bsips/bsip-0040.md

    BSIP: 0040
    Title: Custom active permissions
    Authors:
      Alex M <https://github.com/clockworkgr>
      Fabian Schuh <https://github.com/xeroc>
      Stefan Schießl <https://github.com/sschiessl-bcp>
    Status: Draft
    Type: Protocol
    Created: 2018-07-25
    Discussion: https://github.com/bitshares/bitshares-core/issues/1061
    Worker: <Id of worker proposal>

# Abstract

Strengthening user security is one of the main factors to elevate BitShares. Inlight of recent 
hacking and phishing attempts this becomes even more important. The need for a more sophisticated
account security preceeded the idea for a finer-grained control of account permissions.
We propose to add an additional authority to the account, called Custom Active (Permission). The
permission contains a list of operationid-to-authority mappings that each grant access to the respective 
operation as if it were the active permission of the account. Additionally, the arguments of said operation 
can be restricted.

# Motivation and Rational

Any successfull hacking or phishing attempt on any of the web wallets that are powered by the
BitShares Blockchain is bad publicity. The user needs to be educated in account security, and this BSIP
aims to ensure all technical possibilities are met while being flexible to allow many use-cases.

Examples:
 - Witness Key: Only allows update signing key and publish price feed
 - Trading Key: Only allows limit orders (arguments restricted to desired markets), update margin position and transfers (arguments restricted to certain accounts)
 - Proposal Update Key: Approve proposals (2FA comes to mind)
The above list of named keys is nothing that is known to the backend as the backend should have an abstract implementation.
 The UI should provide a button "Create Trading Key" that properly configures the respective custom active permission entry.


# Specifications

# Discussion

To be found in the forum - see link above.

# Summary for Shareholders

# Copyright

This document is placed in the public domain.

# See Also

* https://github.com/bitshares/bitshares-core/issues/1061
Custom active permissions 2018-07-25 11:19:23 +00:00			`BSIP: 0040`
			`Title: Custom active permissions`
			`Authors:`
			`Alex M <https://github.com/clockworkgr>`
			`Fabian Schuh <https://github.com/xeroc>`
			`Stefan Schießl <https://github.com/sschiessl-bcp>`
			`Status: Draft`
			`Type: Protocol`
			`Created: 2018-07-25`
			`Discussion: https://github.com/bitshares/bitshares-core/issues/1061`
			`Worker: <Id of worker proposal>`

			`# Abstract`

			`Strengthening user security is one of the main factors to elevate BitShares. Inlight of recent`
			`hacking and phishing attempts this becomes even more important. The need for a more sophisticated`
			`account security preceeded the idea for a finer-grained control of account permissions.`
			`We propose to add an additional authority to the account, called Custom Active (Permission). The`
			`permission contains a list of operationid-to-authority mappings that each grant access to the respective`
			`operation as if it were the active permission of the account. Additionally, the arguments of said operation`
			`can be restricted.`

			`# Motivation and Rational`

			`Any successfull hacking or phishing attempt on any of the web wallets that are powered by the`
			`BitShares Blockchain is bad publicity. The user needs to be educated in account security, and this BSIP`
			`aims to ensure all technical possibilities are met while being flexible to allow many use-cases.`

			`Examples:`
			`- Witness Key: Only allows update signing key and publish price feed`
			`- Trading Key: Only allows limit orders (arguments restricted to desired markets), update margin position and transfers (arguments restricted to certain accounts)`
			`- Proposal Update Key: Approve proposals (2FA comes to mind)`
			`The above list of named keys is nothing that is known to the backend as the backend should have an abstract implementation.`
			`The UI should provide a button "Create Trading Key" that properly configures the respective custom active permission entry.`



			`# Specifications`

			`# Discussion`

			`To be found in the forum - see link above.`

			`# Summary for Shareholders`

			`# Copyright`

			`This document is placed in the public domain.`

			`# See Also`

			`* https://github.com/bitshares/bitshares-core/issues/1061`