UCAN examples
This directory contains an example of UCAN usage across multiple agents, and their respective implementations.
Please note that UCAN in itself doesn't enforce any protocol, topology or transport, and as such what you have here is one possibility among many others. In particular:
- this example is really geared towards using UCAN for an HTTP API
- it uses a particular flavor of issuer protocol and token exchange. In particular, that issuer gives delegation tokens to anyone asking.
Your situation may be different from this, and would call for a different setup.
Remember that everything in go-ucan-toolkit is essentially helpers, pre-made building blocks. You can use them, change them or make your own.
Scenario 1
Starting simple, if we run service, service-issuer and alice-client-server, we have the following scenario:
servicecontrols the access to the resource (it's theExecutorin that diagram). You can think about it as a proxy with authentication.service-issuergives a delegation tokens to clients.serviceandservice-issuershare the same DID and keypair.alice-client-serverask for a token, and periodically makes request
Scenario 2
Building on the previous scenario, we are adding sub-delegation.
alice-client-serverstill do the same thing, but also expose a similar token issuer with the same protocol (for simplicity in that example)bob-clientrequest a delegation from Alice, and make direct request to the service
Note a few things:
- Alice can finely tune what Bob can do
- Bob receives two delegations: the original one Alice got and a second one delegating some of that original power to him
- Bob can make direct calls to the service without having to be proxied somewhere
- The service doesn't have to know beforehand about Bob or what power is given to him