Area
Proposal Pillar
Is there new design needed?
No
What?
Background
GovTool is built for interacting with web-based wallets, communicating over CIP-30/CIP-95 to read user’s public credentials and request signatures from secret credentials.
GovTool uses .signData() to prove a wallet controls the secret credentials associated with the presented public credentials. Via the GovTool Proposal Pillar frontend, users produce signatures for Stake and DRep keys which if valid, grant them JWT access token to comment and vote on proposals.
For the life of the JWT token (currently set as XXX), Proposal Pillar knows that the connected wallet/user is who their wallet claims them to be. Proposal Pillar’s backend APIs require this valid JWT token to allow interaction.
GovTool’s Proposal Pillar backend is the only source of truth for proposals. This makes coordination with other tools reading and writing to this data harder, than if this data was stored on-chain.
Why?
Some DReps don't use standard wallets to control their DRep credentials, and so cannot connect to the Proposal Pillar’s frontend to be authenticated. This means that these DReps are excluded from being able to participate in Budget Proposal discussions. This is bad as the Budget Process aims to include all DReps in reviewing proposals.
How?
Since CLI DReps are unable to authenticate themselves via Proposal Pillar’s web interface/JWT, we must use another method to prove their key ownership (which is a prerequisite to be able to POST comments and votes.
For a minimum approach we could introduce new backend endpoint(s) which allow CLI (or anyone) to POST comments/polls too. Something like bd-external-poll-vote.
This endpoint would expect the normal comment/poll parameters, but would also require a way to authenticate/verify the associated DRep credentials. We could do this by having the DRep supply a ‘.signData()’ style signature with each POST request. The Proposal Backend can then verify the signature, and if valid the DRep’s comment/vote will be added to the database.
The signature per POST request replaces the need for the creation of an authenticated JWT token.
In an ideal world, the Proposal Pillar frontend would be able to give the DRep the required JSON object that they have to sign over. Similar to how Summon does it, see in video here. For MVP we can rely on a documentation page with boilerplate.
basic flow
- CLI DRep browses the Budget Discussions frontend and finds a proposal they want to submit a poll vote on
- (They follow some instructions on how to submit a poll)
- They create a vote JSON object, which contains data on what they are voting on and their voting choice
- They use their CLI keys to produce a signature over this data/ hash of data
- They POST this vote object and signature to bd-external-poll-vote
- The Proposal Pillar backend verifies the data and signature is valid
- If all is valid then the data is saved to the Proposal Pillar Database
Open Questions
What signature scheme should/could be used for CLI users?
There are two options here, either we use the CIP-08 standard, which matches the .signData() method, OR we have CLI uses include the object within transaction metadata and sign that.
The CIP-08 standard signatures would be easier for the Proposal Pillar to validate as this is how current .signData() is validated. But this is likely harder for CLI users, because this standard is not a part of the cardano-cli, so users would need to install and use other tools such as cardano-signer. This may be annoying for them.
Asking CLI users to create a invalid transaction (so it can’t be submitted) with the metadata is likely easier for CLI users to do, and matches how they have used tools such as Summon platform before. But this adds some additional overhead for how Proposal Pillar validates the requests, but this isn't something too difficult.
What is the needed data to be included in the POST request?
We will need to decide the exact information required for a DRep to post a comment or a vote into the Proposal Pillar database. The content is straightforward, but we will just have to document it properly.
As mentioned above ideally, we would integrate this into the frontend somehow, offering DReps the JSON object they will need to sign over, allowing them to copy and paste.
(Optional) User Story with acceptance criteria
No response
Area
Proposal Pillar
Is there new design needed?
No
What?
Background
GovTool is built for interacting with web-based wallets, communicating over CIP-30/CIP-95 to read user’s public credentials and request signatures from secret credentials.
GovTool uses
.signData()to prove a wallet controls the secret credentials associated with the presented public credentials. Via the GovTool Proposal Pillar frontend, users produce signatures for Stake and DRep keys which if valid, grant them JWT access token to comment and vote on proposals.For the life of the JWT token (currently set as XXX), Proposal Pillar knows that the connected wallet/user is who their wallet claims them to be. Proposal Pillar’s backend APIs require this valid JWT token to allow interaction.
GovTool’s Proposal Pillar backend is the only source of truth for proposals. This makes coordination with other tools reading and writing to this data harder, than if this data was stored on-chain.
Why?
Some DReps don't use standard wallets to control their DRep credentials, and so cannot connect to the Proposal Pillar’s frontend to be authenticated. This means that these DReps are excluded from being able to participate in Budget Proposal discussions. This is bad as the Budget Process aims to include all DReps in reviewing proposals.
How?
Since CLI DReps are unable to authenticate themselves via Proposal Pillar’s web interface/JWT, we must use another method to prove their key ownership (which is a prerequisite to be able to POST comments and votes.
For a minimum approach we could introduce new backend endpoint(s) which allow CLI (or anyone) to POST comments/polls too. Something like bd-external-poll-vote.
This endpoint would expect the normal comment/poll parameters, but would also require a way to authenticate/verify the associated DRep credentials. We could do this by having the DRep supply a ‘.signData()’ style signature with each POST request. The Proposal Backend can then verify the signature, and if valid the DRep’s comment/vote will be added to the database.
The signature per POST request replaces the need for the creation of an authenticated JWT token.
In an ideal world, the Proposal Pillar frontend would be able to give the DRep the required JSON object that they have to sign over. Similar to how Summon does it, see in video here. For MVP we can rely on a documentation page with boilerplate.
basic flow
Open Questions
What signature scheme should/could be used for CLI users?
There are two options here, either we use the CIP-08 standard, which matches the .signData() method, OR we have CLI uses include the object within transaction metadata and sign that.
The CIP-08 standard signatures would be easier for the Proposal Pillar to validate as this is how current .signData() is validated. But this is likely harder for CLI users, because this standard is not a part of the cardano-cli, so users would need to install and use other tools such as cardano-signer. This may be annoying for them.
Asking CLI users to create a invalid transaction (so it can’t be submitted) with the metadata is likely easier for CLI users to do, and matches how they have used tools such as Summon platform before. But this adds some additional overhead for how Proposal Pillar validates the requests, but this isn't something too difficult.
What is the needed data to be included in the POST request?
We will need to decide the exact information required for a DRep to post a comment or a vote into the Proposal Pillar database. The content is straightforward, but we will just have to document it properly.
As mentioned above ideally, we would integrate this into the frontend somehow, offering DReps the JSON object they will need to sign over, allowing them to copy and paste.
(Optional) User Story with acceptance criteria
No response