User Story: Connect Wallet to Storage

As a wallet user, I want to connect to a wallet attached storage server, so I can use it to share data.

Context
- Learner Credential Wallet Connect to Storage
Conversation
Confirmation
- Server MUST support PUT /space/:spaceUuid with HTTP Signature and ed25519 Multikey
- Adding Space
  - Adding Space using ed25519 Multikey
Implementations
- wallet-attached-storage-server
- wasup

Context

Learner Credential Wallet Connect to Storage

This user story was directly inspired by the following user story envisioned for https://lcw.app/.

Alice connects her Learner Credential Wallet to a Wallet-Attached Storage provider during wallet setup.

Alice goes to set up her wallet
As part of wallet setup, Alice receives a Verifiable Credential (for example, from her university) that will serve as an "onboard coupon" for participating storage providers
On the Wallet setup screen, she presses 'Connect to Cloud Storage' (exact wording being workshopped)
On the next screen, she selects from a list of available storage providers
- this list will be driven off of static config
- (a registry of providers is out of scope, and left for future projects)
LCW app looks up the wallet onboarding API endpoint from config, and performs an API request to the storage provider's endpoint to provision storage for her wallet
- the API request includes the "onboard coupon"
- the API request includes proof of control of Alice's DID (since the storage space is tied to a particular DID as root controller)
The storage provider provisions storage for the given DID, and returns back to Alice's wallet:
- the URL for the provisioned storage instance
- an authorization that provides the wallet with permission to read and write to that storage
Alice's LCW app can now read from and write to the provisioned cloud storage

Conversation

We seek to socialize this user story widely as a core user story for the Wallet Attached Storage protocol.

Plan of conversation:

Publish this user story at a final public URL
- Actions
  - [ ] bengo: publish wallet.storage/user-stories/connect-wallet
Solicit feedback from digitalcredentials.mit.edu
Incorporate feedback into the user story andd add to change log

If you want to be a part of the conversation, please publish feedback and link to Wallet Attached Storage.

Confirmation

This section describes how to confirm that an implementation has satisfied the user story.

Server MUST support PUT /space/:spaceUuid with HTTP Signature and ed25519 Multikey

Given

a user has a digital wallet that supports the Wallet Attached Storage protocol,
the user has a conformant Wallet Attached Storage server that supports the protocol,
the wallet controls an Ed25519 Key Pair

When

the wallet requests to add a space using ed25519 Multikey
and the request Authorization header has a valid HTTP Signature that signs over the @method and @request-target components using an Ed25519 key
and the wallet follows redirects on the response

When the server successfully verified the request

the response MUST have status 200, 201, or 204

When the server is unable to verify the request authorization

the response MUST have status 401
the response SHOULD include one or more WWW-Authenticate headers

Based on the response status code, the wallet can determine whether it has successfully connected to the Wallet Attached Storage server. A Successful response (i.e. 2xx response status) indicates a successful connection.

Adding Space

Adding Space using ed25519 Multikey

Simply PUT a representation of the Space as JSON to /space/:spaceUuid, signed by the key.

Encode the key as a Multikey and refer to it as a did:key verification method URI. The mb-value MUST start with z6Mk like cid-1.0 Example 9. Other keyId syntaxes MAY be supported.

PUT /space/:spaceUuid HTTP/1.1
Authorization: Signature keyId="did:key:{mb-value}#{mb-value}"…

{
  "name": "Connection to Wallet Attached Storage"
}