Consider data set storage provider change needing client auth #203
Description
In PDPVerifier, the SP is able to move a data set to another owner address given that owner address accepts the move. Original SP does a proposeDataSetStorageProvider(), new SP does a claimDataSetStorageProvider() and we update it here.
The payment rail can never change, so original payee/beneficiary still gets paid as long as the data set is proven, but we only care that the new SP is in the provider registry (as at #191).
This means that a client only has strict control over who they are paying for the proving, not what SP is doing the proving. The product question here is whether that's reasonable and OK? If I pay someone in Sweden to provide me with premium Swedish storage services, and then turn around and outsource that to someone proving budget proving services in Mauritius and pocketing the difference, does that matter? I choose a provider based on some criteria in the registry, maybe their reputation or maybe their claims about egress, then I get stuck with my data at the end of a 100KiB connection so my retrievals are now garbage.
We have an extraData in PDPVerifier claimDataSetStorageProvider() which we pass on to WarmStorage, there's opportunity to have a client signed authorisation here so it's up to the client to allow the move.
It would be worth thinking through what the requirements are that this feature even solves, why do we have this? Do we need it? Should we block it in WarmStorage, authorise it, or YOLO it?
Metadata
Metadata
Assignees
Labels
Type
Projects
Status