delegato

The Delegato project began by challenging the current approach to account delegation: One where Corporations that have all of the control of accounts rarely give out authorization Scopes that let account owners build around their accounts.. at this hackathon we wanted to take a swing at empowering users by creating a system that lets them decide who and what can you use their account, in a way where the service provider cannot prevent it.

Our demo requires users to share a password reset link with our secure infrastructure and then we prove to them that they are in control of the account. Companies like Zynga have been burned by building businesses on accounts. When later the account owners change their minds and revoke access. One of the benefits of this account relationship is the service provider needs to give access to their user base and with new cryptographic primitives we can attempt to trustlessly and transparently offer new forms of account delegation. Trailblazers like zkpdp are showing everybody what's possible and we are here to blow that up even further.

The initial plan was was to find out what was possible with advancements in garbled circuits and oblivious transfer and then circle back to ZK and other easier approaches, to even the short time of the hackathon, we decided to go with a trusted execution environment, so when a user decides to onboard our service, we enshrine their account inside of a tee.

They still have full control of the tee but then they can decide which apps and services can drive their account and we can prove to them that we have no ability to rug.

Delegato: Streamlined Authorization for Decentralized Applications

Delegato is a framework for building secure and efficient authorization systems within decentralized applications (dApps). It leverages a combination of cutting-edge technologies to provide a robust and flexible solution.

Here's a breakdown of the key components:

Hydrogen.Passport: This serves as the foundation, providing an OAuth2 and OpenID Connect (OIDC) server for user authentication and token management. Wazero: As the "best web assembly runtime," Wazero enables Delegato to handle authorization logic efficiently across different platforms. ENS CCIP Offchain Read: This component allows Delegato to interact with the Ethereum Name Service (ENS) for decentralized identity management. Arbitrum Stylus: (Optional) If used, Arbitrum Stylus provides additional scalability and security through optimistic rollups on Arbitrum, a Layer 2 scaling solution for Ethereum. Garbled Circuits: (Optional) For advanced privacy-preserving authorization scenarios, Delegato can integrate garbled circuits to further protect sensitive data. DNSSEC: Delegato leverages DNSSEC, a security extension for the Domain Name System (DNS), to ensure data integrity and prevent spoofing attacks. Note: Due to time constraints, Delegato currently utilizes ChatGPT as a "just-in-time (JIT) policy agent." This means authorization rules might be generated dynamically rather than pre-defined.

In essence, Delegato aims to simplify and streamline authorization within dApps by combining these innovative technologies. It promotes secure, efficient, and scalable access control for your decentralized applications.