From ce0fc093f6a7671b79235cbb5f9fabea82d4a6c4 Mon Sep 17 00:00:00 2001 From: Brooklyn Zelenka Date: Tue, 26 Sep 2023 12:40:15 +0000 Subject: [PATCH] Include revocation --- design/README.md | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/design/README.md b/design/README.md index ef66fd8c..dd411fbb 100644 --- a/design/README.md +++ b/design/README.md @@ -83,24 +83,33 @@ sequenceDiagram participant AccountDID participant ServerRootDID participant JanServerDID + participant FebServerDID actor UserRootDID Note over AccountDID, UserRootDID: Earlier Server Setup ServerRootDID ->> JanServerDID: UcanDelegate(any) + ServerRootDID ->> FebServerDID: UcanDelegate(any) Note over AccountDID, UserRootDID: Account Creation UserRootDID ->>+ JanServerDID: newAccount(RootDID) JanServerDID ->>+ AccountDID: spawn_with_parent!(ServerRootDID) - AccountDID ->> ServerRootDID: UcanDelegate [Note: because parenthood] + AccountDID ->> ServerRootDID: UcanDelegate(Account) [Note: because parenthood] AccountDID -->> AccountDID: dropPrivateKey! ServerRootDID -->> JanServerDID: [recall that this UCAN delegation exists] - JanServerDID ->>- UserRootDID: UcanDelegate + JanServerDID ->>- UserRootDID: UcanDelegate(Account) Note over AccountDID, UserRootDID: Later Access UserRootDID ->>+ AccountDID: Invoke! AccountDID ->>- UserRootDID: Ok, done + + Note over AccountDID, UserRootDID: JanServerDID goes Byzantine + ServerRootDID -x JanServerDID: Revoke! + ServerRootDID -->> FebServerDID: [recall that this UCAN delegation exists] + FebServerDID ->> UserRootDID: UcanDelegate(Account) [Reissue] ``` +Note that in the revocation case, `RootServerDID` revokes all previous delegations affected by the Byzantine DID. This means that they "should" be re-issued, but the blast radius is contained. If more granularity is desired, the predelegation tree of server agents can be made deeper. + # Entities ```mermaid