Add users table for opaque2 identity users.
Details
- Reviewers
varun bartek ashoat - Commits
- rCOMM65fc365ec0e5: [Identity] Add opaque2 users table
nix develop comm-dev services start cd services/terraform ./run.sh # creates identity-users-opaque2 table
Diff Detail
- Repository
- rCOMM Comm
- Branch
- jonringer/opaque2-tables
- Lint
No Lint Coverage - Unit
No Test Coverage
Event Timeline
services/identity/src/constants.rs | ||
---|---|---|
33 ↗ | (On Diff #24346) | What's the significance of having this here now? Are we trying to future-proof for the future world where we support the concept of a primary device? If so, we should perhaps replace this with the proper "device list" from the whitepaper |
services/identity/src/constants.rs | ||
---|---|---|
19 ↗ | (On Diff #24346) | Sure |
20–29 ↗ | (On Diff #24346) | I'll make it into another block |
33 ↗ | (On Diff #24346) |
Honestly, it was a carry-over from the last table. but having a primary device being easily identified seems aligned with the longterm vision of the identity service; and fits the data model as a users should have one and only one primary device, so I left it in. I wouldn't call lit future proofing, this diff just defines field names for the table; which is free to evolve somewhat with time.
Device list in the papers is much more... involved, including a series of order-able signed updates. I would like to avoid device list scope creep. |
services/identity/src/constants.rs | ||
---|---|---|
26 ↗ | (On Diff #24348) | Might be good to define the format of this, potentially by referencing the .proto |
33 ↗ | (On Diff #24346) | My high-level point is that we'll never use this device field at all. It's not useful today because we don't have a conception of a primary device, and it won't be useful in the future because once we do have a conception of a primary device, we'll need to introduce a device list If you feel strongly that you really want this here, I guess it's fine to have useless fields. But I honestly think it should be removed given it will never be used |
services/identity/src/constants.rs | ||
---|---|---|
33 ↗ | (On Diff #24346) | I assumed that it would be important for reasons that weren't immediately obvious to me since it was in the fields for the previous users table. I'll just remove |
services/identity/src/constants.rs | ||
---|---|---|
33 ↗ | (On Diff #24346) | I don't think it was in the previous users table. The "device" concept in constants.rs is just for string interpolation and error handling. This is an example item from DDB: { "userID": { "S": "4740395" }, "devices": { "M": { "sXvztyukQSLrsRSkPVk9wJQbi6iuUwCqOjvTYHPjsys": { "M": { "payload": { "S": "{\"notificationIdentityPublicKeys\":{\"curve25519\":\"A4XE/R5jAwVQAKufEnaR3ZFgckKzHGXBHvC5ABg3zUU\",\"ed25519\":\"cskr5GRd1ZJdBewpj6W2v5LE560uD/irmcxuFagL9IQ\"},\"primaryIdentityPublicKeys\":{\"curve25519\":\"nxTumGZiB67Ab9U0XmHK4q6/C1MVpNqqbanNIVSWeU4\",\"ed25519\":\"sXvztyukQSLrsRSkPVk9wJQbi6iuUwCqOjvTYHPjsys\"}}" }, "signature": { "S": "Wy1IfR3YYtUeiD4naTrkq+STPos882Np1odCffGtwFMWXMBqvZVUi+iPhI9XkhDMpZLVDk0EHWRVDCg5w1OPBg" } } } } }, "pakeRegistrationData": { "B": "hFzSfOs751EWUGQM35JmizGPkDK7FWXD6Bvf66bp/gyoyl3seLJUl9FXR+o1H2+aL8oGIZrq+Qu1kTSnSAoxAAGrLyG9mQgSndYFXhMprIvW5TdKw7pTxVGq8AX9BlW9jFuF3ky/50Rnz/RFU4psMod23wQkSWlZ4Vo8q4xuuygURmOsBpABIy7nt4SPuxJjsats8YdrHG8qCIT6P0B8lxyTYDQrIJvrowXH9dyyp0KSSodMOW8QrbqfOWCP1X1L3g==" }, "username": { "S": "testedt" } } |
services/identity/src/constants.rs | ||
---|---|---|
33 ↗ | (On Diff #24346) | I'm referring to the constants.rs file, https://github.com/CommE2E/comm/blob/493a462e18fe19cb4ce0e35759dd4bb3942e3963/services/identity/src/constants.rs#L14. We never described the schema outside of implementation previous to this diff. |
services/identity/src/constants.rs | ||
---|---|---|
33 ↗ | (On Diff #24346) |
I understand what you're referring to. I just wanted to make sure you knew what that const was for. We use it for error handling, so I don't think you should've removed it from the opaque2 module. It probably does make sense to separate it out from the schema concepts, though. |
services/identity/src/constants.rs | ||
---|---|---|
33 ↗ | (On Diff #24346) | I suppose we could also just use the existing const for error handling |