Add option of including context information in construction of UN

[jot2re]

trafficstars

Currently a UN can be used multiple times within its validity. This is a feature that allows it to be used repeatedly in short sessions without needing the user to sign a new UN. However, this can also be a security risk in some contexts. This task is about allowing an optional extra parameter to be used in the cryptographic process of constructing a UN, which can be used to link the UN to a specific context, which can also locally be verified by a verifier.

[SmartLayer]

Unclear. Do you mean the UN should contain the hash of the current website domain or URL?

[jot2re]

This is more a "nice to have". I talked with @oleggrib about this, and currently a UN can be reused during its entire validity. We discussed that this is generally not the functionality we actually want. We generally want it to just work a single time. However, this does not seem to currently be a big security issue.

[oleggrib]

@jot2re , Current UN limited by:

• TTL
• domain

in most cases UN will be used in useEthKey object inside website session. So we can replace domain with session nonce and use UN as is. If no session then we can use domain, not nonce. But websites, who can allow access to something or sell something with discount use cookie-sessions to stay user cart, auth, etc syncronized., so we can get nonce and pass it to UN instead domain, because domain is just string.

[jot2re]

Yes, it is a nice "hack" of how to do it. Because basically it is all a question of optionally adding an extra parameter which gets hashed, but since the domain is already getting hashed, this can be done implicitly through the domain string. But it is a bit more pretty and easier to read/understand using parametrisation.

[oleggrib]

But it is a bit more pretty and easier to read/understand using parametrisation.

If single param enough for use then we can rename domain to nonce and sometime pass session nonce, sometime domain