COG-3: Authentication

Status:      Draft 
Version:     1.0 
Created:     2025-09-24 
Authors:     Mike Anderson  

Purpose

Authentication ensures the integrity, security, and controlled access to assets and operations on the grid, aligning with the decentralized and secure nature of the Covia federated grid. This document outlines authentication mechanisms for venues, enabling secure and flexible access control while maintaining venue operators' autonomy over access rights.

Authentication is managed at a per-venue level, allowing venue operators to define and enforce access policies tailored to their specific requirements.

In general, authentication is build using commonly available web standards and where appropriate makes use of decentralised facilities supported by Convex Lattice DLT.

Specification

Public Venues

Venues MAY provide open, public access to grid operations and assets, enabling public services or sharing open-source capabilities without requiring without requiring prior authorisation.

Venues SHOULD NOT allow unauthorised users to consume excessive resources.

Venues SHOULD implement rate limiting on public venues, e.g. via a proxy server.

API Keys

Venues MAY offer authorisation using an API-Key

The API Key MUST be passed by the client with every HTTPS request using the standard Bearer header.

Authorization: Bearer <token>

If the Venue offers API-key authorisation, it has complete control over what privileges it grants to clients using any particular token.

OAuth

Venues MAY allow authentication using OAuth 2.0 with PKCE.

More details to be provided.