nostr/nips
1
0
Fork 0
mirror of https://github.com/nostr-protocol/nips.git synced 2024-11-13 23:39:08 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity
30d784663e
nips/29.md
Vitor Pamplona 30d784663e Updates motivation to clarify the need and goals.
2024-02-01 14:07:42 -05:00

2.5 KiB
Raw Blame History

NIP-29

Shared Event Ownership Through Trusted DVMs

draft optional

This NIP proposes a standardized way that 2+ pubkeys can unilaterally control a replaceable event. The managing keys choose a trustworthy DVM to own and update the event. Event updates are performed via Job Requests and Responses of DVMs.

Motivation

Some applications require a shared control of a single replaceable event. Some cases include:

  • Collaborative document writing tools allow several users to update the .content of an event.
  • Group metadata events that must be updated by a set of admins, including adding and removing people from the group.

Current Nostr proposals require creating schemes to share private keys or secrets among several individuals to support the same behaviour, which creates potential security issues.

This NIP creates a replaceable event updating protocol with straightforward access controls to be run by DVMs. The private key that controls the event is owned by the DVM. Authorized pubkeys request the DVM to make the changes for them.

Access controls

The DVM will add and update admin tags in the replaceable event. Any request coming from a signed admin will be executed.

{
    ...
    "tags": [
        [ "admin", "<pubkey1>" ], 
        [ "admin", "<pubkey2>" ]
        // ...
    ],
    // ...
}

Admins can add and remove any other admin. By removing all admins, the sender renders the replaceable event immutable.

DVM kinds

This NIP defines kind:5003 (Job Request) as a create or update event. The p tag points to the DVM that should run the update. The content contains a tag i with the modified event signed by an admin and param as relays to tell the DVM where to broadcast this change.

Before applying the modification, the DVM MUST verify the signature of the stringified event and MUST check if the pubkey is an admin.

{
    "kind": 5003,
    "tags": [
        [ "p", "<dvm-pubkey>" ]
    ],
    "content": nip44Encrypt(JSON.stringify(
        [ "i", "<stringified-signed-event>", "text" ]
        [ "param", "relays", "wss://nos.lol", "wss://nostr.mom" ]
    ), "<dvm-pubkey>")
    // ... 
}

The DVM replies with a kind:6900 event that MUST p-tag all admins and MAY include the modified event in its contents.

{
    "content": "<stringified-updated-event>",
    "kind": 6900,
    "tags": [
        [ "p", "<admin1-pubkey>" ],
        [ "p", "<admin2-pubkey>" ],
        [ "e", "<event-id-of-5003>" ]
    ]
}