Groups And Authorization Management

Authorization Management

The everiToken system contains three kinds of permissions in authorization management: Issue, Transfer and Manage.

  1. Issue is the right to issue Token in this domain.
  2. Transfer is the right to transfer Token in this domain.
  3. Manage is the right to modify the domain, including Authorization Management and other parameters.

Each specific authorization follows a tree structure and is therefore called Authorization Tree. As the root, each permission has a threshold, and it is connected to one or more actors.

Actors

Actors can be categorized into three kinds: accounts, groups, and owner groups.

Account

Accounts are individual users.

Group

groups are clustered accounts, and an owner group is a special form of regular groups.

A group can be a club, a company, a government department, a foundation, or even just an individual. A group contains the public key of the group, and the public keys and weights of each member. Operations are approved when the summed weight of all authorized members in a group approving the operation meets the threshold of the group.

When a group is initiated, the system generates a group ID automatically. When the issuer designs Authorization Management in a domain, it can be invoked by directly referencing the existing group ID to its permissions system. Due to the Group Autonomy, each group can be reused conveniently.

The owner of the Token has a special group whose name is fixed to Owner and is a collection of Token owners. The special feature of this group is that each Token may be different, and the group’s authorizing condition is that everyone agrees within the group, (that is, the weight of each person in the group is 1, and the group’s threshold is the number of members in the group).

Group Autonomy

The member that holds the public key of the group can authorize modifications on the group members and their weights. Therefore, the mechanism is called the Group Autonomy.

Management

The authorizations are initiated by issuers of Tokens, and each authorization is managed by at least one group. When the Token is issued, the issuer specifies the information and relative weight of each group under each authorization, and also sets a Token threshold. Before executing an operation in a certain domain, the system will first verify if the operating group has enough weights, and the operation will be approved only if the weights excess the threshold. This grouping design is suitable for many situations in the real world, and the flexible setting of weights and thresholds meets all kinds of complex needs. An example is given in the following figure:

Permission

Try Authorization Management via evtc

evtc is a command line tool to manage everiToken wallet and to send commands to the chain.

If you want to use our SDK, please refer to Javascript SDK Reference.

You can also manage NFTs by calling HTTP API of everiToken directly (See API Reference for detail).

Create group

If you want to define a new group, you can define a group using a json file, for example:

{
    "key": "EVT7JoY9nbkfWCx2opvUhS9pPmWbLjRuhNCmDTG971PVkhxvAzWWr", 
    "root": {
        "threshold": 6, 
        "nodes": [
            {
                "threshold": 1, 
                "weight": 3, 
                "nodes": [
                    { "weight": 1, "key": "EVT6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV" }, 
                    { "weight": 1, "key": "EVT8MGU4aKiVzqMtWi9zLpu8KuTHZWjQQrX475ycSxEkLd6aBpraX" }
                ]
            }, 
            { "weight": 3, "key": "EVT8MGU4aKiVzqMtWi9zLpu8KuTHZWjQQrX475ycSxEkLd6aBpraX" }, 
            {
                "threshold": 1, 
                "weight": 3, 
                "nodes": [
                    { "weight": 1, "key": "EVT6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV" }, 
                    { "weight": 1, "key": "EVT8MGU4aKiVzqMtWi9zLpu8KuTHZWjQQrX475ycSxEkLd6aBpraX" }
                ]
            }
        ]
    }
}

Save as g.json file, and it defines a simple group, with height of the group-tree is 3.

You can create this group by typing:

evtc -u testnet1.everitoken.io:8888 group create g.json

You will see output:

executed transaction: d8331476b645157a5c32da91c15085fcedada7ad817beadf1a43c11b45fee9c9
total elapsed: 6376 us
total charge: 0.00000 S#1
(1 of 1)
   action : newgroup
   domain : .group
      key : gp
  elapsed : 6210 us
  details : 
|->name : gp
|->group : 
    |->name : gp
    |->key : EVT7JoY9nbkfWCx2opvUhS9pPmWbLjRuhNCmDTG971PVkhxvAzWWr
    |->root : 
        |->threshold : 6
        |->nodes : 
            |->threshold : 1
            |->weight : 3
            |->nodes : 
                |->key : EVT6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV
                |->weight : 1
                |->key : EVT8MGU4aKiVzqMtWi9zLpu8KuTHZWjQQrX475ycSxEkLd6aBpraX
                |->weight : 1
            |->key : EVT8MGU4aKiVzqMtWi9zLpu8KuTHZWjQQrX475ycSxEkLd6aBpraX
            |->weight : 3
            |->threshold : 1
            |->weight : 3
            |->nodes : 
                |->key : EVT6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV
                |->weight : 1
                |->key : EVT8MGU4aKiVzqMtWi9zLpu8KuTHZWjQQrX475ycSxEkLd6aBpraX
                |->weight : 1
    |->metas : (empty)

Then you will query this group by group name:

evtc get group gp

Output:

|->name : gp
|->key : EVT7JoY9nbkfWCx2opvUhS9pPmWbLjRuhNCmDTG971PVkhxvAzWWr
|->root : 
    |->threshold : 6
    |->nodes : 
        |->threshold : 1
        |->weight : 3
        |->nodes : 
            |->key : EVT6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV
            |->weight : 1
            |->key : EVT8MGU4aKiVzqMtWi9zLpu8KuTHZWjQQrX475ycSxEkLd6aBpraX
            |->weight : 1
        |->key : EVT8MGU4aKiVzqMtWi9zLpu8KuTHZWjQQrX475ycSxEkLd6aBpraX
        |->weight : 3
        |->threshold : 1
        |->weight : 3
        |->nodes : 
            |->key : EVT6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV
            |->weight : 1
            |->key : EVT8MGU4aKiVzqMtWi9zLpu8KuTHZWjQQrX475ycSxEkLd6aBpraX
            |->weight : 1
|->metas : (empty)