@@ -72,11 +72,9 @@ VSS is also integrated with [LDK-node] v0.4.x as alpha support.
7272* ** Build & Deploy** : Refer to language-specific folder for instructions related to building and deploying VSS.
7373* ** Hosting** : VSS can either be self-hosted or deployed in the cloud. If a service provider is hosting VSS for multiple
7474 users, it must be configured with ** HTTPS** , ** Authentication/Authorization** , and ** rate-limiting** .
75- * ** Authentication and Authorization** : Currently, the VSS-server
76- supports [ JWT] ( https://datatracker.ietf.org/doc/html/rfc7519 ) -based authentication and authorization, and can run
77- without authentication for local testing or in trusted setups. The VSS-rust-client supports LNURL-auth & JWT based
78- authentication and authorization. Switching to simple HTTP header authentication is straightforward by adding another
79- implementation. Note that the security of authentication heavily relies on using HTTPS for all requests.
75+ * ** Authentication and Authorization** : Currently, the VSS-server supports authentication via Proof-of-Knowledge
76+ or [ JWT] ( https://datatracker.ietf.org/doc/html/rfc7519 ) . The API also offers hooks for simple HTTP header
77+ authentication. Note that the security of authentication heavily relies on using HTTPS for all requests.
8078* ** Scaling** : VSS itself is stateless and can be horizontally scaled easily. VSS can be configured to point to a
8179 PostgreSQL cluster, and further scaling considerations need to be addressed in the PostgreSQL cluster.
8280* ** Using with LDK-node** : [ LDK-node] can be easily configured to run with VSS as primary storage. It is integrated in
@@ -96,6 +94,21 @@ VSS is also integrated with [LDK-node] v0.4.x as alpha support.
9694 the [VSS - rust- client] directly for this purpose. This can help provide a complete user data recovery solution for
9795 applications, as well as enable turn- key multi- device support in the future.
9896
97+ ### Authentication
98+
99+ By default, VSS uses a simple authentication scheme whereby each client must provide a valid signature for a
100+ client- specified public key. The public key identifies the storage that belongs to the client. This scheme does
101+ not impose * * any** restrictions on who can interact with VSS ; it * * only ** ensures that each client can only
102+ access * their own * storage . Therefore , this scheme * * must ** be paired with a network - level gatekeeper to prevent
103+ unauthorized interactions with VSS .
104+
105+ The other option offered is JWT authentication . This form of authentication validates whether a client should
106+ be given access to VSS , * and * which storage the client has access to . VSS only implements the verification half of this
107+ scheme , and users must provide their own JWT issuance service if this solution is chosen .
108+
109+ Finally , there is an option to completely disable all forms of authentication to VSS . This option should * only * be
110+ used in local development and testing .
111+
99112### Summary
100113
101114In summary , VSS is an open - source project that offers a server - side cloud storage solution for non - custodial Lightning
0 commit comments