@@ -62,7 +62,7 @@ See the [VSS API contract] for details.
6262
6363### Implementation
6464
65- Currently, VSS-server has a Rust-based implementation and is ready to use.
65+ VSS has a Rust-based implementation and is ready to use.
6666[ VSS-rust-client] is a Rust-based client with support for client-side encryption, key obfuscation, retry mechanisms, and
6767LNURL-auth.
6868VSS is also integrated with [ LDK-node] v0.4.x as alpha support.
@@ -72,11 +72,10 @@ VSS is also integrated with [LDK-node] v0.4.x as alpha support.
7272* ** Build & Deploy** : Refer to language-specific folder for instructions related to building and deploying VSS.
7373* ** Hosting** : VSS can either be self-hosted or deployed in the cloud. If a service provider is hosting VSS for multiple
7474 users, it must be configured with ** HTTPS** , ** Authentication/Authorization** , and ** rate-limiting** .
75- * ** Authentication and Authorization** : Currently, the VSS-server
76- supports [ JWT] ( https://datatracker.ietf.org/doc/html/rfc7519 ) -based authentication and authorization, and can run
77- without authentication for local testing or in trusted setups. The VSS-rust-client supports LNURL-auth & JWT based
78- authentication and authorization. Switching to simple HTTP header authentication is straightforward by adding another
79- implementation. Note that the security of authentication heavily relies on using HTTPS for all requests.
75+ * ** Authentication and Authorization** : VSS supports authentication via
76+ [ Proof-of-Private-Key-Knowledge] ( #Authentication ) or [ JWT] ( https://datatracker.ietf.org/doc/html/rfc7519 ) .
77+ The API also offers hooks for simple HTTP header-based authentication. Note that the security of authentication
78+ heavily relies on using HTTPS for all requests.
8079* ** Scaling** : VSS itself is stateless and can be horizontally scaled easily. VSS can be configured to point to a
8180 PostgreSQL cluster, and further scaling considerations need to be addressed in the PostgreSQL cluster.
8281* ** Using with LDK-node** : [ LDK-node] can be easily configured to run with VSS as primary storage. It is integrated in
@@ -96,6 +95,21 @@ VSS is also integrated with [LDK-node] v0.4.x as alpha support.
9695 the [VSS - rust- client] directly for this purpose. This can help provide a complete user data recovery solution for
9796 applications, as well as enable turn- key multi- device support in the future.
9897
98+ ### Authentication
99+
100+ By default, VSS uses a simple authentication scheme whereby each client must provide a valid signature for a
101+ client- specified public key. The public key identifies the storage that belongs to the client. This scheme does
102+ not impose * * any** restrictions on who can interact with VSS ; it * * only ** ensures that each client can only
103+ access * their own * storage . Therefore , this scheme * * must ** be paired with a network - level gatekeeper to prevent
104+ unauthorized interactions with VSS .
105+
106+ The other option offered is JWT authentication . This form of authentication validates whether a client should
107+ be given access to VSS , * and * which storage the client has access to . VSS only implements the verification half of this
108+ scheme , and users must provide their own JWT issuance service if this solution is chosen .
109+
110+ Finally , there is an option to completely disable all forms of authentication to VSS . This option should * only * be
111+ used in local development and testing .
112+
99113### Summary
100114
101115In summary , VSS is an open - source project that offers a server - side cloud storage solution for non - custodial Lightning
0 commit comments