jeffemmett
/
rspace-online
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
rspace-online/backlog/tasks/task-10 - Design-EncryptID-...

2.3 KiB
Raw Blame History

id title status assignee created_date updated_date labels dependencies priority
task-10 Design EncryptID unified identity system for r-ecosystem Done
2026-02-05 15:02 2026-02-05 15:05
architecture
security
rSpace-ecosystem
high

Description

Design and document the EncryptID unified identity/authentication system for rspace.online, rwallet, rvote, rmaps, and rfiles.

Key requirements:

  • WebAuthn/Passkey as primary authentication
  • WebCrypto API for key derivation and client-side encryption
  • Account Abstraction smart wallet integration
  • Social recovery (NO seed phrases)
  • Cross-app SSO across all r-ecosystem apps
  • DID:key for decentralized identity

Acceptance Criteria

  • #1 Architecture document complete with all 5 layers defined
  • #2 Social recovery mechanism designed (no seed phrases)
  • #3 Cross-app SSO strategy documented
  • #4 Integration path with existing CryptID documented
  • #5 Provider comparison (ZeroDev vs Safe vs Privy) complete

Implementation Notes

Completed Research

Created comprehensive ENCRYPTID-SPECIFICATION.md covering:

5-Layer Architecture

  1. Layer 1: WebAuthn/Passkeys - Hardware-backed primary auth
  2. Layer 2: Derived Keys (WebCrypto) - Encryption, signing, DID keys via HKDF
  3. Layer 3: Smart Wallet (AA) - ZeroDev + Safe hybrid for on-chain ops
  4. Layer 4: Social Recovery - Guardian-based, no seed phrases, 48h time-lock
  5. Layer 5: Session/SSO - Related Origin Requests for cross-app auth

Social Recovery Design

  • 3-of-5 guardian threshold recommended
  • Guardian types: secondary passkey, trusted contacts, hardware key, institutional
  • 48-hour time-lock with user notification and cancellation
  • Privacy-preserving (guardians don't know each other)

Provider Comparison

  • ZeroDev: Best for custom flows, native passkey support via Turnkey
  • Safe: Best for DAOs/shared treasuries, multi-sig native
  • Privy: Quickest integration, managed recovery
  • Turnkey: Infrastructure layer, TEE-backed

Key Research Sources

  • Yubico PRF Extension Guide
  • Vitalik's social recovery recommendations
  • ZeroDev/Safe documentation
  • Corbado passkey guides