The web is a wonderful place: open, permissionless, linkable and composable, but also a dangerous place with so many actors: vulnerable and malicious.
Self-custody key is difficult, and Passkey is, in effect, going to be a custodial solution, so you need a separate app outside of the web, but this is friction.
The ideal is to structure the isolated and secure environment and bridge only the results of signing/decryption to general web apps/extensions, with fluentness. Here is one of paths to it.
For example, it enables users to:
Overview
The browser turns itself into the foundation to help your web apps/extensions make self-custody, providing new dedicated credential store and APIs. Therefore, you can easily build self-custody apps using two APIs, window.ssi and browser.ssi.
ℹ️NOTE: Browser will not provide so-called “wallet” because store and setting don’t/shouldn’t have the ability to communicate to external.
Credential Store Service
It is the internal dedicated store for credentials such like secret key, which is protected with isolated process model and encryption. Separation of concerns provides a consistent service interface regardless of whether the actual data resides in the file system, on the Secure Element(SE), or on separate hardware. Accessed via internal privileged services from browser.ssi.
browser.ssi
It is the core API (if chrome, it would be named chrome.ssi), which bridges the tasks related to credentials such like sign/decrypt between internal module and user land. It also provides setting states while paying attention to privacy and security, basically which are what user can choose whether to make open. General web extensions can use it in its background script and content script. Also, general web apps can use it via window.ssi.
window.ssi
It is the most accessible API that is widely published on the web. General web extensions and general web apps can use it anywhere.
Installation
Currently this is individual project and you can experience and develop it in a custom browser of our reference implementation based on Firefox ESR.
It add-ons four main components for Self-Sovereign Identity - window.ssi, browser.ssi, services.ssi(credential store service) and about:selfsovereignidentity(setting page).
Also, those components can easily add-on to other firefox forks as well, so you can choose another implementation. And your implementation, too!
System Requirements
https://www.mozilla.org/en-US/firefox/128.4.0/system-requirements/
Install from source
- Set up your editor - https://firefox-source-docs.mozilla.org/contributing/editor.html
- Check out from https://gitlab.com/studioteatwo/gecko-dev-for-mvp ℹ️NOTE: for first time, depth option recommended
git clone git@gitlab.com:studioteatwo/gecko-dev-for-mvp.git --depth 1
- Build ℹ️NOTE: it will take an hour or more
cd gecko-dev-for-mvp
./mach build
- After that, you can choose
./mach run(for interactive) or./mach package(for static).
Install from the binaries
Download the one for your platform from the distribution site.
ℹ️NOTE: Currently these builds are pre-release-style release. Please hold the ctl key and right-click on Mac and Windows.
https://github.com/studioTeaTwo/gecko-dev-pkg-distributor/releases
Install other firefox forks
Tor Browser version
- Set up your editor - https://firefox-source-docs.mozilla.org/contributing/editor.html
- Check out from https://gitlab.com/studioteatwo/gecko-dev-for-mvp
git clone git@gitlab.com:studioteatwo/gecko-dev-for-mvp.git --depth 1
git checkout mvp-tor
Configure
Depending on your build, you may need to configure manually in about:config.
| requirement | key | value |
|---|---|---|
| MUST | security.nocertdb | false |
Versioning
These builds are forked and therefore managed by versioning both the custom add-on browser and the base browser. The version is difined below:
v<custom-browser-version><custom-browser-branch>-<base-browser-version><base-browser-suffix>
For example v0.0.1mvp-128.5.0esr is destined for a 0.0.1 release from mvp branch, based on the Mozilla Firefox 128 ESR branch. If v0.0.1beta-14.0-1tor, it means a 0.0.1 release from beta branch, based on the Tor browser 14.0-1 release.
And, to distinguish with the branding, the install path and so on of the base browser, the namespace ssb is defined.
window.ssi
🌡️Experimental: This is an experimental technology
Usage
window.ssi.nostr.getPublicKey()
Nostr
ℹ️NOTE: These are normally wrapped in window.nostr on NIP-07.
Namespace
ssi.nostr
APIs
| type | name |
|---|---|
| function | getPublicKey |
| function | sign |
| event | accountChanged |
| event | providerChanged |
browser.ssi
🌡️Experimental: This is an experimental technology
Usage
browser.ssi.searchCredentialsWithoutSecret(protocolName, credentialName, primary, uniqueId)
General
Namespace
ssi
APIs
| type | name | scope |
|---|---|---|
| function | searchCredentialsWithoutSecret |
Nostr
Namespace
ssi.nostr
APIs
| type | name | scope |
|---|---|---|
| function | getPrefs | |
| function | sign | |
| event | onPrimaryChanged | |
| event | onPrefEnabledChanged | |
| event | onPrefTrustedSitesChanged | |
| event | onPrefAccountChanged | |
| event | onPrefBuiltInNip07Changed |