Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vault Sharing With GestaltId #30

Open
addievo opened this issue Oct 18, 2023 · 16 comments
Open

Vault Sharing With GestaltId #30

addievo opened this issue Oct 18, 2023 · 16 comments
Labels
development Standard development r&d:polykey:core activity 1 Secret Vault Sharing and Secret History Management r&d:polykey:core activity 3 Peer to Peer Federated Hierarchy

Comments

@addievo
Copy link
Contributor

addievo commented Oct 18, 2023

Specification

A user should be able to use a node id, OR an identity to be able to share a vault, currently vaults can be shared only with node ID's, however, sharing with identities is a crucial part of Polykey.

The desired behaviour should be that sharing a vault with a nodeId shares the vault with the entire gestalt. This is because Gestalts are addressable by both nodeIds and identityProviderIds. Furthermore, the VaultShare handlers should also be able to accept identityProviderIds as well, and take the first discovered node of the identity to trust.

There are some implications regarding discovery. For example, in the case where node B trusts node A, and hence gestalt A, but node C joins gestalt A after this, so that node B does not know that node C is in gestalt A yet.

Untitled-2023-10-23-0424 excalidraw(4)

Additional Context

There is existing discussion about how to do this in Polykey: MatrixAI/Polykey#626. This CLI issue is derived from that.

Tasks

  1. Enable sharing of vault with gestalt ID.
  2. Allow for nodes from the same trusted gestalt to clone/pull a vault
  3. When a vault is shared with a gestalt, implement notifications for all nodes of that gestalt
  4. Update discovery mechanism when vault pull is called.
@addievo addievo added the development Standard development label Oct 18, 2023
@addievo
Copy link
Contributor Author

addievo commented Oct 18, 2023

Currently proposed way of achieving this :

  1. Use identity list to acquire all the nodeIDs associated with an identity.
  2. Iterate and share vault with all nodeIDs.

@CMCDragonkai
Copy link
Member

Without this, the user has to copy paste the node ID after listing the nodes of a gestalt.

With this, it should be possible to just directly pass in ProviderId:UserId as the target of sharing, and it would share it with ALL the nodes in the gestalt.

@CMCDragonkai
Copy link
Member

More testing for the social discovery is needed, I don't think we have robust testing of the entire loop between social discovery and gestalt expansion or contraction.

@CMCDragonkai
Copy link
Member

I think we should get this at the very least before re-running the CLI demo after #551 is merged.

@CMCDragonkai CMCDragonkai changed the title Vault Sharing should be possible with a gestalt ID. Vault Sharing should be possible with a Gestalt Identity ID Oct 23, 2023
@amydevs
Copy link
Contributor

amydevs commented Oct 26, 2023

Currently proposed way of achieving this :

1. Use `identity list` to acquire all the nodeIDs associated with an identity.

2. Iterate and share vault with all nodeIDs.

IMO, this should be done in the ACL rather than like this, so that any node that joins a Gestalt automatically gains the permissions of the Gestalt

@CMCDragonkai
Copy link
Member

That should already be true. But the social discovery system needs integration testing and/or simulation testing.

@amydevs
Copy link
Contributor

amydevs commented Oct 26, 2023

There

That should already be true. But the social discovery system needs integration testing and/or simulation testing.

Idk if i see anything in acl.ts that handles permissions to nodes for gestalts. Or anything that means if you share with one node, u share with all nodes in the gestalt

@CMCDragonkai
Copy link
Member

It should be in the gestalt graph too. Check that.

@CMCDragonkai
Copy link
Member

This should work like this:

# using a gestalt ID
pk vaults share myvault github.com:cmcdragonkai
# using a node ID (which is still a gestalt ID)
pk vaults share myvault vm27fr...

Both provider and identity and node id are all valid gestalt IDs, so that should be supported.

@amydevs
Copy link
Contributor

amydevs commented Nov 9, 2023

image

@CMCDragonkai
Copy link
Member

What does this picture mean?

@CMCDragonkai
Copy link
Member

You need to check the ACL and the GestaltGraph for if the permission union.

@CMCDragonkai
Copy link
Member

CMCDragonkai commented Nov 9, 2023

We need to think about this in 2 dimensions:

  1. Sharing a vault between nodes in the same gestalt.
  2. Sharing a vault between gestalts.

In the second case, it does make sense to share to the whole other gestalt.

In the first case, this would create a bit a weird UX, where sharing a vault to another node that you own, would send notifications to all the nodes in the gestalt.

There's no gestalt synchronisation atm MatrixAI/Polykey#190.

So in terms of achieving this, we may need to distinguish if it is shared to your own gestalt. If so, it should not send notifications to all the nodes in the gestalt. However it could still open it up to be pulled by other nodes in the same gestalt.

Alternatively vaults across all nodes in the same gestalt can be pulled freely between each other by default. Then if you were to try share it your own node in your own gestalt, then it would just do nothing. No notifications are sent. It's a noop.

I think we do the highlighted.

@CMCDragonkai
Copy link
Member

@amydevs if you're working on this, make sure to start speccing out the tasks.

@CMCDragonkai
Copy link
Member

Refer to MatrixAI/Polykey#626 for additional information on this, and work to be done on both PK and PK CLI should be attached to this issue.

@tegefaulkes
Copy link
Contributor

Moving this to todo since it's not actively worked on.

@CMCDragonkai CMCDragonkai added r&d:polykey:core activity 1 Secret Vault Sharing and Secret History Management r&d:polykey:core activity 3 Peer to Peer Federated Hierarchy labels Aug 13, 2024
@CMCDragonkai CMCDragonkai changed the title Vault Sharing should be possible with a Gestalt Identity ID Vault Sharing With GestaltId Aug 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
development Standard development r&d:polykey:core activity 1 Secret Vault Sharing and Secret History Management r&d:polykey:core activity 3 Peer to Peer Federated Hierarchy
Development

No branches or pull requests

4 participants