Authorizing Users Without a backend

AUTHORIZING USERS WITHOUT A BACKEND …AND UCAN TOO 😉

AU T H O R I Z I N G U S E R S W I T H O U T A BAC K E N D B R O O K LY N Z E L E N K A , @ e x p e d e

AU T H O R I Z I N G U S E R S W I T H O U T A BAC K E N D B R O O K LY N Z E L E N K A , @ e x p e d e • Cofounder/CTO at Fission • https://fission.codes • PLT & VMs • Previously an Ethereum Core Dev • EIPs 615, 902, 1066, 1444 • ECIP 1050 • VanFP, Code & Coffee YVR • Witchcraft, Algae, Exceptional, & others

W E H AV E S T I C K E R S !

W E H AV E S T I C K E R S ! PING ME AND WE’LL MAIL SOME

SOME BACKGROUND CONTEXT

SOME BACKGROUND CONTEXT W H AT S E T O F P R O B L E M S I S F I S S I O N S O LV I N G ?

SOME BACKGROUND CONTEXT S H I P P I N G A W E B A P P I N 2 0 2 0 I S TO O H A R D ! Backends DevOps • Multi-tenant • Expensive & complex • Increasingly sharded • Very much its specialty • Highly concurrent • We’re close to peak Kubernetes • Data leaks everywhere 😱 • ACL complexity & GDPR

SOME BACKGROUND CONTEXT F R O N T E N D I S E AT I N G T H E B A C K E N D 🍔 😋 • Frontend is never going away • Browsers keep getting more powerful (e.g. WebAssembly, WebAuthN) • Trend to more granular edge — Cloudflare Workers / Fastly Edge Cloud • Empower front end devs / full stack web apps for the 20’s and beyond 🚀 LAMP C O N TA I N E R S SERVERLESS W E B N AT I V E ☁ 🌐 λ

SOME BACKGROUND CONTEXT CONSTRAINTS

SOME BACKGROUND CONTEXT CONSTRAINTS • Everything for a modern web app directly in the browser • Vanilla browsers only — no plug-ins • As secure or better than with traditional cloud infra • UX should feel the same or easier

SOME BACKGROUND CONTEXT “ W E B N AT I V E ” + COMPUTE IDENTITY STORAGE 🔨 Build web apps more like native mobile & desktop 🛂 Password-less login, end-to-end encryption, secure by default 💽 Local-first, secure, user controlled, global file & hosting platform

</shill>

O K AY , T H E B A C K E N D G O E S A W AY 👍 … N O W W H AT ?

N O W W H AT ? W E H AV E S O M E N E W B U I L D I N G B L O C K S ! • Start thinking “universally” • WebCrypto API 🔐 • Self-sovereign identity / DID 🛂 • Content addressing #⃣ • Macaroons 🍪 • Resurrecting SPKI auth 🧟👻 • CQRS applied to authZ (separate methods) (Disclaimer: taken care of under the hood, but interoperable)

STEP ONE U S E R I D S W I T H O U T A D ATA B A S E

U S E R I D S W I T H O U T A D ATA B A S E S TA N D A R D I Z AT I O N 🏢

U S E R I D S W I T H O U T A D ATA B A S E S TA N D A R D I Z AT I O N 🏢 • W3C, Microsoft, BC, etc • For users, devices, and more • Based on public-key cryptography • Truly “universal” UUIDs • Agnostic about backing

U S E R I D S W I T H O U T A D ATA B A S E S E L F - S O V E R E I G N I D E N T I T Y ( S S I ) 🔑 👩🎤

U S E R I D S W I T H O U T A D ATA B A S E S E L F - S O V E R E I G N I D E N T I T Y ( S S I ) 🔑 👩🎤 • Generate your own globally-unique, verifiable user ID!

U S E R I D S W I T H O U T A D ATA B A S E S E L F - S O V E R E I G N I D E N T I T Y ( S S I ) 🔑 👩🎤 • Generate your own globally-unique, verifiable user ID! • As many as you like 🤷

U S E R I D S W I T H O U T A D ATA B A S E S E L F - S O V E R E I G N I D E N T I T Y ( S S I ) 🔑 👩🎤 • Generate your own globally-unique, verifiable user ID! • As many as you like 🤷 • Many methods — we’re starting with “did:key”

U S E R I D S W I T H O U T A D ATA B A S E S E L F - S O V E R E I G N I D E N T I T Y ( S S I ) 🔑 👩🎤 • Generate your own globally-unique, verifiable user ID! • As many as you like 🤷 • Many methods — we’re starting with “did:key” • Not super readable, so publicize over DNS TXT record _did.USERNAME.fission.name

U S E R I D S W I T H O U T A D ATA B A S E S E L F - S O V E R E I G N I D E N T I T Y ( S S I ) 🔑 👩🎤 • Generate your own globally-unique, verifiable user ID! • As many as you like 🤷 • Many methods — we’re starting with “did:key” • Not super readable, so publicize over DNS TXT record _did.USERNAME.fission.name did:key:zBR4m3DNZHT1G8Nb2RHzgKK7TrWxEmJjZskgvFdncTthzUHzngyNKmKx4VKWEJE6sk4SE4Ka3kH92MxU2YC7CcePHy77GzZy8 Ed25519 — AAAAC3NzaC1lZDI1NTE5AAAAIB7/gFUQ9llI1BTrEjW7Jq6fX6JLsK1J4wXK/dn9JMcO

STEP TWO DISTRIBUTED READ CONTROL

DISTRIBUTED READ CONTROL OCAP / READ KEYS

DISTRIBUTED READ CONTROL OCAP / READ KEYS • ACLs • “Reactive access control” • Authority by association

DISTRIBUTED READ CONTROL OCAP / READ KEYS • ACLs • “Reactive access control” • Authority by association • OCAP • “Proactive” access control • Authority by possession • “You either have the key, or you don’t”

DISTRIBUTED READ CONTROL OCAP / READ KEYS • ACLs • “Reactive access control” • Authority by association • OCAP • “Proactive” access control • Authority by possession • “You either have the key, or you don’t” • Normal AES-256 keys

DISTRIBUTED READ CONTROL MORE GRANULAR ACCESS: CRYPTREES 🔐🌳

DISTRIBUTED READ CONTROL MORE GRANULAR ACCESS: CRYPTREES 🔐🌳 • Public keys playing double duty: IDs and secure key exchange!

DISTRIBUTED READ CONTROL MORE GRANULAR ACCESS: CRYPTREES 🔐🌳 • Public keys playing double duty: IDs and secure key exchange! • Encrypt the encryption with more encryption • Each layer (file or dir) is encrypted with a key • Dirs contain keys for each sub dir / file • Recurse!

DISTRIBUTED READ CONTROL MORE GRANULAR ACCESS: CRYPTREES 🔐🌳 • Public keys playing double duty: IDs and secure key exchange! • Encrypt the encryption with more encryption • Each layer (file or dir) is encrypted with a key • Dirs contain keys for each sub dir / file • Recurse! root

DISTRIBUTED READ CONTROL MORE GRANULAR ACCESS: CRYPTREES 🔐🌳 • Public keys playing double duty: IDs and secure key exchange! • Encrypt the encryption with more encryption root • Each layer (file or dir) is encrypted with a key • Dirs contain keys for each sub dir / file • Recurse! 🔑 🔑

DISTRIBUTED READ CONTROL MORE GRANULAR ACCESS: CRYPTREES 🔐🌳 • Public keys playing double duty: IDs and secure key exchange! • Encrypt the encryption with more encryption root • Each layer (file or dir) is encrypted with a key • Dirs contain keys for each sub dir / file • Recurse! • Access granted to a directory and below • i.e. Same UX Dropbox/Google Drive • Full user controlled 🔑 🔑

DISTRIBUTED READ CONTROL MORE GRANULAR ACCESS: CRYPTREES 🔐🌳 • Public keys playing double duty: IDs and secure key exchange! • Encrypt the encryption with more encryption root • Each layer (file or dir) is encrypted with a key • Dirs contain keys for each sub dir / file • Recurse! • Access granted to a directory and below • i.e. Same UX Dropbox/Google Drive • Full user controlled • Revocation = key rotation & DH exchange 🔑 🔑

STEP THREE D E L E G AT E D W R I T E A C C E S S

D E L E G AT E D W R I T E A C C E S S S TAT U S Q U O : O A U T H

D E L E G AT E D W R I T E A C C E S S S E L F -S I G N E D TO K E N S ( U C A N )

D E L E G AT E D W R I T E A C C E S S S E L F -S I G N E D TO K E N S ( U C A N ) DONE!

D E L E G AT E D W R I T E A C C E S S S I D E - BY-S I D E

D E L E G AT E D W R I T E A C C E S S S I D E - BY-S I D E Now can also be: • Another device (same human) • A user’s peer (different human) • Some service

D E L E G AT E D W R I T E A C C E S S G O O G L E ’ S M A C A R O O N S : “ S TA C K E D C O O K I E S ” 🍪 🍪 🍪 Root Proof

D E L E G AT E D W R I T E A C C E S S G O O G L E ’ S M A C A R O O N S : “ S TA C K E D C O O K I E S ” 🍪 🍪 🍪 • Solves for Google’s infra • Decentralized delegation Root Proof • Attenuation • Shrink size with HMACs • Assumes auth servers

D E L E G AT E D W R I T E A C C E S S G O O G L E ’ S M A C A R O O N S : “ S TA C K E D C O O K I E S ” 🍪 🍪 🍪 Delegate 1 Root Proof • Solves for Google’s infra • Decentralized delegation • Attenuation • Shrink size with HMACs • Assumes auth servers

D E L E G AT E D W R I T E A C C E S S G O O G L E ’ S M A C A R O O N S : “ S TA C K E D C O O K I E S ” 🍪 🍪 🍪 Delegate 2 Delegate 1 Root Proof • Solves for Google’s infra • Decentralized delegation • Attenuation • Shrink size with HMACs • Assumes auth servers

D E L E G AT E D W R I T E A C C E S S G O O G L E ’ S M A C A R O O N S : “ S TA C K E D C O O K I E S ” 🍪 🍪 🍪 Delegate 3 Delegate 2 Delegate 1 Root Proof • Solves for Google’s infra • Decentralized delegation • Attenuation • Shrink size with HMACs • Assumes auth servers

D E L E G AT E D W R I T E A C C E S S U C A N : U S E R C O N T R O L L E D A U T H O R I Z AT I O N N E T W O R K 🦜 Delegate 3 Delegate 2 Delegate 1 Root Proof • Solves for user-centrism • Decentralized delegation • Attenuation • Shrink size with CIDs • Assumes PKI

D E L E G AT E D W R I T E A C C E S S E A C H L AY E R F O L L O W S T H I S F O R M { “alg”: “RS256”, “typ”: “JWT“, “cty”: “JWT“ } { “iss”:“did:key:z1MdJPaWBebKxtE33AszRWYTF67wCLeFdcsqc3R87hyLKzBK…”, “aud”:“did:key:zBR4m3DNZHT1G8Nb2RHzgKK7TrWxEmJjZskgvFdncTthzUH…”, “scp”:“/public/photos/covid2020/”, “pty”:”APPEND_ONLY”, “prf”:<JWT PROOF>, “exp”:1589423547 } <SIGNATURE>

D E L E G AT E D W R I T E A C C E S S E A C H L AY E R F O L L O W S T H I S F O R M { “alg”: “RS256”, “typ”: “JWT“, “cty”: “JWT“ } { “iss”:“did:key:z1MdJPaWBebKxtE33AszRWYTF67wCLeFdcsqc3R87hyLKzBK…”, “aud”:“did:key:zBR4m3DNZHT1G8Nb2RHzgKK7TrWxEmJjZskgvFdncTthzUH…”, “scp”:“/public/photos/covid2020/”, “pty”:”APPEND_ONLY”, “prf”:<JWT PROOF>, Recursive “exp”:1589423547 } <SIGNATURE> Problem: gets pretty big

D E L E G AT E D W R I T E A C C E S S HASHING IT DOWN ⬛◼◾▪ { “alg”: “RS256”, “typ”: “JWT“, “cty”: “JWT“ } { “iss”:“did:key:z1MdJPaWBebKxtE33AszRWYTF67wCLeFdcsqc3R87hyLKzBK…”, “aud”:“did:key:zBR4m3DNZHT1G8Nb2RHzgKK7TrWxEmJjZskgvFdncTthzUH…”, “scp”:“/public/photos/covid2020/”, “pty”:”APPEND_ONLY”, “prf”:”QmaEmBULputJ5sAJX4bRQYwwWV2DUPnwNSz2R2eTvHV4DT”, “exp”:1589423547 } <SIGNATURE>

RECAP

RECAP W E L L T H AT W A S A L O T O F C O N C E P T S

RECAP W E L L T H AT W A S A L O T O F C O N C E P T S • Fully client-side auth • User controlled / sharding logical conclusion • A “universal” user ID table • Infinite scale 📈 • No need for an auth server • Online, offline, P2P, or traditional cloud infra ✅✅✅✅ • Crypto keys… crypto keys everywhere!

https://fission.codes https://talk .fission.codes 🌎🌍🌏 THANK YOU, CODING EARTH 🎉 brooklyn@fission.codes g i t h u b . c o m /e x p e d e @expede

Authorizing Users Without a backend

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Slide 39

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58

Slide 59

Slide 60

Slide 61

Slide 62

Slide 63

Slide 64

Slide 65

Slide 66

Slide 67

Slide 68

Slide 69

Slide 70