Currently its possible users have many keys all over the place, though most users would have one key, and some might prefer to have one per device/install.
- What is the best way to manage it?
- Should we manage it behind the science live account, which generates a default PK, and allows registering additional PKs?
- What if someone wants to use
- How do we stop a user from using any ORCID from any user to publish?
- How do we deal with stolen, leaked or forgotten keys?
Currently in Nanodash:
- An "original" key is generated and stored in a server instance, assigned to each ORCID login, and an Intro nanopub publicly proves the key belongs to the ORCID.
- They never leave the server instance, all signing is done server-side on publish.
- There is no validity period for keys.
- Nanopubs can be created with any date past or future.
- If a key is compromised, there should be some way to figure out any spam that was created and update or disprove those, and creating an updated key.
- Users are also free to generate, manage and use their own keys to sign and publish nanopubs using their own client without Nanodash.
- Additional Intro nanopubs are used to prove any external key also belongs to an ORCID and are linked in the chain or trust for user accounts on that server.
Future possibilities:
- Generate and store keys on device or browser secure store? e.g. like passkeys or SSH keys. This means data breach is limited to each device
- Manage keys behind SLP login account - this might be the most user-friendly. Could also be a flexible approach like some crypto wallets, option of either self-managed or app-managed.
- SLP may need to implement some kind of trust chain or invite system similar to Nanodash.
Currently its possible users have many keys all over the place, though most users would have one key, and some might prefer to have one per device/install.
Currently in Nanodash:
Future possibilities: