A presentation at Coding Earth #1 by Brooklyn Zelenka
AUTHORIZING USERS WITHOUT A BACKEND …AND UCAN TOO 😉
AU T H O R I Z I N G U S E R S W I T H O U T A BAC K E N D B R O O K LY N Z E L E N K A , @ e x p e d e
AU T H O R I Z I N G U S E R S W I T H O U T A BAC K E N D B R O O K LY N Z E L E N K A , @ e x p e d e • Cofounder/CTO at Fission • https://fission.codes • PLT & VMs • Previously an Ethereum Core Dev • EIPs 615, 902, 1066, 1444 • ECIP 1050 • VanFP, Code & Coffee YVR • Witchcraft, Algae, Exceptional, & others
W E H AV E S T I C K E R S !
W E H AV E S T I C K E R S ! PING ME AND WE’LL MAIL SOME
SOME BACKGROUND CONTEXT
SOME BACKGROUND CONTEXT W H AT S E T O F P R O B L E M S I S F I S S I O N S O LV I N G ?
SOME BACKGROUND CONTEXT S H I P P I N G A W E B A P P I N 2 0 2 0 I S TO O H A R D ! Backends DevOps • Multi-tenant • Expensive & complex • Increasingly sharded • Very much its specialty • Highly concurrent • We’re close to peak Kubernetes • Data leaks everywhere 😱 • ACL complexity & GDPR
SOME BACKGROUND CONTEXT S H I P P I N G A W E B A P P I N 2 0 2 0 I S TO O H A R D ! Backends DevOps • Multi-tenant • Expensive & complex • Increasingly sharded • Very much its specialty • Highly concurrent • We’re close to peak Kubernetes • Data leaks everywhere 😱 • ACL complexity & GDPR
SOME BACKGROUND CONTEXT F R O N T E N D I S E AT I N G T H E B A C K E N D 🍔 😋 • Frontend is never going away • Browsers keep getting more powerful (e.g. WebAssembly, WebAuthN) • Trend to more granular edge — Cloudflare Workers / Fastly Edge Cloud • Empower front end devs / full stack web apps for the 20’s and beyond 🚀 LAMP C O N TA I N E R S SERVERLESS W E B N AT I V E ☁ 🌐 λ
SOME BACKGROUND CONTEXT CONSTRAINTS
SOME BACKGROUND CONTEXT CONSTRAINTS • Everything for a modern web app directly in the browser • Vanilla browsers only — no plug-ins • As secure or better than with traditional cloud infra • UX should feel the same or easier
SOME BACKGROUND CONTEXT “ W E B N AT I V E ” + COMPUTE IDENTITY STORAGE 🔨 Build web apps more like native mobile & desktop 🛂 Password-less login, end-to-end encryption, secure by default 💽 Local-first, secure, user controlled, global file & hosting platform
O K AY , T H E B A C K E N D G O E S A W AY 👍 … N O W W H AT ?
N O W W H AT ? W E H AV E S O M E N E W B U I L D I N G B L O C K S ! • Start thinking “universally” • WebCrypto API 🔐 • Self-sovereign identity / DID 🛂 • Content addressing #⃣ • Macaroons 🍪 • Resurrecting SPKI auth 🧟👻 • CQRS applied to authZ (separate methods) (Disclaimer: taken care of under the hood, but interoperable)
N O W W H AT ? W E H AV E S O M E N E W B U I L D I N G B L O C K S ! • Start thinking “universally” • WebCrypto API 🔐 • Self-sovereign identity / DID 🛂 • Content addressing #⃣ • Macaroons 🍪 • Resurrecting SPKI auth 🧟👻 • CQRS applied to authZ (separate methods) (Disclaimer: taken care of under the hood, but interoperable)
STEP ONE U S E R I D S W I T H O U T A D ATA B A S E
U S E R I D S W I T H O U T A D ATA B A S E S TA N D A R D I Z AT I O N 🏢
U S E R I D S W I T H O U T A D ATA B A S E S TA N D A R D I Z AT I O N 🏢 • W3C, Microsoft, BC, etc • For users, devices, and more • Based on public-key cryptography • Truly “universal” UUIDs • Agnostic about backing
U S E R I D S W I T H O U T A D ATA B A S E S E L F - S O V E R E I G N I D E N T I T Y ( S S I ) 🔑 👩🎤
U S E R I D S W I T H O U T A D ATA B A S E S E L F - S O V E R E I G N I D E N T I T Y ( S S I ) 🔑 👩🎤 • Generate your own globally-unique, verifiable user ID!
U S E R I D S W I T H O U T A D ATA B A S E S E L F - S O V E R E I G N I D E N T I T Y ( S S I ) 🔑 👩🎤 • Generate your own globally-unique, verifiable user ID! • As many as you like 🤷
U S E R I D S W I T H O U T A D ATA B A S E S E L F - S O V E R E I G N I D E N T I T Y ( S S I ) 🔑 👩🎤 • Generate your own globally-unique, verifiable user ID! • As many as you like 🤷 • Many methods — we’re starting with “did:key”
U S E R I D S W I T H O U T A D ATA B A S E S E L F - S O V E R E I G N I D E N T I T Y ( S S I ) 🔑 👩🎤 • Generate your own globally-unique, verifiable user ID! • As many as you like 🤷 • Many methods — we’re starting with “did:key” • Not super readable, so publicize over DNS TXT record _did.USERNAME.fission.name
U S E R I D S W I T H O U T A D ATA B A S E S E L F - S O V E R E I G N I D E N T I T Y ( S S I ) 🔑 👩🎤 • Generate your own globally-unique, verifiable user ID! • As many as you like 🤷 • Many methods — we’re starting with “did:key” • Not super readable, so publicize over DNS TXT record _did.USERNAME.fission.name did:key:zBR4m3DNZHT1G8Nb2RHzgKK7TrWxEmJjZskgvFdncTthzUHzngyNKmKx4VKWEJE6sk4SE4Ka3kH92MxU2YC7CcePHy77GzZy8 Ed25519 — AAAAC3NzaC1lZDI1NTE5AAAAIB7/gFUQ9llI1BTrEjW7Jq6fX6JLsK1J4wXK/dn9JMcO
STEP TWO DISTRIBUTED READ CONTROL
DISTRIBUTED READ CONTROL OCAP / READ KEYS
DISTRIBUTED READ CONTROL OCAP / READ KEYS • ACLs • “Reactive access control” • Authority by association
DISTRIBUTED READ CONTROL OCAP / READ KEYS • ACLs • “Reactive access control” • Authority by association • OCAP • “Proactive” access control • Authority by possession • “You either have the key, or you don’t”
DISTRIBUTED READ CONTROL OCAP / READ KEYS • ACLs • “Reactive access control” • Authority by association • OCAP • “Proactive” access control • Authority by possession • “You either have the key, or you don’t” • Normal AES-256 keys
DISTRIBUTED READ CONTROL MORE GRANULAR ACCESS: CRYPTREES 🔐🌳
DISTRIBUTED READ CONTROL MORE GRANULAR ACCESS: CRYPTREES 🔐🌳 • Public keys playing double duty: IDs and secure key exchange!
DISTRIBUTED READ CONTROL MORE GRANULAR ACCESS: CRYPTREES 🔐🌳 • Public keys playing double duty: IDs and secure key exchange! • Encrypt the encryption with more encryption • Each layer (file or dir) is encrypted with a key • Dirs contain keys for each sub dir / file • Recurse!
DISTRIBUTED READ CONTROL MORE GRANULAR ACCESS: CRYPTREES 🔐🌳 • Public keys playing double duty: IDs and secure key exchange! • Encrypt the encryption with more encryption • Each layer (file or dir) is encrypted with a key • Dirs contain keys for each sub dir / file • Recurse! root
DISTRIBUTED READ CONTROL MORE GRANULAR ACCESS: CRYPTREES 🔐🌳 • Public keys playing double duty: IDs and secure key exchange! • Encrypt the encryption with more encryption root • Each layer (file or dir) is encrypted with a key • Dirs contain keys for each sub dir / file • Recurse! 🔑 🔑
DISTRIBUTED READ CONTROL MORE GRANULAR ACCESS: CRYPTREES 🔐🌳 • Public keys playing double duty: IDs and secure key exchange! • Encrypt the encryption with more encryption root • Each layer (file or dir) is encrypted with a key • Dirs contain keys for each sub dir / file • Recurse! • Access granted to a directory and below • i.e. Same UX Dropbox/Google Drive • Full user controlled 🔑 🔑
DISTRIBUTED READ CONTROL MORE GRANULAR ACCESS: CRYPTREES 🔐🌳 • Public keys playing double duty: IDs and secure key exchange! • Encrypt the encryption with more encryption root • Each layer (file or dir) is encrypted with a key • Dirs contain keys for each sub dir / file • Recurse! • Access granted to a directory and below • i.e. Same UX Dropbox/Google Drive • Full user controlled • Revocation = key rotation & DH exchange 🔑 🔑
STEP THREE D E L E G AT E D W R I T E A C C E S S
D E L E G AT E D W R I T E A C C E S S S TAT U S Q U O : O A U T H
D E L E G AT E D W R I T E A C C E S S S TAT U S Q U O : O A U T H
D E L E G AT E D W R I T E A C C E S S S TAT U S Q U O : O A U T H
D E L E G AT E D W R I T E A C C E S S S TAT U S Q U O : O A U T H
D E L E G AT E D W R I T E A C C E S S S TAT U S Q U O : O A U T H
D E L E G AT E D W R I T E A C C E S S S TAT U S Q U O : O A U T H
D E L E G AT E D W R I T E A C C E S S S TAT U S Q U O : O A U T H
D E L E G AT E D W R I T E A C C E S S S TAT U S Q U O : O A U T H
D E L E G AT E D W R I T E A C C E S S S E L F -S I G N E D TO K E N S ( U C A N )
D E L E G AT E D W R I T E A C C E S S S E L F -S I G N E D TO K E N S ( U C A N )
D E L E G AT E D W R I T E A C C E S S S E L F -S I G N E D TO K E N S ( U C A N )
D E L E G AT E D W R I T E A C C E S S S E L F -S I G N E D TO K E N S ( U C A N ) DONE!
D E L E G AT E D W R I T E A C C E S S S E L F -S I G N E D TO K E N S ( U C A N ) DONE!
D E L E G AT E D W R I T E A C C E S S S I D E - BY-S I D E
D E L E G AT E D W R I T E A C C E S S S I D E - BY-S I D E Now can also be: • Another device (same human) • A user’s peer (different human) • Some service
D E L E G AT E D W R I T E A C C E S S G O O G L E ’ S M A C A R O O N S : “ S TA C K E D C O O K I E S ” 🍪 🍪 🍪 Root Proof
D E L E G AT E D W R I T E A C C E S S G O O G L E ’ S M A C A R O O N S : “ S TA C K E D C O O K I E S ” 🍪 🍪 🍪 • Solves for Google’s infra • Decentralized delegation Root Proof • Attenuation • Shrink size with HMACs • Assumes auth servers
D E L E G AT E D W R I T E A C C E S S G O O G L E ’ S M A C A R O O N S : “ S TA C K E D C O O K I E S ” 🍪 🍪 🍪 Delegate 1 Root Proof • Solves for Google’s infra • Decentralized delegation • Attenuation • Shrink size with HMACs • Assumes auth servers
D E L E G AT E D W R I T E A C C E S S G O O G L E ’ S M A C A R O O N S : “ S TA C K E D C O O K I E S ” 🍪 🍪 🍪 Delegate 2 Delegate 1 Root Proof • Solves for Google’s infra • Decentralized delegation • Attenuation • Shrink size with HMACs • Assumes auth servers
D E L E G AT E D W R I T E A C C E S S G O O G L E ’ S M A C A R O O N S : “ S TA C K E D C O O K I E S ” 🍪 🍪 🍪 Delegate 3 Delegate 2 Delegate 1 Root Proof • Solves for Google’s infra • Decentralized delegation • Attenuation • Shrink size with HMACs • Assumes auth servers
D E L E G AT E D W R I T E A C C E S S U C A N : U S E R C O N T R O L L E D A U T H O R I Z AT I O N N E T W O R K 🦜 Delegate 3 Delegate 2 Delegate 1 Root Proof • Solves for user-centrism • Decentralized delegation • Attenuation • Shrink size with CIDs • Assumes PKI
D E L E G AT E D W R I T E A C C E S S E A C H L AY E R F O L L O W S T H I S F O R M { “alg”: “RS256”, “typ”: “JWT“, “cty”: “JWT“ } { “iss”:“did:key:z1MdJPaWBebKxtE33AszRWYTF67wCLeFdcsqc3R87hyLKzBK…”, “aud”:“did:key:zBR4m3DNZHT1G8Nb2RHzgKK7TrWxEmJjZskgvFdncTthzUH…”, “scp”:“/public/photos/covid2020/”, “pty”:”APPEND_ONLY”, “prf”:<JWT PROOF>, “exp”:1589423547 } <SIGNATURE>
D E L E G AT E D W R I T E A C C E S S E A C H L AY E R F O L L O W S T H I S F O R M { “alg”: “RS256”, “typ”: “JWT“, “cty”: “JWT“ } { “iss”:“did:key:z1MdJPaWBebKxtE33AszRWYTF67wCLeFdcsqc3R87hyLKzBK…”, “aud”:“did:key:zBR4m3DNZHT1G8Nb2RHzgKK7TrWxEmJjZskgvFdncTthzUH…”, “scp”:“/public/photos/covid2020/”, “pty”:”APPEND_ONLY”, “prf”:<JWT PROOF>, “exp”:1589423547 } <SIGNATURE>
D E L E G AT E D W R I T E A C C E S S E A C H L AY E R F O L L O W S T H I S F O R M { “alg”: “RS256”, “typ”: “JWT“, “cty”: “JWT“ } { “iss”:“did:key:z1MdJPaWBebKxtE33AszRWYTF67wCLeFdcsqc3R87hyLKzBK…”, “aud”:“did:key:zBR4m3DNZHT1G8Nb2RHzgKK7TrWxEmJjZskgvFdncTthzUH…”, “scp”:“/public/photos/covid2020/”, “pty”:”APPEND_ONLY”, “prf”:<JWT PROOF>, “exp”:1589423547 } <SIGNATURE>
D E L E G AT E D W R I T E A C C E S S E A C H L AY E R F O L L O W S T H I S F O R M { “alg”: “RS256”, “typ”: “JWT“, “cty”: “JWT“ } { “iss”:“did:key:z1MdJPaWBebKxtE33AszRWYTF67wCLeFdcsqc3R87hyLKzBK…”, “aud”:“did:key:zBR4m3DNZHT1G8Nb2RHzgKK7TrWxEmJjZskgvFdncTthzUH…”, “scp”:“/public/photos/covid2020/”, “pty”:”APPEND_ONLY”, “prf”:<JWT PROOF>, Recursive “exp”:1589423547 } <SIGNATURE> Problem: gets pretty big
D E L E G AT E D W R I T E A C C E S S HASHING IT DOWN ⬛◼◾▪ { “alg”: “RS256”, “typ”: “JWT“, “cty”: “JWT“ } { “iss”:“did:key:z1MdJPaWBebKxtE33AszRWYTF67wCLeFdcsqc3R87hyLKzBK…”, “aud”:“did:key:zBR4m3DNZHT1G8Nb2RHzgKK7TrWxEmJjZskgvFdncTthzUH…”, “scp”:“/public/photos/covid2020/”, “pty”:”APPEND_ONLY”, “prf”:”QmaEmBULputJ5sAJX4bRQYwwWV2DUPnwNSz2R2eTvHV4DT”, “exp”:1589423547 } <SIGNATURE>
D E L E G AT E D W R I T E A C C E S S HASHING IT DOWN ⬛◼◾▪ { “alg”: “RS256”, “typ”: “JWT“, “cty”: “JWT“ } { “iss”:“did:key:z1MdJPaWBebKxtE33AszRWYTF67wCLeFdcsqc3R87hyLKzBK…”, “aud”:“did:key:zBR4m3DNZHT1G8Nb2RHzgKK7TrWxEmJjZskgvFdncTthzUH…”, “scp”:“/public/photos/covid2020/”, “pty”:”APPEND_ONLY”, “prf”:”QmaEmBULputJ5sAJX4bRQYwwWV2DUPnwNSz2R2eTvHV4DT”, “exp”:1589423547 } <SIGNATURE>
RECAP
RECAP W E L L T H AT W A S A L O T O F C O N C E P T S
RECAP W E L L T H AT W A S A L O T O F C O N C E P T S • Fully client-side auth • User controlled / sharding logical conclusion • A “universal” user ID table • Infinite scale 📈 • No need for an auth server • Online, offline, P2P, or traditional cloud infra ✅✅✅✅ • Crypto keys… crypto keys everywhere!
https://fission.codes https://talk .fission.codes 🌎🌍🌏 THANK YOU, CODING EARTH 🎉 brooklyn@fission.codes g i t h u b . c o m /e x p e d e @expede
Web apps are too complex - what if we got rid of the back end? It turns out that we can push most things into the browser. In this talk, Brooklyn will talk about doing secure auth without requiring an auth server, plus a bit about the broader project of making the browser all you need.
for free. You
can too.