Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate authz module into provenance and use it to transfer restricted marker's #265

Closed
4 tasks
arnabmitra opened this issue Apr 26, 2021 · 4 comments · Fixed by #383
Closed
4 tasks

Integrate authz module into provenance and use it to transfer restricted marker's #265

arnabmitra opened this issue Apr 26, 2021 · 4 comments · Fixed by #383
Assignees
@channa-figure
Milestone
v1.7.0

Comments

@arnabmitra
Copy link
Contributor

Summary

Integrate authz module into provenance and use it to transfer restricted marker's with permission's from both admin and transferor.

Problem Definition

Original issue is detailed here #261

Basically restricted marker's need permission of the transferor and admin to move.

Authz does provide a standardized way of granting, exec'ing and removing the grant(once exec'ed) and should probably be used.

Disadvantages are more orchestration by client, but that is expected for restricted markers.

Proposal

  1. Owner of restricted marker(Transferor) authz grant permission to the admin to move coin
  2. Administrator of restricted marker gives authz grant to transferor allow transfer coin(needed to prevent direct invoke of the rpc method)
  3. Admin can now transfer coins via authz execMessage(authz allows msg to have only one signer, so signer of transfer obj remains owner of marker, but signer of authz exec becomes the grantee i.e admin here)
  4. Owner can transfer too by normal invoke but method now checks admin has given grant(this will be using the authz keeper (i think there has to be custom to remove the admin grant to owner grant once exec'ed)

For Admin Use

  • Not duplicate issue
  • Appropriate labels applied
  • Appropriate contributors tagged
  • Contributor assigned/self-assigned
@arnabmitra arnabmitra added this to the v1.3.0 milestone Apr 26, 2021
@iramiller
Copy link
Member

This is largely a duplicate of #262

@arnabmitra
Copy link
Contributor Author

good with closing this

@arnabmitra arnabmitra mentioned this issue Apr 26, 2021
Closed
8 tasks
@iramiller iramiller modified the milestones: v1.3.0, v1.4.0, v1.5.0 May 3, 2021
@iramiller iramiller modified the milestones: v1.5.0, v1.6.0 Jun 3, 2021
@iramiller iramiller mentioned this issue Jul 19, 2021
Closed
38 tasks
@channa-figure channa-figure mentioned this issue Jul 20, 2021
Closed
4 tasks
@channa-figure channa-figure self-assigned this Jul 20, 2021
@ghost
Copy link

ghost commented Jul 20, 2021

Per proposal 2) above, you'll need to add authz provwasm hooks for smart contracts for when the SC is admin.

@iramiller
Copy link
Member

Will be interested in seeing how this plays out... was expecting the case more like 4) above where the source account records an auth for SC withdraw and the SC just does the normal transfer which should succeed because it checks for an existing auth grant... perhaps this isn't how it will actually play out though.

We will probably need some authz hooks in any case... especially if the authz module is used to do something like authorize a secp256r1 address for a primary users phone against their main account which would have wider implications.

@channa-figure channa-figure mentioned this issue Jul 21, 2021
Merged
8 tasks
@iramiller iramiller mentioned this issue Jul 30, 2021
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@channa-figure channa-figure

Labels
None yet
Projects
Provenance Core Protocol Team
Archived in project
Milestone
v1.7.0
3 participants
@iramiller @arnabmitra @channa-figure