Page MenuHomePhabricator

[Identity] Add opaque2 users table
ClosedPublic

Authored by jon on Mar 29 2023, 11:11 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Jan 5, 4:17 AM
Unknown Object (File)
Sun, Dec 29, 12:12 AM
Unknown Object (File)
Tue, Dec 24, 4:32 AM
Unknown Object (File)
Tue, Dec 24, 4:32 AM
Unknown Object (File)
Tue, Dec 24, 4:32 AM
Unknown Object (File)
Tue, Dec 24, 4:32 AM
Unknown Object (File)
Tue, Dec 24, 4:32 AM
Unknown Object (File)
Tue, Dec 24, 4:32 AM
Subscribers

Details

Summary

Add users table for opaque2 identity users.

https://linear.app/comm/issue/ENG-3558

Test Plan
nix develop
comm-dev services start

cd services/terraform
./run.sh
# creates identity-users-opaque2 table

Diff Detail

Repository
rCOMM Comm
Branch
jonringer/opaque2-tables
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

Remove auto-completed characters from vscode

Suppress unnused warnings by making everything public

services/identity/src/constants.rs
19 ↗(On Diff #24341)

What's this?

21 ↗(On Diff #24341)

Didn't we want some conception of a "device type"?

services/identity/src/constants.rs
19 ↗(On Diff #24341)

jon mentions below that "device" is the signing public identity key of primary device

21 ↗(On Diff #24341)

+1

jon marked 2 inline comments as done.

Add device type

services/identity/src/constants.rs
19 ↗(On Diff #24346)

should we call this primaryDevice?

20 ↗(On Diff #24346)
20–29 ↗(On Diff #24346)

this is a little confusing since it's actually the value of HashMap, not the whole thing

36 ↗(On Diff #24346)
services/identity/src/constants.rs
33 ↗(On Diff #24346)

What's the significance of having this here now? Are we trying to future-proof for the future world where we support the concept of a primary device? If so, we should perhaps replace this with the proper "device list" from the whitepaper

jon added inline comments.
services/identity/src/constants.rs
19 ↗(On Diff #24346)

Sure

20–29 ↗(On Diff #24346)

I'll make it into another block

33 ↗(On Diff #24346)

What's the significance of having this here now? Are we trying to future-proof for the future world where we support the concept of a primary device?

Honestly, it was a carry-over from the last table. but having a primary device being easily identified seems aligned with the longterm vision of the identity service; and fits the data model as a users should have one and only one primary device, so I left it in.

I wouldn't call lit future proofing, this diff just defines field names for the table; which is free to evolve somewhat with time.

If so, we should perhaps replace this with the proper "device list" from the whitepaper

Device list in the papers is much more... involved, including a series of order-able signed updates.

I would like to avoid device list scope creep.

jon marked 3 inline comments as done.

Address more feedback

services/identity/src/constants.rs
26

Might be good to define the format of this, potentially by referencing the .proto

33 ↗(On Diff #24346)

My high-level point is that we'll never use this device field at all. It's not useful today because we don't have a conception of a primary device, and it won't be useful in the future because once we do have a conception of a primary device, we'll need to introduce a device list

If you feel strongly that you really want this here, I guess it's fine to have useless fields. But I honestly think it should be removed given it will never be used

Don't have much more to say

This revision is now accepted and ready to land.Mar 30 2023, 7:11 AM
jon marked 2 inline comments as done.

Remove primaryDevice, reference protobuf file

services/identity/src/constants.rs
33 ↗(On Diff #24346)

I assumed that it would be important for reasons that weren't immediately obvious to me since it was in the fields for the previous users table.

I'll just remove

This revision was automatically updated to reflect the committed changes.
services/identity/src/constants.rs
33 ↗(On Diff #24346)

I don't think it was in the previous users table. The "device" concept in constants.rs is just for string interpolation and error handling. This is an example item from DDB:

{
  "userID": {
    "S": "4740395"
  },
  "devices": {
    "M": {
      "sXvztyukQSLrsRSkPVk9wJQbi6iuUwCqOjvTYHPjsys": {
        "M": {
          "payload": {
            "S": "{\"notificationIdentityPublicKeys\":{\"curve25519\":\"A4XE/R5jAwVQAKufEnaR3ZFgckKzHGXBHvC5ABg3zUU\",\"ed25519\":\"cskr5GRd1ZJdBewpj6W2v5LE560uD/irmcxuFagL9IQ\"},\"primaryIdentityPublicKeys\":{\"curve25519\":\"nxTumGZiB67Ab9U0XmHK4q6/C1MVpNqqbanNIVSWeU4\",\"ed25519\":\"sXvztyukQSLrsRSkPVk9wJQbi6iuUwCqOjvTYHPjsys\"}}"
          },
          "signature": {
            "S": "Wy1IfR3YYtUeiD4naTrkq+STPos882Np1odCffGtwFMWXMBqvZVUi+iPhI9XkhDMpZLVDk0EHWRVDCg5w1OPBg"
          }
        }
      }
    }
  },
  "pakeRegistrationData": {
    "B": "hFzSfOs751EWUGQM35JmizGPkDK7FWXD6Bvf66bp/gyoyl3seLJUl9FXR+o1H2+aL8oGIZrq+Qu1kTSnSAoxAAGrLyG9mQgSndYFXhMprIvW5TdKw7pTxVGq8AX9BlW9jFuF3ky/50Rnz/RFU4psMod23wQkSWlZ4Vo8q4xuuygURmOsBpABIy7nt4SPuxJjsats8YdrHG8qCIT6P0B8lxyTYDQrIJvrowXH9dyyp0KSSodMOW8QrbqfOWCP1X1L3g=="
  },
  "username": {
    "S": "testedt"
  }
}
jon added inline comments.
services/identity/src/constants.rs
33 ↗(On Diff #24346)

I'm referring to the constants.rs file, https://github.com/CommE2E/comm/blob/493a462e18fe19cb4ce0e35759dd4bb3942e3963/services/identity/src/constants.rs#L14.

We never described the schema outside of implementation previous to this diff.

services/identity/src/constants.rs
33 ↗(On Diff #24346)

The "device" concept in constants.rs is just for string interpolation and error handling.

I understand what you're referring to. I just wanted to make sure you knew what that const was for. We use it for error handling, so I don't think you should've removed it from the opaque2 module. It probably does make sense to separate it out from the schema concepts, though.

services/identity/src/constants.rs
33 ↗(On Diff #24346)

I suppose we could also just use the existing const for error handling