Update permissions for adding a NETWORK_MONITOR DID

- Align the permissions to the updated CANdy Network Provisional Governance Framework (Layer 1) document. Signed-off-by: Wade Barnes <wade@neoterictech.ca>
ICCS-ISAC · May 10, 2023 · a5c11f7 · a5c11f7
1 parent 488c028
commit a5c11f7
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/environments/prod/auth_rules b/environments/prod/auth_rules
@@ -89,9 +89,9 @@ ledger auth-rule txn_type=NYM action=ADD field=role old_value=* new_value=2 cons
 ledger auth-rule txn_type=NYM action=ADD field=role old_value=* new_value=101 constraint="{"sig_count":2,"role":"0","constraint_id":"ROLE","need_to_be_owner":false}"
 
 # Add Network_Monitor DID
-#  - Require 1 Trustee signature || 1 Steward signature || 1 Network_Monitor signature
-#  - Source: Draft Governance
-ledger auth-rule txn_type=NYM action=ADD field=role old_value=* new_value=201 constraint="{"constraint_id":"OR","auth_constraints":[{"sig_count":1,"role":"0","constraint_id":"ROLE","need_to_be_owner":false},{"sig_count":1,"role":"2","constraint_id":"ROLE","need_to_be_owner":false},{"sig_count":1,"role":"201","constraint_id":"ROLE","need_to_be_owner":false}]}"
+#  - Require 1 Trustee signature (from same jurisdiction - not enforceable)
+#  - Source: Draft Governance; Governed Role Policies: Network Monitor - Onboarding Policies (https://github.com/ICCS-ISAC/Groupes-de-travail-CANdy-Working-Groups/blob/main/Provisional-GF-provisoire/(Layer%201)-CANdy-Utility-Provisional-Governance-Framework.md#governed-role-policies-network-monitor)
+ledger auth-rule txn_type=NYM action=ADD field=role old_value=* new_value=201 constraint="{"sig_count":1,"role":"0","constraint_id":"ROLE","need_to_be_owner":false}"
 
 # Add non-privileged DID
 #  - Require 1 Trustee signature || 1 Endorser signature

diff --git a/environments/test/auth_rules b/environments/test/auth_rules
@@ -89,9 +89,9 @@ ledger auth-rule txn_type=NYM action=ADD field=role old_value=* new_value=2 cons
 ledger auth-rule txn_type=NYM action=ADD field=role old_value=* new_value=101 constraint="{"sig_count":2,"role":"0","constraint_id":"ROLE","need_to_be_owner":false}"
 
 # Add Network_Monitor DID
-#  - Require 1 Trustee signature || 1 Steward signature || 1 Network_Monitor signature
+#  - Require 1 Trustee signature (from same jurisdiction - not enforceable via auth_rules)
 #  - Source: Draft Governance; Governed Role Policies: Network Monitor - Onboarding Policies (https://github.com/ICCS-ISAC/Groupes-de-travail-CANdy-Working-Groups/blob/main/Provisional-GF-provisoire/(Layer%201)-CANdy-Utility-Provisional-Governance-Framework.md#governed-role-policies-network-monitor)
-ledger auth-rule txn_type=NYM action=ADD field=role old_value=* new_value=201 constraint="{"constraint_id":"OR","auth_constraints":[{"sig_count":1,"role":"0","constraint_id":"ROLE","need_to_be_owner":false},{"sig_count":1,"role":"2","constraint_id":"ROLE","need_to_be_owner":false},{"sig_count":1,"role":"201","constraint_id":"ROLE","need_to_be_owner":false}]}"
+ledger auth-rule txn_type=NYM action=ADD field=role old_value=* new_value=201 constraint="{"sig_count":1,"role":"0","constraint_id":"ROLE","need_to_be_owner":false}"
 
 # Add non-privileged DID
 #  - Require 1 Trustee signature || 1 Endorser signature