A concept that deserves more attention is that of the canister that is fully owned by the user.
In this post I want to open the discussion around “user friendly fully owned canisters” (perhaps UFFOCs or FOCs), their security risks and implementation strategies. I will also share some achievements so far with my little pet project web3disk.app
Problem
Enabling the end user to create, own and fully control a single canister assuming the user only wants to use a frontend in a browser and II authentication.
Currently, fully owning a canister requires technical knowledge and isn’t straight forward from only a frontend in a browser.
Full ownership risks
If the canister serves its own frontend and is only controlled by an II principal, then the domain at which the canister is accessed is a central point of failure. Furthermore, if the frontend breaks or isn’t accessible for whatever reason, access and control of the canister is lost.
Challenges
-
A single canister that serves its own frontend is preferable for simplicity
-
The only controlling principals of the canister should be solely owned by the user.
-
The user needs to be able to charge their canister via the frontend with cycles.
-
The user needs to be able to upgrade their canister
-
Canister creation should be user friendly and not require technical knowledge.
Possible solutions
-
The canister needs to serve its own certified frontend assets via query http_request to provide a UI for the canister in the browser.
-
Ownership should be fully controlled by the user and thus the minimal approach is that
- The canister is controller of itself
- User II principal at CANISTER_ID.ICPDOMAIN is a controller
- The user may add their NNS frontend principal as an extra controller under “my canisters”
- The user can add and remove any controller via the UI
If the user for some reason has issues accessing the canister via its frontend UI, they could use a user friendly service or tool to (temporarily) authenticate to the canister using its domain as the “derivation origin” and perform emergency actions like upgrading their canister.
This off course only works if the user consciously chose beforehand to add this “backup” service to their canister’s “alternative origins” list.
-
This one is trivial and possible through the frontend UI and the canister backend itself.
-
This is only possible through the frontend because a canister cannot upgrade itself. Therefore, the frontend needs to fetch an updated wasm from a trusted source and upgrade the canister.
Since an upgrade either succeeds or fails, the user can’t ‘get stuck’ in the upgrade process and will always be able to reload the frontend, be it from the old version or the new one. -
See below
Ownership means responsibility
After canister creation, the user will have full responsibility over the canister, its cycle balance and whatever functionality it offers.
Even if the user used a service or tool to create the canister, the service is not responsible for what the user does with his/her canister.
Implementation
Web3Disk.app is a blockchain storage solution that enables fully owned secure e2e encrypted storage accessed in the browser and controlled by an II.
Anyone can create a Web3Disk and own it in seconds (free of charge) using the Web3Disk Service. A user creates and takes ownership of his/her canister by authenticating to the Web3Disk Service first and then to their own canister by using its domain as the ‘derivation origin’.
The service then grants full ownership to the user. The user then can access and manage their canister at its domain.
This all happens in a easy-to-use UI without any technical knowledge required by the user.
Next steps
Launching an early version for initial feedback.
Implementing vetKey e2e encryption would make web3disk a serious alternative to secure online storage for small data sizes. The focus would be on security and less so on advanced file management and large data features.
Open sourcing. Then technical users could build and deploy their own Web3Disk without using any service.
Looking forward to hear your thoughts!
Canister creation via Web3Disk Service
Fully owned user canister
Minimal frontend deps for robust and reliable frontend