Open
Conversation
Member
There was a problem hiding this comment.
was never a huge fan of the original ucan/attest plan.
I'm a little fuzzy on why it's not working ... would want @alanshaw 's input before we go forward
question: can't this be done from the delegation we have for the account for most spaces on the upload service?
IOW,
- we have a store of space/* to email, valid signature from the space key
- now we make a account email to gateway pub key, w/ space/content/serve, attested in the facts by the upload service
- this is exactly the flow we use for delegating between devices so I don't know why we'd not be able to do it.
essentially it's running the email validation flow but w/o the actual confirmation (don't love, but c'est l'vie)
Member
|
FWIW I think that the ucan/attest in the email flow is in the facts, not the direct chain |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
📖 Preview
This RFC proposes a simplified authorization mechanism for migrating legacy spaces to the new Storacha gateway infrastructure. Legacy spaces lack private keys, and we cannot create valid UCAN delegations, requiring a special authorization flow using
ucan/attest, but it fails. The proposal is that the gateway creates and signs delegations on behalf of legacy spaces, then trusts its own signatures without complex attestation validations.