proper IPLD object, it can be deterministically serialized using CBOR into bytes.
Performance is almost as fast as vanilla JSON serialization. For transport purposes we propose that a CACAO is passed inside a base64url-serialized CAR file,
with root of the CAR file set to a tip of capability chain. Here and now we use CARv1 format, as CARv2 is still being worked on.
We propose, that all the necessary parent CACAOs are passed there as well. This way, even if a referenced CACAO is not yet available over IPFS, both consumer and presenter of CACAO still can access it.
Rationale
Backwards Compatibility
Not applicable.
Test Cases
Below you could find a CACAO, along with its serialized presentation in CAR file.
CACAO:
CACAO Serialized: base64url-encoded CARv1 file with the IPFS block of the CACAO above:
Links
Copyright
Copyright and related rights waived via CC0.