0080 XLS-80d: Permissioned Domains #228
Replies: 8 comments 4 replies
-
No ability to clutter and congest, good. |
Beta Was this translation helpful? Give feedback.
-
An update to this spec was published today, 2024-09-25. Token support was removed. This was to focus the feature on the "who can participate" aspect, rather than the "how they can participate" aspect. It makes it more flexible and easier to use in other primitives. |
Beta Was this translation helpful? Give feedback.
-
@mvadari The PR is ready for review, but I have some modifications to suggest for the spec, and some questions for the near future. Here's the PR: XRPLF/rippled#5149 Here are notes I have regarding the spec:
Here's what an object looks like from account_objects. The "index" field is there:
}
Also related to this is the lookup for credentials--that has not been implemented nor specified yet. But it relates to how or whether duplicates Issuers may be sorted. The lookup can be done as part of this project, or, perhaps, for a project that depends on this and may have it's own way in mind for this. My suggestion is to allow duplicates, order by Issuer then by CredentialType. Then for quick lookup, do a binary search to find a match or not. What do you think? |
Beta Was this translation helpful? Give feedback.
-
@mvadari Regarding lookup, I guess it could be a linear check, too, which sorting helps with. Or binary, which might be faster since there won't need to be as many steps through the array. I don't want to allow duplicates, but was just trying to clarify if they were to be included or not. It seems like the specific query mechanism can be implemented when the permissioned domains start to be used by another feature--it shouldn't be a big deal to implement when the time comes. Anyway, all of my questions are answered now, and the PR is finished (pending reviewer signoff). |
Beta Was this translation helpful? Give feedback.
-
Per the XLS Contributing process, it is my opinion that we have reached a "well-refined standard." As such, I propose that we move this discussion to a file (via #234) and work on final changes using additional PRs, for better change-tracking. Please comment here if you would like to object to moving this spec/discussion forward in the process into a DRAFT spec. (Note that per the Contributing guidelines, moving a spec into the DRAFT state does not mean any kind of endorsement, nor does it mean that this specification will become adopted. It is solely meant as a mechanism to enable better change tracking using PRs.) |
Beta Was this translation helpful? Give feedback.
-
Closing this discussion since the spec has been initially merged via #234. For further discussion or changes, please open a PR in this repo on XLS-80d. |
Beta Was this translation helpful? Give feedback.
-
If you agree with Point-6, I can open a PR:
Is there any other way to accomplish this? Would developers want to search for a specific PD? |
Beta Was this translation helpful? Give feedback.
-
It's also a little confusing that the |
Beta Was this translation helpful? Give feedback.
-
Permissioned Domains
Abstract
This proposal introduces the concept of permissioned domains. Permissioned domains enable the creation of controlled environments within a broader system where specific rules and restrictions can be applied to user interactions and asset flow. This approach aims to bridge the gap between the transparency and security benefits of decentralized blockchain technology and the regulatory requirements of traditional financial institutions.
1. Overview
This proposal builds on top of XLS-70d, as credentials are needed for permissioning.
We propose:
PermissionedDomain
ledger object.PermissionedDomainSet
transaction.PermissionedDomainDelete
transaction.This feature will require an amendment. Since this feature doesn't bring any functionality to the XRPL by itself, it will be gated by other amendments that use it instead.
1.1. Terminology
2. On-Ledger Object:
PermissionedDomain
This object represents a permissioned domain.
2.1. Fields
LedgerIndex
string
Hash256
Flags
number
UInt32
LedgerEntryType
string
UInt16
PermissionedDomain
).Owner
string
AccountID
Sequence
number
UInt32
Sequence
value of thePermissionedDomainSet
transaction that created this domain. Used in combination with theAccount
to identify this domain.AcceptedCredentials
array
STArray
PreviousTxnID
string
Hash256
PreviousTxnLgrSeq
number
UInt32
2.1.1.
LedgerIndex
The ID of this object will be a hash that incorporates the
Owner
andSequence
fields, combined with a unique space key forPermissionedDomain
objects, which will be defined during implementation.This value will be used wherever a
DomainID
is required.2.1.2.
AcceptedCredentials
This is an array of inner objects referencing a type of credential. The maximum length of this array is 10.
The array will be sorted by
Issuer
, so that searching it for a match is more performant.If this field is not included in the domain, then credentials do not need to be used when interacting with anything using the domain (i.e. there are no credential-based rules).
Issuer
string
AccountID
CredentialType
string
Blob
2.2. Account Deletion
The
PermissionedDomain
object is a deletion blocker.3. Transaction:
PermissionedDomainSet
This transaction creates or modifies a
PermissionedDomain
object.3.1. Fields
TransactionType
string
UInt16
PermissionedDomainSet
).Flags
number
UInt32
Account
string
AccountID
DomainID
string
Hash256
AcceptedCredentials
array
STArray
3.2. Failure Conditions
Issuer
doesn't exist on one or more of the credentials inAcceptedCredentials
.AcceptedCredentials
array is empty or too long (limit 10).DomainID
is included:Account
isn't the domain owner.3.3. State Changes
If the transaction is successful:
PermissionedDomain
object.4. Transaction:
PermissionedDomainDelete
This transaction deletes a
PermissionedDomain
object.4.1. Fields
TransactionType
string
UInt16
PermissionedDomainDelete
).Account
string
AccountID
DomainID
string
Hash256
4.2. Failure Conditions
DomainID
doesn't exist.4.3. State Changes
If the transaction is successful:
PermissionedDomain
object.5. Examples
A sample domain object may look like this (ignoring common fields):
6. Invariants
AcceptedCredentials
array must have length between 1 and 10, if included.7. Security
7.1. Issuer Trust
Relying on external issuers for credentials requires a degree of trust. If issuer credentials are compromised or forged, the system will be vulnerable.
7.2. Domain Creator Trust
While users can create their own domains, trust in the domain creator remains crucial. Malicious domain creators (or hackers) could potentially expose domain users to illegal liquidity.
Appendix
Appendix A: FAQ
A.1: Why is the name
PermissionedDomain
so long? Why not shorten it to justDomain
?The term
Domain
is already used in the account settings, so it would be confusing to use just the termDomain
for this.A.2: Can a domain owner also be a credential issuer?
Yes.
A.3: Can other rule types be added to domains?
Yes, if there is a need (though they must be focused on "who can participate" rather than other aspects of participation, like tokens). If you have any in mind, please mention them below.
A.5: Can I AND credentials together?
No, because it is difficult to make a clean design for that capability.
A.6: Does the domain owner have any special powers over the accepted credentials?
No, unless they are also the issuer of said credential.
A.7: Does the domain owner need to hold the credentials?
No.
A.8: Why not have a ledger object for each domain rule, instead of having it all in one object? Then you wouldn't have any limitations on how many rules a domain could have.
This won't work.
The ledger needs to be able to iterate through the domain rules to ensure that all of them are being adhered to. If a domain owner has millions of objects (or millions of rules), then iterating through all of those objects becomes prohibitively expensive from a performance standpoint.
Beta Was this translation helpful? Give feedback.
All reactions