mirror of
https://github.com/nostr-protocol/nips.git
synced 2024-12-23 00:45:53 -05:00
Remove NIP-26 usage
This commit is contained in:
parent
ea7d2957e2
commit
b8e42d1926
153
260.md
153
260.md
|
@ -6,43 +6,60 @@ Shared Account
|
||||||
|
|
||||||
`draft` `optional`
|
`draft` `optional`
|
||||||
|
|
||||||
This NIP introduces a standard way to share account signing privileges without revealing its privkey.
|
This NIP introduces a standard way to share account signing privileges
|
||||||
It uses time-released delegation events to get around the irrevocability property of [NIP-26](26.md) delegation tokens.
|
from a `delegator` to `delegatees` without revealing its privkey.
|
||||||
|
It uses time-released delegation events to be able to cancel sharing at any time.
|
||||||
|
|
||||||
### "Share Account Access" Feature
|
Note that although `delegators` and `delegatees` terms are used,
|
||||||
|
the delegation setup is different from the NIP-26 one.
|
||||||
|
|
||||||
The `delegator` user should be able to inform the `delegatee`'s `pubkey` to the client through a "Share Account Access" feature.
|
## "Share Account Access" Feature
|
||||||
|
|
||||||
The `delegator`s client then pre-generates a set of "Delegation Delivery" events to be released on their `write` relays by a "cron-like" (scheduler) service at each event's `.created_at` moments.
|
The `delegator` user should be able to inform the `delegatee(s)`'s `pubkey` to the client through a "Share Account Access" feature.
|
||||||
|
|
||||||
Each of these events holds one NIP-26 `delegation token` and a corresponding `condition string` covering a *very narrow* `created_at>A&created_at<B` time window such as 3 hours. The time windows are expected to be contiguous, with the complete set of `condition strings` together covering a wider period such as 2 weeks.
|
The `delegator`s client then pre-generates a set of [Delegation Events](#delegated-events) that configure the account
|
||||||
|
sharing, to be released on `delegator`s [scheduler relays](#scheduler-relays) at each event's `.created_at` moments.
|
||||||
|
|
||||||
|
Each of these events has a time window, during which it is considered the current delegation configuration.
|
||||||
|
A time window starts at the `.created_at` timestamp, ends at the `expiration` tag value moment
|
||||||
|
and should be narrow (~3 hours). The complete set of time windows are expected to be continuous.
|
||||||
|
|
||||||
The `delegator` at any time should be able to ask the client to disable the "Share Account Access" feature.
|
The `delegator` at any time should be able to ask the client to disable the "Share Account Access" feature.
|
||||||
Then their client should ask the scheduler service to delete "Delegation Delivery" events yet to be released, effectively
|
Then their client should ask the Scheduler Relay to delete "Delegation Events" yet to be released, effectively
|
||||||
preventing future use of the delegation.
|
canceling the account sharing when no current (not expired) "Delegation Event" can be found.
|
||||||
|
|
||||||
Ideally, the scheduler service shouldn't have access to the `delegator`'s privkey
|
## "Use Shared Account" Feature
|
||||||
but just store the "Delegation Delivery" events to be published.
|
|
||||||
|
|
||||||
### "Use Shared Account" Feature
|
|
||||||
|
|
||||||
The `delegatee` user should be able to inform the `delegator`'s `pubkey` to the client through a "Use Shared Account" feature.
|
The `delegatee` user should be able to inform the `delegator`'s `pubkey` to the client through a "Use Shared Account" feature.
|
||||||
|
|
||||||
Before publishing an event, the `delegatee`'s client should fetch the latest "Delegation Delivery" event of the `delegator`
|
Before publishing an event, the `delegatee`'s client should fetch the latest "Delegation Event" of the `delegator`
|
||||||
from one of the `delegator` write relays and use the embedded token in accordance with NIP-26 spec until it expires.
|
from one of the `delegator` scheduler relays to make sure they are still listed as a `delegatee`, to know when the
|
||||||
|
delegation expires, and which event kinds the `delegatee` can publish on behalf of the `delegator`.
|
||||||
|
|
||||||
After token expiration, the `delegatee`'s client is expected to repeat the procedure of fetching and using the latest available
|
After expiration, the `delegatee`'s client is expected to repeat the procedure of fetching and checking the latest available
|
||||||
`delegator`'s "Delegation Delivery" event.
|
`delegator`'s "Delegation Event".
|
||||||
|
|
||||||
Disabling the "Use Shared Account" feature means the `delegatee`'s client will stop fetching and using `delegator`s
|
Disabling the "Use Shared Account" feature means the `delegatee`'s client will stop fetching and checking `delegator`s
|
||||||
"Delegation Delivery" events delegation tokens when publishing new events.
|
"Delegation Events" when publishing new events.
|
||||||
|
|
||||||
### "Delegation Delivery" Event
|
## Delegation Event
|
||||||
|
|
||||||
The "Delegation Delivery" event is of `kind:1026`, the `.pubkey` is the `delegator`, there is a `delegation_delivery` tag
|
A "Delegation Event" is current (not-expired) between its `.created_at` and `expiration` tag time range.
|
||||||
with the `condition string` and the `delegation token` as array elements and a `p` tag with the `delegatee`'s pubkey.
|
|
||||||
It must have atleast one `k` tag and each should be set to the (required) `kind` field values present on the `condition string`.
|
If no current event is found for a specific `delegatee`, **all** past and future delegated events from the `delegatee`
|
||||||
It should have an `expiration` tag with the value set to the delegation expiration condition.
|
are considered invalid.
|
||||||
|
|
||||||
|
The event is of `kind:1026`, the `.pubkey` is the `delegator` and a single `p` tag is set to the `delegatee`'s pubkey.
|
||||||
|
|
||||||
|
It must have atleast one `k` tag and each should be set to the kinds the `delegatee` is allowed to publish
|
||||||
|
on behalf of the `delegator`.
|
||||||
|
|
||||||
|
There is a `since` tag informing since when the p-tagged user became a `delegatee`.
|
||||||
|
A `delegatee` is allowed to publish events with a `.created_at` between the `since`
|
||||||
|
and `expiration` tag values.
|
||||||
|
|
||||||
|
A `scheduled` tag is present to hint to relays that the event should only be requestable by users
|
||||||
|
other than the author if the `.created_at` timestamp has been reached.
|
||||||
|
|
||||||
Event example:
|
Event example:
|
||||||
|
|
||||||
|
@ -51,35 +68,97 @@ Event example:
|
||||||
"kind": 1026,
|
"kind": 1026,
|
||||||
"pubkey": "<delegator_pubkey>",
|
"pubkey": "<delegator_pubkey>",
|
||||||
"tags": [
|
"tags": [
|
||||||
[
|
|
||||||
"delegation_delivery",
|
|
||||||
"kind=1&created_at>1702711000&created_at<1702721800",
|
|
||||||
"6f44d7...e5f524"
|
|
||||||
],
|
|
||||||
["p", "<delegatee_pubkey>"],
|
["p", "<delegatee_pubkey>"],
|
||||||
["k", "1"],
|
["k", "1"],
|
||||||
["expiration", "1702721800"]
|
["k", "14"],
|
||||||
|
["since", "1702000000"], // may be inherited from the first `kind:1026` of a series
|
||||||
|
["expiration", "1702721800"],
|
||||||
|
["scheduled"]
|
||||||
],
|
],
|
||||||
"content": "",
|
"content": "",
|
||||||
"created_at": 1702711000 // future time when the delegation starts to count
|
"created_at": 1702711000 // time the event will be published to the relay
|
||||||
// ...other fields
|
// ...other fields
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
### Relay Support
|
## Delegated Events
|
||||||
|
|
||||||
A relay may act as a scheduler service by allowing the publishing of `kind:1026` events with future `.created_at`
|
Delegated events considered by this NIP are those with a `D` tag that is set to the `delegator` pubkey.
|
||||||
values while also never sending such events with future timestamps to users other than the author.
|
|
||||||
|
|
||||||
### Use Cases
|
When a delegated event is replaceable, an extra `address_sig` tag must be added.
|
||||||
|
It is set to the signature of a `kind:1126` "Proof Event" that has no tags, `created_at` set to `0` and
|
||||||
|
the following string as `.content`: `"<event-kind>:<DELEGATOR-pubkey>:<event-d-tag>"`
|
||||||
|
(the string is similar to that of the event `address`, but with the `delegator` pubkey instead of the `delegatee`'s one).
|
||||||
|
|
||||||
- Enable employees to publish `kind:1` events on behalf of an enterprise account.
|
### Relay Hint when Referencing
|
||||||
|
|
||||||
|
When publishing a delegated event, most times (see [Use Cases](#use-cases) section and specific NIPs)
|
||||||
|
the `delegator` relays are expected to be used instead of the `delegatee`s or the group chat's ones, for example.
|
||||||
|
|
||||||
|
When that's the case and an event referencing it has added
|
||||||
|
a `pubkey` hint for locating the referenced event with [NIP-65](65.md), it should be the `delegator` pubkey.
|
||||||
|
|
||||||
|
If it has added a direct `relay` url hint, it should be from one of the `delegator` relays.
|
||||||
|
|
||||||
|
### Validation
|
||||||
|
|
||||||
|
If no current (not expired) `kind:1026` event can be found,
|
||||||
|
**all** `delegatee`'s previous and future delegated events
|
||||||
|
should be considered invalid by clients.
|
||||||
|
|
||||||
|
The client should check if it can find a current `kind:1026` event from `delegator`
|
||||||
|
that p-tags the `delegatee`, has a `k` tag value with the same delegated event's `.kind` and
|
||||||
|
whose `since` to `expiration` tag time range includes the delegated event's `.created_at` timestamp.
|
||||||
|
|
||||||
|
### Copying Delegated Events
|
||||||
|
|
||||||
|
Before disabling the "Share Account Access" feature, i.e. before making all previous and future
|
||||||
|
delegated events of a specific `delegatee` invalid, the `delegator` may copy these events.
|
||||||
|
|
||||||
|
The event copy has the same field values, except for the `.pubkey` that is the `delegator`,
|
||||||
|
the `.sig` that changes accordingly and the `D` tag that is renamed to `D_copy`.
|
||||||
|
|
||||||
|
Also, a single `C` (canonical event identifier) tag is added.
|
||||||
|
If the event being copied is a regular event, it is set to its `.id`,
|
||||||
|
else if a replaceable one, it is set to its `address`.
|
||||||
|
The `C` tag's second value is the `delegatee` pubkey.
|
||||||
|
|
||||||
|
Clients must use the `C` tag value to load the copied event's replies/references. New references should
|
||||||
|
be made to the `C` tag value.
|
||||||
|
|
||||||
|
Clients should validate the `C` tag value before considering it the canonical event identifier.
|
||||||
|
|
||||||
|
### "C" Tag Validation
|
||||||
|
|
||||||
|
If the `C` tag is set to the copied event's `.id`, rebuild the copied event's structure
|
||||||
|
(remove the copy's `C` tag, replace the `.pubkey` to the `delegatee`'s one and rename `D_copy` tag to `D`)
|
||||||
|
and check if the hash matches. `D_copy` also must have been set to the `delegator` pubkey.
|
||||||
|
|
||||||
|
If the `C` tag is set to the copied event's `.address`,
|
||||||
|
generate and verify the `kind:1126` "Proof Event" with `"<event-kind>:<DELEGATOR-pubkey>:<event-d-tag>"`
|
||||||
|
`.content` by using the `address_sig` tag value.
|
||||||
|
|
||||||
|
## Scheduler Relays
|
||||||
|
|
||||||
|
A scheduler relay is expected to allow the publishing of events with future `.created_at` value
|
||||||
|
while also never sending such events with future timestamp and a `scheduled` tag
|
||||||
|
to users other than the author.
|
||||||
|
|
||||||
|
A client should use the `s` relay usage flag to set the user's [NIP-65](65.md)
|
||||||
|
scheduler relays.
|
||||||
|
|
||||||
|
If a relay signals support for this NIP in their [NIP-11](11.md) document, that means
|
||||||
|
it can be used as a scheduler relay when a `scheduled` tag is present on an event.
|
||||||
|
|
||||||
|
## Use Cases
|
||||||
|
|
||||||
|
- Enable employees to publish `kind:1` events on behalf of a business account.
|
||||||
`Delegatees` should publish to the `delegator` relays.
|
`Delegatees` should publish to the `delegator` relays.
|
||||||
Reading client's interface should display the `delegator` as the delegated `kind:1` events' author
|
Reading client's interface should display the `delegator` as the delegated `kind:1` events' author
|
||||||
(e.g.: show just the `delegator`'s avatar picture);
|
(e.g.: show just the `delegator`'s avatar picture);
|
||||||
|
|
||||||
- Enable employees to publish `DM`s on behalf of an enterprise account.
|
- Enable employees to publish `DM`s on behalf of a business account.
|
||||||
`Delegatees` should publish to their own relays.
|
`Delegatees` should publish to their own relays.
|
||||||
Reading client's interface should display the `delegatee` (**not the delegator**)
|
Reading client's interface should display the `delegatee` (**not the delegator**)
|
||||||
as the author of the delegated `DM` events and indicate it is speaking
|
as the author of the delegated `DM` events and indicate they are speaking
|
||||||
on the company/`delegator`'s behalf (e.g.: show both accounts' avatar pictures).
|
on the company/`delegator`'s behalf (e.g.: show both accounts' avatar pictures).
|
||||||
|
|
Loading…
Reference in New Issue
Block a user