We'd like to introduce Chaperone, our approach to key management and authentication on the Holo network. This is a secure iFrame that will preserve the convenience of accessing Holo-hosted hApps, while maintaining the security focus in Holochain Core.
- Chaperone: Key management and source chain entry signing in Holo
Chaperone: Key management and source chain entry signing in Holo
The Holo network functions like Holochain Core in some ways, but resembles traditional client-server web applications in others. This might raise a few questions about how things actually work in this environment. Today, let’s tackle the question, “Using the Chaperone iFrame, how do keys and authentication work in Holo?”
As we’ve mentioned, Holo was designed to be a bridge between the traditional World Wide Web and a new decentralized internet. While HoloPorts store and propagate entries in the decentralized fashion consistent with Holochain, users can instruct a hosted hApp using an ordinary web browser. All users need to do is log in with a username and password, just as you would on any other website. The connection is end-to-end encrypted (TLS terminates at the HoloPort, not the Holo gateway).
Other static assets, including UIs, can be served from anywhere. Crucially, there is NO requirement for hardware wallets, key store files, or other things typically associated with accessing decentralized networks such as Bitcoin. While this makes the process of accessing a hApp really user friendly, the setup does have potential weaknesses:
- The login process unfortunately bears a resemblance (albeit a superficial one) to centralized cryptocurrency wallets that purport to hold private keys. These often turn out to be scams.
- The UI for the browser could include malicious front end code.
- Traffic for hosted hApps has to be routed through Holo’s distributed gateway infrastructure. While this infrastructure may contain security gaps that could be exploited by bad actors, we have made it as secure as possible (e.g., SNI, E2E encryption, etc.).
Our approach to handling these issues has been to develop a secure iFrame we’re calling Chaperone. The application generates keys from the username and password and securely manages them within the browser—essentially, the same process as key generation in Holochain. Chaperone also handles all zome calls and signing, which means the hApp UI does not have direct access to a user’s login information. Developers using the Holo Hosting web SDK would only interact with Chaperone through the Cross-Origin Message Bus (COMB) library. COMB is our library that wraps the built-in window messenger (window.postMessage), making the API more user friendly by adding request/reply, async/await, and other features.
Thus, Holo isn’t responsible for authenticating web users and cannot access keys, minimizing integration requirements and limiting the number of access points that need to be audited for potential leaks. Note: If you were to lose your login information, Holo would not have any way to recover it, so make sure you take steps to prevent that from happening.
If you’re interested in seeing what Chaperone can do, you can use our front end SDK to run a local development instance to test conductors directly without having to connect to a network and a HoloPort. We encourage you to check this out when it’s available for public release.
Holochain Core Concepts and Tutorials
We want to hear from you! Help us create documentation that would benefit your understanding of Holochain and aid you in building apps. If you have already read, explored, or completed the Holochain Core Concepts and Tutorials, we would appreciate your input through this quick survey! Please take a moment to tell us about your experience and how we might help you further!