You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: XLS-0074-account-permissions/README.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,11 +19,11 @@ This document formalizes different types of transaction-based account permission
19
19
20
20
Global signer lists and regular keys currently provide an all-or-nothing model of access control: any key or signer list that can sign for an account can submit all transaction types on its behalf. For many operational setups—for example, token issuers that want separate controls for minting, trustline management, and account configuration—this makes it hard to apply least-privilege practices and increases the blast radius of compromised keys.
21
21
22
-
This XLS defines a shared, transaction-oriented account-permission namespace that other features can build on (such as multiple signer lists in [XLS-49](../XLS-0049-multiple-signer-lists/README.md) or future delegation mechanisms). By standardizing how permissions are represented, implementations can provide more granular, interoperable authorization schemes while preserving compatibility with existing global signer lists.
22
+
This XLS defines a shared, transaction-oriented account-permission namespace that other features can build on, such as permission delegation in [XLS-75](../XLS-0075-permission-delegation/README.md) and multiple signer lists in [XLS-49](../XLS-0049-multiple-signer-lists/README.md). By standardizing how permissions are represented, implementations can provide more granular, interoperable authorization schemes while preserving compatibility with existing global signer lists.
23
23
24
24
## 3. Overview
25
25
26
-
[XLS-49](../XLS-0049-multiple-signer-lists/README.md) proposed transaction-type-level permissions. These types of permissions can be used for multiple signer lists, as explained in XLS-49, but could also be used in conjunction with other features.
26
+
This XLS introduces transaction-type-level permissions that can be used for multiple signer lists and other features which require fine-grained control over what transactions an account may authorize.
27
27
28
28
Currently, it's all or nothing - global signer lists and regular keys can do all transactions. Sometimes you want to provide an account permissions to a subset of features, like with `NFTokenMinter` - maybe a few transaction types (e.g. all AMM transaction), or a single transaction type (e.g. `NFTokenMint`), or even some portion of a transaction type (e.g. authorizing trustlines).
29
29
@@ -79,7 +79,7 @@ The global permission value is already used in existing signer lists; they have
79
79
80
80
A transaction type is represented by a `UInt16`.
81
81
82
-
Transaction type permissions were previously defined in [XLS-49](../XLS-0049-multiple-signer-lists/README.md), section `3.2.1`.
82
+
In this scheme, each transaction type is assigned a corresponding permission value derived from its serialized transaction type identifier.
83
83
84
84
**`1` to `65536` ($2^{16}$): all transaction types** (1 + their serialized value, which is represented by a `UInt16`)
0 commit comments