10
45
Fork
You've already forked doipjs
28

Add markers to better match claims to service providers #44

Closed
opened 2023年03月30日 12:09:34 +02:00 by yarmo · 2 comments
Owner
Copy link

Overview

I wish to introduce a new mechanic for matching claims to service providers. With my proposal, service providers are able specify so-called markers which are used as additional tests before attempting to verify a claim. For now, markers are only HTTP endpoints and can only be tested for their existence — or lack of.

Rationale

Currently, when an identity claim is parsed, it is matched to candidate service providers before attempting to verify the claim. This matching is done solely based on the URI of the claim.

Some service providers are not ambiguous: IRC claims always start with irc:, lichess claims will always use the lichess.org domain.

Most service providers are ambiguous: https://domain.org/username/post could refer to a forem account, a forgejo/gitea account, an owncast instance...

Currently, doip-js simply attempts each of these service providers until one is able to verify the claim.

This worked fine until gitea was forked and forgejo was created. Due to their identical roots, both gitea and forgejo use the same verification mechanism and are thus indistinguishable from doip-js point of view. Other projects and their forks will experience a similar issue.

Markers are one way of solving this issue. This proposal would add a marker to the forgejo service provider that the gitea service provider does not have: the /api/forgejo/v1/version HTTP endpoint.

Note: for this to work, it is important that forgejo gets attempted BEFORE gitea, since gitea does not have a marker that forgejo does not have. doip-js does this.

Execution

This proposal would see the markers property being added to all service provider configs. An example would look as such:

 {
 ...
 markers: [
 {
 request: {
 fetcher: E.Fetcher.HTTP,
 access: E.ProofAccess.NOCORS,
 format: E.ProofFormat.JSON,
 data: {
 url: `https://${match[1]}/api/forgejo/v1/version`,
 format: E.ProofFormat.JSON
 }
 },
 test: {
 type: E.MarkerTestType.HTTP_ENDPOINT_MUST_EXIST,
 inverse: false
 }
 }
 ],
 ...
 }

A marker is an object with two properties: request and test.

The request property follows the same rules as the proof.request property so that we can use the same "direct/proxy" HTTP request logic.

The test property will explain how to test the requested resource. In this proposal, test has two properties: type (a predefined list of tests) and inverse (whether the expected result should be positive or negative).

Example test types could be:

  • HTTP_ENDPOINT_MUST_EXIST: if HTTP status < 400, consider this test validated
  • JSON_MUST_CONTAIN: if a specified property of the resulting JSON body contains a specified value, consider this test validated

Example

Thanks to markers, doip-js will be perfectly able to handle the following two scenarios.

Scenario 1: a forgejo claim is asked to be verified. It gets matched to both forgejo and gitea. Forgejo is attempted. doip-js finds that the /api/forgejo/v1/version endpoint exists and continues. It attempts the actual verification which succeeds. This claim is now a verified forgejo account.

Scenario 2: a gitea claim is asked to be verified. It gets matched to both forgejo and gitea. Forgejo is attempted. doip-js finds that the /api/forgejo/v1/version endpoint does not exist and skips forgejo. Gitea is attempted. It attempts the actual verification which succeeds. This claim is now a verified gitea account.

Note: in scenario 1, the gitea service provider is never even attempted, preventing this gitea verification — which would succeed! — to "confuse" doip-js.

Todo

  • Improve this issue (more examples, explain better the various mandatory and optional properties)
## Overview I wish to introduce a new mechanic for matching claims to service providers. With my proposal, service providers are able specify so-called markers which are used as additional tests before attempting to verify a claim. For now, markers are only HTTP endpoints and can only be tested for their existence — or lack of. ## Rationale Currently, when an identity claim is parsed, it is matched to candidate service providers before attempting to verify the claim. This matching is done solely based on the URI of the claim. Some service providers are not ambiguous: IRC claims always start with `irc:`, lichess claims will always use the `lichess.org` domain. Most service providers are ambiguous: `https://domain.org/username/post` could refer to a forem account, a forgejo/gitea account, an owncast instance... Currently, doip-js simply attempts each of these service providers until one is able to verify the claim. This worked fine until gitea was forked and forgejo was created. Due to their identical roots, both gitea and forgejo use the same verification mechanism and are thus indistinguishable from doip-js point of view. Other projects and their forks will experience a similar issue. Markers are one way of solving this issue. This proposal would add a marker to the forgejo service provider that the gitea service provider does not have: the `/api/forgejo/v1/version` HTTP endpoint. Note: for this to work, it is important that forgejo gets attempted BEFORE gitea, since gitea does not have a marker that forgejo does not have. doip-js does this. ## Execution This proposal would see the `markers` property being added to all service provider configs. An example would look as such: ```json { ... markers: [ { request: { fetcher: E.Fetcher.HTTP, access: E.ProofAccess.NOCORS, format: E.ProofFormat.JSON, data: { url: `https://${match[1]}/api/forgejo/v1/version`, format: E.ProofFormat.JSON } }, test: { type: E.MarkerTestType.HTTP_ENDPOINT_MUST_EXIST, inverse: false } } ], ... } ``` A marker is an object with two properties: `request` and `test`. The `request` property follows the same rules as the `proof.request` property so that we can use the same "direct/proxy" HTTP request logic. The `test` property will explain how to test the requested resource. In this proposal, `test` has two properties: `type` (a predefined list of tests) and `inverse` (whether the expected result should be positive or negative). Example test types could be: - `HTTP_ENDPOINT_MUST_EXIST`: if HTTP status < 400, consider this test validated - `JSON_MUST_CONTAIN`: if a specified property of the resulting JSON body contains a specified value, consider this test validated ## Example Thanks to markers, doip-js will be perfectly able to handle the following two scenarios. Scenario 1: a forgejo claim is asked to be verified. It gets matched to both forgejo and gitea. Forgejo is attempted. doip-js finds that the `/api/forgejo/v1/version` endpoint exists and continues. It attempts the actual verification which succeeds. This claim is now a verified forgejo account. Scenario 2: a gitea claim is asked to be verified. It gets matched to both forgejo and gitea. Forgejo is attempted. doip-js finds that the `/api/forgejo/v1/version` endpoint does not exist and skips forgejo. Gitea is attempted. It attempts the actual verification which succeeds. This claim is now a verified gitea account. Note: in scenario 1, the gitea service provider is never even attempted, preventing this gitea verification — which would succeed! — to "confuse" doip-js. ## Todo - [ ] Improve this issue (more examples, explain better the various mandatory and optional properties)
Contributor
Copy link

I've been bumping up against this myself when fiddling with the project. My current thought is that this approach, while functional, still leaves us guessing as to what a particular URI is, just with more educated guesses. I'd rather see the claims themselves be upgraded to have the user specify what exactly the claim is for: Owncast, ActivityPub, etc. This would necessitate a newer version of claims -- which would in turn likely be a major version bump to doipjs to handle the fact that the value is no longer "just a URI" -- and perhaps the marker system can stick around for claims that aren't migrated, but I prefer an approach where the claim itself is explicit about which service provider it is targeting.

That being said, I'm definitely still open to being convinced otherwise. I've just noticed the same pain point as I've dug through the code, where we're keeping intermediate state hanging around while we figure out which provider is the right one.

I've been bumping up against this myself when fiddling with the project. My current thought is that this approach, while functional, still leaves us guessing as to what a particular URI is, just with more educated guesses. I'd rather see the claims themselves be upgraded to have the user specify what exactly the claim is for: Owncast, ActivityPub, etc. This would necessitate a newer version of claims -- which would in turn likely be a major version bump to doipjs to handle the fact that the value is no longer "just a URI" -- and perhaps the marker system can stick around for claims that aren't migrated, but I prefer an approach where the claim itself is explicit about which service provider it is targeting. That being said, I'm definitely still open to being convinced otherwise. I've just noticed the same pain point as I've dug through the code, where we're keeping intermediate state hanging around while we figure out which provider is the right one.
Author
Owner
Copy link

You're right and indeed, someone in the matrix channel has been making progress using Data URLs to make fully specific identity claims.

As you said, markers are more educated guesses but guesses nonetheless. This issue should be closed and the data URLs investigated and implemented.

I don't believe an actual issue was created yet around the "data URL as claim" concept, I'll ask the person to do so.

You're right and indeed, someone in the matrix channel has been making progress using [Data URLs](https://developer.mozilla.org/en-US/docs/web/http/basics_of_http/data_urls) to make fully specific identity claims. As you said, markers are more educated guesses but guesses nonetheless. This issue should be closed and the data URLs investigated and implemented. I don't believe an actual issue was created yet around the "data URL as claim" concept, I'll ask the person to do so.
Sign in to join this conversation.
No Branch/Tag specified
main
dev
fix-irc-fetcher
new-claim-eveonline-143
prepare-new-release
fix-jsdoc-types
yarn-to-npm
support-openpgp-aspe-claims
support-html-alias
improve-activitypub-support
v1-restructure
into-es-module
support-aspe
fix-js-lsp-issues
improve-linting
add-markers
support-opencollective-claim
support-entity-decoding
use-rome-tools
support-cloudflare-buster
support-fediverse-posts
matrix-room-verification
2.1.0
2.1.0-rc.3
2.1.0-rc.2
2.1.0-rc.1
2.0.1
2.0.0
2.0.0-rc.1
1.2.9
1.2.8
1.2.7
1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.1.1
1.1.0
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0
v0.19.1-alpha.0
0.19.0
0.18.3
0.18.2
0.18.1
0.18.0
0.17.5
0.17.4
0.17.3
0.17.2
0.17.1
0.17.0
0.16.4
0.16.3
0.16.2
0.16.1
0.16.0
0.15.7
0.15.6
0.15.5
0.15.4
0.15.3
0.15.2
0.15.1
0.15.0
0.14.0
0.13.0
0.12.9
0.12.8
0.12.7
0.12.6
0.12.5
0.12.4
0.12.3
0.12.2
0.12.1
0.12.0
0.11.2
0.11.1
0.11.0
0.10.5
0.10.4
0.10.3
0.10.2
0.10.1
0.10.0
0.9.4
0.9.3
0.9.2
0.9.1
0.9.0
0.8.5
0.8.4
0.8.3
0.8.1
0.7.4
0.7.3
0.7.2
0.7.1
0.7.0
0.6.0
0.5.1
0.5.0
0.4.2
0.4.1
0.4.0
0.3.0
0.2.0
Labels
Clear labels
bug
Something is not working

Archived

enhancement
New feature

Archived

Contribution welcome
Get started contributing here
Good first issue
Good if you are new to the project or to open source contributions
Impact
External
Affects the people using the project
Impact
Internal
Affects on the people working on the project
Priority
Critical
Work on right now
Priority
High
Work on at earliest convenience
Priority
Low
Work on in spare time
Priority
Medium
Work on regularly
Review
Duplicate
Already exists
Review
Off Topic
Does not fall within the scope of the repo/project
Status
Backlog
Is not being worked on yet
Status
Blocked
Is waiting on something or someone
Status
Completed
Is done
Status
In Progress
Is being worked on
Status
Investigating
Is waiting on research or questions
Status
Needs Decision
Is waiting on a decision by the devs/contributors
Status
Needs Info
Is waiting on additional information before it can be solved
Status
Needs Triage
Is new issue that needs reviewing
Status
Testing
Is being checked and verified
Status
Waiting For Review
Is waiting on reviewers to approve
Status
Won't Fix
Won't be fixed
Type
Bug
Related to something not working as intended
Type
CI
Related to continuous integration
Type
Documentation
Related to documentation
Type
Enhancement
Related to a new feature or an improved one
Type
New Claim
Related to a new identity claim/proof
Type
Security
Related to security
Type
Tests
Related to code tests
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
keyoxide/doipjs#44
Reference in a new issue
keyoxide/doipjs
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?