RFC: Optional dotNsIdentifier and permissioned external-account access#245
RFC: Optional dotNsIdentifier and permissioned external-account access#245valentinfernandez1 wants to merge 2 commits into
Conversation
Drop dotNsIdentifier from the seven local account, signing, and statement-store request bodies, callers pass only derivationIndex and the host resolves the caller's own domain.
|
Keeping as draft for now as this is a big breaking change and we need to settle on the best versioning strategy for this |
|
The Hard NO from my side |
|
Thanks for the feedback @valentunn, I was not aware of this requirement since in general we want per product isolation. Still part of my design still applies, I invite you to read though the issue as this is not necessarily removing it but rather removing it from these calls and creating explicit permissioned calls for products that want to access the user's account in another product. So if a product wants to access an account that is not from its on product it must be first explicitly be granted permission by the user |
|
I will refactor this draft though as I realized that there is a simpler way to approach this by keeping the |
|
Refactoring is done, I have also updated the title and description of this Draft to reflect the updated behavior |
Summary
The account, signing, and statement-store calls that operate on a product account take a
ProductAccountId { dotNsIdentifier, derivationIndex }, anddotNsIdentifieris optional.authenticated caller, so the common case only needs a
derivationIndex.new
ExternalAccountremote permission. LikeChainSubmitandStatementSubmit, it is triggeredimplicitly the first time a product makes such a call, and the host accepts or rejects based on the
grant.