Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ICRC-21: Clarify sender for consent message request #209

Merged
merged 2 commits into from
Sep 4, 2024
Merged

ICRC-21: Clarify sender for consent message request #209

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9b8e7ed
ICRC-21: Clarify sender for consent message request
frederikrothenberger Sep 4, 2024
3ebb852
Replace hot signer with chain-connected component
frederikrothenberger Sep 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions topics/ICRC-21/icrc_21_consent_msg.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ sequenceDiagram
2. The signer fetches the consent message from the target canister and validates the response:
* `icrc21_consent_message_request.method` must match the canister call method.
* `icrc21_consent_message_request.arg` must match the canister call argument.
* The signer must either use the anonymous identity or the same identity as for signing the canister call (in step 6) for the `icrc21_consent_message` request.
* The signer must use the same identity for the `icrc21_consent_message` request as is used for signing the canister call (in step 6).
* The `icrc21_consent_message` canister call must be made to the target canister.
* The response to the `icrc21_consent_message` canister call (fetched using `read_state`) must be delivered in a valid certificate (see [Certification](https://internetcomputer.org/docs/current/references/ic-interface-spec#certification)).
* The decoded response must not be `null` and match the `icrc21_consent_message_response::OK` variant.
Expand Down Expand Up @@ -136,7 +136,13 @@ sequenceDiagram
```

1. The relying party connects to the signer and requests a signature on a canister call.
2. The signer fetches the consent message from the target canister:
2. The chain-connected signer component fetches the consent message from the target canister:
* `icrc21_consent_message_request.method` must match the canister call method.
* `icrc21_consent_message_request.arg` must match the canister call argument.
* The chain-connected signer component must use the anonymous identity for the `icrc21_consent_message` request.
* The `icrc21_consent_message` canister call must be made to the target canister.
peterpeterparker marked this conversation as resolved.
Show resolved Hide resolved
* The response to the `icrc21_consent_message` canister call (fetched using `read_state`) must be delivered in a valid certificate (see [Certification](https://internetcomputer.org/docs/current/references/ic-interface-spec#certification)).
* The decoded response must not be `null` and match the `icrc21_consent_message_response::OK` variant.
3. The canister call and the consent message request as well as the certified response are transferred to the cold signer component.
4. The cold signer component validates the consent message:
1. The consent message request must match the canister call:
Expand Down