Back to Learn Hub

Security Guide

Authentication, permissions, and best practices for the DAISI network.

Authentication

DAISI uses a multi-layer authentication system:

  • Secret Keys Account-level secrets used by server-side applications. Never expose these in client-side code.
  • Client Keys Short-lived tokens generated from secret keys. Used for all gRPC API calls. Validated on every request via the ValidateClientKey RPC.
  • Cookie Authentication Web applications use cookie-based auth with the DAISI Manager for seamless user sessions.

Single Sign-On (SSO)

DAISI Manager is the central authentication point for all DAISI web apps. Users log in once at Manager and gain seamless access to all other apps (such as Drive) without re-entering credentials.

How SSO works
  1. A user visits a DAISI app (e.g. Drive) without being logged in.
  2. The app redirects the user to Manager's /sso/authorize endpoint.
  3. If the user is not logged into Manager, they see Manager's login page (OTP-based). If already logged in, this step is skipped.
  4. After authentication, Manager creates a short-lived encrypted ticket containing the user's session data and redirects back to the originating app's /sso/callback.
  5. The app decrypts the ticket, validates the clientKey with the Orc, sets local cookies, and the user is in.

Tickets are encrypted with AES-256-GCM and expire after 60 seconds. Only apps that share the same SsoSigningKey can create or decrypt tickets, and the SsoAllowedOrigins setting controls which apps are permitted to request tickets.

Global Logout

Logging out from any DAISI app logs out everywhere. When a user clicks "Logout", the app calls DeleteClientKey on the Orc, which invalidates the clientKey at the source. Since all apps validate the clientKey on every request, the session becomes invalid across all participating apps simultaneously.

Permissions

DAISI accounts support role-based access control:

Role Capabilities
User Use inference, manage personal settings
Manager Manage account, hosts, skills, and apps
Admin Full account control, review marketplace items, manage releases
Owner All permissions including account deletion and ownership transfer

SSO Security Properties

  • AES-256-GCM Encryption SSO ticket contents are hidden and tamper-proof.
  • 60-Second Ticket Expiry Limits the window for ticket replay attacks.
  • Origin Allowlist Only configured domains can request SSO tickets.
  • Server-Side Validation Relying-party apps still validate the clientKey with the Orc after decrypting the ticket.

Best Practices

  • Rotate Secret Keys Regularly rotate your account secret keys. Revoke any compromised keys immediately.
  • Use HTTPS Always connect to orchestrators and hosts over HTTPS in production environments.
  • Review Tool Permissions When installing marketplace skills, review the required tool groups. Be cautious with elevated permissions like FileTools and CommunicationTools.
  • Least Privilege Assign users the minimum role required for their tasks. Avoid giving Admin or Owner roles unnecessarily.