agorise
/
bsips
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update bsip-0040.md

bsip53
Stefan Schießl 2018-07-25 14:11:03 +02:00 committed by GitHub
parent e928c44cc8
commit e8fabfd5cd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
bsip-0040.md
View File

@ -37,7 +37,17 @@ The above list of named keys is nothing that is known to the backend as the back
# Rational
The description here is more on a superficial level and no recommendation how it can best be implemented.
Custom active permission is a list of custom active authorities. A `custom active authorities` contains an `operation_id`, an `authority` (just like with active permission) and a list of `restricted arguments`. When a transaction is signed with such an authority the backend checks if the contained operation has a corresponding custom active authority entry and if so acts as if the active authority of the corresponding account is given. It also checks if the arguments are in the allowed range.
Custom active permission is a list of custom active authorities. A `custom active authorities` contains an `operation_id`, an `authority` (just like with active permission) and a list of `assert`s than can be used to restricted arguments. When a transaction is signed with such an authority the backend checks if the contained operation has a corresponding custom active authority entry and if so acts as if the active authority of the corresponding account is given. It also checks if the arguments are in the allowed range.
A Custom Active Permission looks like follows (in JSON for clarification, backend serializes and stores in a different way):
```
custom_active_permission = list of custom_active_authority items
custom_active_authority = {
operationid,
auhtority,
assert
}
```
Example:
Assume account A and B and some unrelated key K. Furthermore A has a custom active authority in the following way:
@ -57,12 +67,11 @@ custom active authority = {
That has the consquence now that a a transfer transaction sending funds away from A can be signed with key K as long as the receiver is B.
# Specifications
* the account objects must be extended to store custom active authority
* an operation must be extended or created to allow changing the custom active authority
* additional signatures and operation-specific authorities (if present) must be evaluated against incoming transactions
* additional committee parameters may need to be specified to limit the extend of usage of this feature
Requirements to modify the backend includes
* Extend the account object to store custom active permission
* Extend `account_update` or create a new operation to allow changing the custom active permission
* Operation-specific authorities (if present) must be evaluated in incoming transactions
* Additional committee parameters may be needed to limit the extend of usage of this feature
# Discussion
@ -76,6 +85,3 @@ Bad publicity in terms of security can have very negative effect on the BTS valu
This document is placed in the public domain.
# See Also