Ledger write permissions
Abstract
This section provides an outline of the spectrum of writing access rights for parties on the distributed ledger.
Motivation
Write permissions allow to limit the access to the network operation and limit potential security risks.
Elaboration
The spectrum of writing permissions is composed of various levels:
- Writing a transaction and writing a block are two types of write permissions.
- Writing a transaction involves sending information to the network, which may go through a validation process, before it is added to a block in the ledger.
- The task of validating of a transaction may be included to the set of writing permissions.
- Any participating member that is not an authority member of the network may write transactions.
- Writing a block is the task of authority nodes.
- A write permission can be given for a specific type of transaction if it is supported by the ledger.
- Transfer transactions and smart contract transactions have different permission types.
At one extreme, the amount of write permission can get in conflict with the decentralisation aspect. If only one party has write permission, the data are decentralized, but only one party controls what will be persisted.
References to best practices, examples
The Hyperledger Indy and the TrustChain blockchains define a bag of rules that can be attached to each participant. Since everyone has access to the source code to run a different type of client (a validator node, an endorser), the writing permission is bound to the identity. The validators that are responsible for the block creation process can validate the transactions and refuse them, if the author of the transaction has not the privilege to create this kind of transaction.
In the context of an ethereum blockchain you can differentiate between writing permission for creating a smart contract and writing transactions as a smart contract input. This allows more control over the logic that runs on the blockchain that has been defined in the contract with the customer.
RFC-1035
Authors: Mirko Mollik, Andrei Ionita
Status: work in progress
Last modified: 2021-04-15