Groups And Authorization Management

Authorization Management

The everiToken system contains three kinds of permissions in authorization management: Issue, Transfer and Manage.

  1. Issue is the right to issue Token in this domain.
  2. Transfer is the right to transfer Token in this domain.
  3. Manage is the right to modify the domain, including Authorization Management and other parameters.

Each specific authorization follows a tree structure and is therefore called an Authorization Tree. As the root, each permission has a threshold, and it is connected to one or more actors.

Actors

Actors can be categorized into three kinds: accounts, groups, and owner groups.

Account

Accounts are individual users.

Groups & Owner Groups

Groups are clustered accounts, and an owner group is a special form of regular group.

A group can be a club, a company, a government department, a foundation, or even just an individual. With the inception of a group, a public key is assigned and the weights of each member are assigned. Operations are approved when the summed weight of all authorized members in a group approving the operation meets the threshold of the group.

When a group is initiated, the system generates a group ID automatically. When the issuer designates the authorization management of a domain, it can be invoked by directly referencing the existing group ID to its permissions system. Due to group autonomy, each group can be reused conveniently.

The owners of a token have a special group with the fixed name Owner which represents a collection of a token’s owners. It is special and dynamic because it always refers to the actual owners of each token, and the group’s authorizing condition is that everyone agrees within the group (that is, the weight of each person in the group is 1, and the group’s threshold is the number of members in the group).

Group Autonomy

The member that holds the public key of the group can authorize modifications regarding group members and their weights. Therefore, the mechanism is called Group Autonomy.

Management

The authorizations are initiated by issuers of tokens, and each authorization is managed by at least one group. When the token is issued, the issuer specifies the information and relative weight of each group under each authorization and also sets a token threshold. Before executing an operation in a certain domain, the system will first verify if the operating group has enough weights, and the operation will be approved only if the weights exceed the threshold. This grouping design is suitable for situations in the real world, and the flexible setting of weights and thresholds meets all kinds of complex needs. An example is given in the following figure:

Permission

Try Authorization Management via evtc

evtc is a command line tool that manages everiToken wallets and sends commands to the chain.

If you want to use our SDK, please refer to Javascript SDK Reference.

You can also manage NFTs by calling HTTP API of everiToken directly (See API Reference for detail).

Create group

If you want to define a new group, you can define a group using a json file, for example:

Click to see full code example
{
    "key": "EVT7JoY9nbkfWCx2opvUhS9pPmWbLjRuhNCmDTG971PVkhxvAzWWr", 
    "root": {
        "threshold": 6, 
        "nodes": [
            {
                "threshold": 1, 
                "weight": 3, 
                "nodes": [
                    { "weight": 1, "key": "EVT6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV" }, 
                    { "weight": 1, "key": "EVT8MGU4aKiVzqMtWi9zLpu8KuTHZWjQQrX475ycSxEkLd6aBpraX" }
                ]
            }, 
            { "weight": 3, "key": "EVT8MGU4aKiVzqMtWi9zLpu8KuTHZWjQQrX475ycSxEkLd6aBpraX" }, 
            {
                "threshold": 1, 
                "weight": 3, 
                "nodes": [
                    { "weight": 1, "key": "EVT6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV" }, 
                    { "weight": 1, "key": "EVT8MGU4aKiVzqMtWi9zLpu8KuTHZWjQQrX475ycSxEkLd6aBpraX" }
                ]
            }
        ]
    }
}

Save as g.json file. It defines a simple group, with a group-tree height of 3.

You can create this group by typing:

evtc -u testnet-ip:8888 group create g.json

You will see the following output:

Click to see full code example
executed transaction: d8331476b645157a5c32da91c15085fcedada7ad817beadf1a43c11b45fee9c9
total elapsed: 6376 us
total charge: 0.00000 S#1
(1 of 1)
   action : newgroup
   domain : .group
      key : gp
  elapsed : 6210 us
  details : 
|->name : gp
|->group : 
    |->name : gp
    |->key : EVT7JoY9nbkfWCx2opvUhS9pPmWbLjRuhNCmDTG971PVkhxvAzWWr
    |->root : 
        |->threshold : 6
        |->nodes : 
            |->threshold : 1
            |->weight : 3
            |->nodes : 
                |->key : EVT6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV
                |->weight : 1
                |->key : EVT8MGU4aKiVzqMtWi9zLpu8KuTHZWjQQrX475ycSxEkLd6aBpraX
                |->weight : 1
            |->key : EVT8MGU4aKiVzqMtWi9zLpu8KuTHZWjQQrX475ycSxEkLd6aBpraX
            |->weight : 3
            |->threshold : 1
            |->weight : 3
            |->nodes : 
                |->key : EVT6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV
                |->weight : 1
                |->key : EVT8MGU4aKiVzqMtWi9zLpu8KuTHZWjQQrX475ycSxEkLd6aBpraX
                |->weight : 1
    |->metas : (empty)

Then you will query this group by its group name:

evtc get group gp

Output:

Click to see full code example
|->name : gp
|->key : EVT7JoY9nbkfWCx2opvUhS9pPmWbLjRuhNCmDTG971PVkhxvAzWWr
|->root : 
    |->threshold : 6
    |->nodes : 
        |->threshold : 1
        |->weight : 3
        |->nodes : 
            |->key : EVT6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV
            |->weight : 1
            |->key : EVT8MGU4aKiVzqMtWi9zLpu8KuTHZWjQQrX475ycSxEkLd6aBpraX
            |->weight : 1
        |->key : EVT8MGU4aKiVzqMtWi9zLpu8KuTHZWjQQrX475ycSxEkLd6aBpraX
        |->weight : 3
        |->threshold : 1
        |->weight : 3
        |->nodes : 
            |->key : EVT6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV
            |->weight : 1
            |->key : EVT8MGU4aKiVzqMtWi9zLpu8KuTHZWjQQrX475ycSxEkLd6aBpraX
            |->weight : 1
|->metas : (empty)