Conversation
Peeja
left a comment
Peeja
left a comment
There was a problem hiding this comment.
I think I'm missing some context on this. Do we control both ends of the Spade conversation? I had imagined that Spade implemented a common API, but are the (Filecoin) storage providers supposed to run a Spade client specifically to fetch from our Spade service? Is that why we can extend it this way?
In that case, we could probably make the API know more about UCAN directly. Is the idea here not to do that to keep UCAN out of Spade? But HTTP headers are fair game because it's already dealing with HTTP URLs?
Yes we run the Spade API and the clients run a Spade client. The status quo is that SPs run various scripts and community created clients in order to interact with Spade. We will create our own Spade client (I'm calling this an agent, since it's a long running process, not just a client library) so that we can ensure quality of service.
The Spade API already authenticates clients with it's own auth system (SPID), so in the interests of not rewriting the whole thing the idea where was to just extend the response format slightly so that it can basically operate how it currently does, with minimal changes. It's also backwards compatible with existing publically available data - just don't send any HTTP headers. It should also be pretty easy for any existing clients to be updated, should anyone ever want to do that. |
2 participants
A proposal for how to do UCAN authorized retrieval in the Forge network with Spade.
📖 Preview
Note: we could push this back further into the filecoin pipeline - i.e. the manifest it provides to Spade could include these headers...interested in opinions here.