1. Share&Charge Foundation Avatar Share&Charge Foundation
  2. Open Charging Network
  3. ocn-registry
  4. Issues

Separate identity from signer

Issue #5 new
Adam Staveley created an issue

In the OCN Registry we have a single identity, used to modify the state of the registry and sign OCPI requests.

This means we have a single point of failure. In OCN applications it is often convenient to keep the identity’s private key in memory to be able to sign outgoing OCPI requests. However, doing so could be considered a security issue, especially as that identity may also have access to funds (if it also pays for the registry entry, for example).

If we separate the identity from the signer, we can mitigate this issue. The registry entry could have an additional field which states the address of its signer. The user could choose a different address (more secure) or use the same one (more convenient).

In the event that the signer key is compromised, the user would then be able to change the signer entered in their registry listing.

This change in architecture would also necessitate a breaking change release (i.e. v2).

Comments (0)

  1. Log in to comment
Assignee
Type
proposal
Priority
major
Status
new
Version
Votes
0
Watchers
0