Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add access-control mechanism so payee or payer can delegate request creation and updates (accept, cancel, increase, decrease, addStakeholder) #1342

Open
MantisClone opened this issue Jan 23, 2024 · 3 comments
Open

Add access-control mechanism so payee or payer can delegate request creation and updates (accept, cancel, increase, decrease, addStakeholder) #1342

MantisClone opened this issue Jan 23, 2024 · 3 comments

Comments

@MantisClone
Copy link
Member

MantisClone commented Jan 23, 2024
edited
Loading

Problem

We don't support access-control or delegates for request creation, and updates (accept, cancel, increaseExpectedAmount, decreaseExpectedAmount). Only the payee or payer identity addresses can create or update the request.

Motivation

This feature could allow for automation - where a dapp or platform is empowered by the end user to create/update requests on the user's behalf.

Possible Solutions

  • 1-of-2 MPC Wallet - End User share, Platform Share, either can create requests
  • Change the Protocol to allow 3rd parties to create requests, not just Payee / Payer
  • Lit Protocol Access Controls

Inspiration

Consideration

Do after we implement Lit Protocol PoC

Lit Protocol PoC will make it possible for end-user to fully own their data
This will make it easier for platforms to create requests on behalf of user.
@MantisClone MantisClone converted this from a draft issue Jan 23, 2024
@MantisClone MantisClone changed the title Add mechanism to delegate request creation and updates (accept, cancel, increase, decrease, addStakeholder) Add access-control mechanism so payee or payer can delegate request creation and updates (accept, cancel, increase, decrease, addStakeholder) Jan 23, 2024
@ptdatta
Copy link

ptdatta commented Jan 31, 2024

Hey @MantisClone I would like to work on this one.

My initial thought is:

  1. Creation of DIDs:
    Creating the DID with the issuer as DID subject, and all the delegates as DID controllers including the subject. The DID Doc should contain a delegates property which will contain all the delegates of the issuer and a state property to mention the state of the DID.
    The issues can remove any delegates from the DID Doc but the delegates can only remove themselves from the DID Doc.
  2. Creating requests with DIDs:
    While creating the request instead of Eth Address we can use the DID.
  3. The access control mechanism:
    While for create, update, and other methods we can verify the signer's identity if he is the DID Subject or inside the delegates array in DID Docs.

Should I create a draft PR about the in-depth implementation of this?

@ptdatta
Copy link

ptdatta commented Feb 14, 2024

Hey @MantisClone Can I work on it?

@MantisClone
Copy link
Member Author

Hey @ptdatta. Your proposed implementation sounds like it could work. Sure, you're free to work on it.

I think the risk of conflicts is low but I'll let you know if anything pops up.

Feel free to create a draft PR as early as you like (even as early as the first commit).

@MantisClone MantisClone moved this from 🆕 New to 📋 Backlog: Enhancements in Request Network Tech Backlog Mar 6, 2024
@MantisClone MantisClone moved this from ✨ Backlog: Enhancements to 🎫 Backlog in Request Network Tech Backlog Oct 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Request Network Tech Backlog
Status: 🎫 Backlog
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MantisClone @ptdatta