Status | IN PROGRESS |
---|---|
Stakeholders | |
Outcome | |
Due date | |
Owner |
Background
Iroha Special Instructions processing requires to have a permissions based security model.
Whitepaper and Iroha v1 documentation were researched. The proposal is to use already existing Iroha Special Instructions + Assets mechanisms for Permissions implementation.
Problem
The White Paper requires protection of data from unauthorized read and write access.
Iroha 1 documentation gives a Permission's definition:
A named rule that gives the privilege to perform a command. Permission cannot be granted to an account directly, instead, account has roles, which are collections of permissions. Although, there is an exception, see Grantable Permission.
and Grant-able Permission:
Only grantable permission is given to anaccountdirectly. An account that holds grantable permission is allowed to perform some particular action on behalf of another account. For example, if accounta@domain1gives the accountb@domain2a permission that it can transfer assets — thenb@domain2can transfer assets ofa@domain1to anyone.
As you can see permissions were a first-level entities in Iroha 1 while they can be easily implemented by Iroha Special Instructions + Assets.
Solution
pub mod isi { ... enum Instruction { Add(...), Register(...), ... Check(permissions::isi::CheckInstruction), } } pub mod permissions::isi { pub struct CheckInstruction<C, O> { condition: C, object: O, } }
Signature of `Instruction::execute` method provides an ability to return error result which for `Check` variant will prevent execution of Instructions for which account has no permissions. Each OOB Instruction and Query will include `Check` instructions in it:
impl Register { fn execute(...) -> Result<...> { Check{|account| account.asset("role") == ADMIN }.execute(...)?; ... } }
In this example you can see that we do not need to add permission related attributes to the `Account` and can use assets instead.
The same can be done with custom permissions, storing them in assets components of the account.