The following encompass the initial set of modifications to the browser the DID initiative needs to maximize the value of DID technology for users across platforms and devices.
The browser should provide a robust API that allows user-selected apps, origins, or entities to register handlers and hooks for custom protocols (most notably for this work: register as a handler for the did:
, hub:
, and ipfs:
protocols). This includes the following min-bar features:
- Registration of custom protocol handlers (for our needs:
did:
,hub:
, andipfs:
) - Ability for the user to designate an app, origin, or entity as the default handler, or exclusive handler, for a particular protocol
- Access to all forms of requests, interactions, invocations related to use of protocol
- Notably: observation and interdiction of
fetch()
requests,src
/href
resolutions, etc.
- Notably: observation and interdiction of
For examples of the type of hooks we seek, the closest thing in the platform currently is the Web Extension webRequest
interface, which provides many of the interdiction points we would need for robust protocol handling: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webRequest
Additionally, there is a parallel desire/proposal from the Distributed Web group of browser vendor representatives to add this type of API: https://arewedistributedyet.com/programmable-custom-protocol-handlers/
Modify origin scoping and handling components of the browser to recognize different DIDs as distinct origins, and apply the same separation and protections afforded to top-level DNS origins: https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy
A similar need has been expressed by the Distributed Web group of browser vendor representatives: https://arewedistributedyet.com/control-origin-security-context/
Update the Web's Content Security Policy declarations and APIs to include recognition of DID origins, and add a set of additional features:
- Modify the
connect-src
directive to allow passage of a single DID, which all request and execution interfaces are limited to.
DIDs and DID-based apps need a way to request permissions from the DID owner they are interacting with. We need an interface that allows the calling DID to request permissioned access to the target DID's personal datastore. The following is a strawman example to provide a rough idea of what is needed:
Property | Value | Description |
---|---|---|
PROPS.did |
String | OPTIONAL - A specific DID string to request permissions against. (by default it allows the user to select whatever DID they wish to grant permissions against) |
PROPS.keyFunctions |
Object | Functions required for signing and communicating the permission request to the DID owner's Hub. |
PROPS.permissions |
Array | An array of DIF Identity Hub Permissions descriptor objects. |
The request should return a Promise, with the following then
/catch
profile:
A PermissionGrant
object provides details about the permission grant, including:
Property | Value | Description |
---|---|---|
GRANT.did |
string | The DID a grant was permissioned for. |
GRANT.permissions |
Array | An array of the permissions that were granted - which may not have been all the permissions requested. |
A PermissionGrant
object provides details about the permission grant, including:
Property | Value | Description |
---|---|---|
ERROR.type |
string | Either a generic error, or a string signifying permission denial. |
ERROR.reason |
string | The reason for permission denial. |
ERROR.blocked |
boolean | An indication that the user will not accept further permission requests via ad hoc attempts by the requesting DID. |
Service Workers should, in accordance with the Origin modifications described above, be augmented to allow a DID to register a Service Worker that communicates with the DID owner's User Agent to handle and cache DID-related requests/data as it would regular HTTP/DNS-based requests.
DIDs and origins should be able to request identity data/information from the user, and need a way to invoke such a request. This could be facilitated via the following strawman interface:
Property | Value | Description |
---|---|---|
ProofSet |
OBject | DIF-specified proof object that describes a set of data, information, or other proofs that the requesting entity would like the user to provide in response. |
The request should return a Promise, with a successful resolution regardless of the outcome of acceptance by the DID owner of any one (or more) permissions. Upon successful resolution the Promise value should be an object that contains two properties:
Property | Value | Description |
---|---|---|
RESOLVED.granted |
Array | An array of the permissions that were granted from the requested set. |
RESOLVED.denied |
Array | An array of the permissions that were denied from the requested set. |
Unlike apps of today, the combination of the DID layer's technical components make a new 'Personal App' paradigm possible: developers can create apps that store their data in a user's personal datastore, instead of a centralized application server. Additionally, for apps with compatible requirements (e.g. to-do list), a developer could write a truly serverless app where they only write clientside code and interact with the user's personal datastore, without any backend code at all. This latter variant is something of a Holy Grail for developers, which many would welcome.
DID-based apps are based on the following differences from traditional Progressive Web App model:
- Instead of a DNS origin being the source of an app, an app developer creates a DID that represents their app, which is treated as a distinct origin.
- Unlike a PWA install with client/local-centric permissions, the user's agent application (which could be the browser or an external app) signs a permission that allows the DID-based app to access various interfaces of the user's personal datastore.
Currently the App Manifest expects a DNS origin as the source of the application. We need this modded to recognize a DID as the application source, and ensure that the code passed to the client representing that DID-based app is signed by the DID it claims to be from.
DID-based apps are essentially a bundle of code signed by a DID the user has permitted to access certain features of a DID they own. To ensure that the code is safe and executed properly, the browser should perform the following actions:
- Ensure that the code bundle is signed by the DID it claims to be from
- Provide a means for the user's DID User Agent to handle various protocol-specific requests (via its protocol handler hooks) that are raised from the app's running code. For example: ability to view responses for local caching of data.