ockam
ockam copied to clipboard
build-trust
Change `ockam identity` commands to support multiple identities.
Currently:
ockam node create n1
creates a default identity for the newly created node
we can see it with
» ockam identity show --node n1
P7dc502c795201c2d816749ea45ff51a416dce16ef0fe1b65ab4a642899e3b4d8
Even thought we have an identity create command SHOW_HIDDEN ockam identity create --help
We can't create a new identity because a node configuration can currently only have one identity.
» ockam identity create --node n1
encountered an error in command handler code
We have to modify NodeManager and its configuration here to support multiple identities https://github.com/build-trust/ockam/blob/83db24993f74af23adcee23228fdc10d3bb1fe68/implementations/rust/ockam/ockam_api/src/nodes/config.rs#L6-L15
The code for the identity commands is here https://github.com/build-trust/ockam/tree/6093f3a77869738fb4417f5093e5fc7d00acdf8c/implementations/rust/ockam/ockam_command/src/identity
The code for identity apis that identity commands call are here https://github.com/build-trust/ockam/blob/0c5a39891eddec31056b7838d9efac50d287185c/implementations/rust/ockam/ockam_api/src/nodes/service/identity.rs#L14
Once we have the ability to have multiple identities, we'll need other commands like identity show | list
- What is the reasoning behind multiple identities?
- Is it for multiple services (other nodes) to talk to the same node with their own unique ID?
- Can
Vec<Vec<u8>>be used for storing multiple identities? Is there a better way to store them? - How can identity be overridden? I couldn't find the command to do so.
@anuvratsingh thank you for looking into this.
What is the reasoning behind multiple identities?
The underlying ockam library supports the idea of a node/application using different identities in different privacy and authorization contexts. But we haven't surfaced that in ockam command yet. So I may communicate with remote service 1 using identity 1 and with remote service 2 using identity 2.
Can Vec<Vec
> be used for storing multiple identities? Is there a better way to store them?
@SanjoDeundiak may be the best person to add some context here. The private information (like keys) of identities live in vaults. So we'll have to tackle that.
How can identity be overridden? I couldn't find the command to do so.
We'll need new options in various commands to indicate the --identity and the --vault
And maybe some new commands to create a pointer that points to the default identity and default vault of a node.
@anuvratsingh I think Vec<VecNodeManConfig, note that NodeManConfig is the format for NodeManager persistence. So, NodeManager fields should now instead of storing one Identity, switch to multiple identities, I would consider Map<IdentityIdentifier, Identity> + default IdentityIdentifier to indicate which one to use if no argument is provided to a command.
Identity override is a mechanism using which newly created node instance can gain default identity that is shared among other nodes on the same machine for sake of simplification for running demos.
I would start that task with improving ockam identity create command, so it could add new identity if there was already one present in that node.
So I've create draft PR #3837
I'm not sure how to handle the default node Identity so for now I just use first Identity as a default and cache it's Identifier.
One thing I'm not sure how should be handled is the IdentityOverride could you please elaborate a bit more about that?
And if you could take a look and let me know if I'm going in the right direction that would be much appreciated.
@adrianbenavides with your comment in #3837 I take it that his issue will be closed as well as it is not wanted anymore?
@adrianbenavides with your comment in #3837 I take it that his issue will be closed as well as it is not wanted anymore?
That's right, thanks for the heads up @vildapavlicek !
