What is Chaperone
Chaperone: Key management and source chain entry signing in Holo
Still not very clear
? Let's unpack this a bit
with .... yes you've guessed it..

Thread Alert! 

-
-
6/15 While this makes the process of accessing a hApp really user friendly, the setup does have potential 3 weaknesses:
Show this thread -
7/15
The login process unfortunately bears a resemblance (albeit a superficial one) to #centralized#cryptocurrency wallets that purport to hold private keys . These often turn out to be scams.
The UI for the browser could include malicious front end code.Show this thread -
8/15
Traffic for hosted hApps has to be routed through Holo’s distributed gateway infrastructure. While this infrastructure may contain security gaps that could be exploited by bad actors, we have made it as secure as possible (e.g., SNI, E2E encryption, etc.).pic.twitter.com/6k7UUMZ1diShow this thread -
9/15 Our approach to handling these issues has been to develop a secure iFrame we’re calling Chaperone. The application generates keys from the username and password and securely manages them within the browser—essentially, the same process as key generation in
#Holochain.Show this thread -
10/15 Chaperone also handles all zome calls and signing, which means the hApp UI does not have direct access to a user’s login information. Developers using the Holo Hosting web SDK would only interact with Chaperone through the Cross-Origin Message Bus (COMB) library.
Show this thread -
11/15 COMB is our library that wraps the built-in window messenger (window.postMessage), making the API more user friendly by adding request/reply, async/await, and other features.pic.twitter.com/msAMZu7Q9c
Show this thread -
12/15 Thus,
#Holo isn’t responsible for authenticating web users and cannot access keys, minimizing integration requirements and limiting the number of access points that need to be audited for potential leaks.Show this thread -
13/15 Note: If you were to lose your login information, Holo would not have any way to recover it, so make sure you take steps to prevent that from happening.pic.twitter.com/gxSFiE035f
Show this thread -
14/15 If you’re interested in seeing what Chaperone can do, you can use our front end SDK to run a local development instance to test conductors directly without having to connect to a network &
#HoloPort. We encourage you to check this out when it’s available for public releaseShow this thread -
15/15
This should clear things a bit! If you wanted to read
this article all-in-one please visit our blog: https://blog.holochain.org/key-management-and-source-chain-entry-signing-in-holo/ …
#Holochain#Holo#HoloPort#NextNetShow this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
and source chain
entry signing in Holo
The
need to do is log in with a username and password, just as you would on any other website. The connection is end-to-end encrypted (TLS terminates at the 