ipfs
Document UCAN as one of Authorization options
:point_right: This is a good first issue if someone wants to open a PR – all you need it to update docs here.
They are JSON Web Tokens JWTs containing Decentralized Identity Documents secured by public key cryptography.
In practice, [pinning service] users can create their own keypair and register the DID with the [pinning service] UCAN service to get a UCAN token. The [pinning service] user is then free to create user UCAN tokens derived from their registered UCAN.
[..] these derived tokens can be used to limit end-users to upload either any data or data with a specific CID within a scoped time period. When a token is used, [pinning service] can validate it by looking at the chain of proofs used to derive a token, checking the cryptographic identity of each signer of the token.
Use of UCAN does not require any API changes, already existing Authorization Bearer HTTP header can be used for UCAN. We should document this in Authentication section at https://ipfs.github.io/pinning-services-api-spec/#section/Authentication
Reference / prior art:
- https://github.com/nftstorage/ucan.storage
- https://nft.storage/blog/post/2022-04-01-gateway-ucan-release/
- UCAN Distributed Auth
- UCAN: Authorizing Users Without a Back End
- User Controlled Authorization Networks (UCAN) Resources - Wiki - Fission Talk
- Spec
