-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support ucan/attest issued by did:mailto principal #325
Comments
It is worth calling out that direction new UCAN spec is headed would make this non issue because they remove proofs from the delegation and consequently it if you had |
This is the code that currently assesses whether delegation issued by did:mailto is valid ucanto/packages/validator/src/lib.js Lines 544 to 560 in 43ea497
I think we could extend that function to also check this claim const attestation = capability({
with: Schema.literal(delegation.issuer.did()),
can: 'ucan/attest',
nb: Schema.struct({
proof: Schema.link(delegation.cid),
}),
}) We will need to be extra careful so that we only allow
|
In the current implementation we assume that
ucan/attest
is issued by the principal doing validation. And becauseucan/attest
is tied to specific delegation it introduces unnecessary loops where agent that did:mailto delegated capabilities needs ask re-request service to attest delegations every timedid:mailto
gets delegation even if it is covered by first attestation.We can avoid this complication if such agent could arrange delegations on it's own as long as it has been delegated
ucan/attest
capability by thedid:mailto
principal.The text was updated successfully, but these errors were encountered: