dwn-sdk-js icon indicating copy to clipboard operation
dwn-sdk-js copied to clipboard

Published 20 hours ago verified publisher icon decentralized-identity

Reduce complexity and increase privacy by retooling variable locations/values

Open csuwildcat opened this issue 3 years ago • 0 comments

To ensure contacts/relationship information is not leaked to unprivileged querying callers, retool the message structure and contextual/ID logic to incorporate the following:

{ // message
  PROCESSING: {
    nonce: "12345675344578547565332537545587978",
    recipients: [Bob],
    descriptorCid: "QmbWqxBEKC3P8tqsKc98xmWNzrzDtRLMiMPL8wBuTGsMnz"
  },
  AUTHZ: {
    author: Alice,
    target: Carol   // If not present, implied storeAt/target can be Alice
  }
}
  1. Remove target/recipient from descriptor, to avoid contact leakage.
  2. Move target to AUTHZ
    • To enable storage in different destinations without touching the descriptor.
    • Computed message/canonical ID remains the same even if AUTHZ is a different JWS.
  3. Consider making context/canonical ID the CID of the PROCESSING object.
  4. Nonce in PROCESSING protects against iterability of the author and the recipient(s) by outside querying parties who are given the contextId

csuwildcat avatar Oct 26 '22 16:10 csuwildcat