Auth
Unlike the majority of blockchains which rely on a caller identifier for access control, the Auth system uses a more distributed "Proof" system. Before accessing a protected method a caller must provide specific "Proofs" of resources they have access to. These proofs must then match the requirements of the callee function or method.
The Access Control System is composed of four parts:
- An Access Control Blueprint Module, which defines function rules and roles available to use for a given blueprint in a package and which roles are able to access which methods.
- A Role Assignment Object Module, which assigns access rules for each role on object instantiation.
- An AuthZone Blueprint, which allows a caller to update the proofs in their authzone.
- An Access Control System Module, which creates a new AuthZone for every new call frame and verifies that AuthZone proofs match the requirements of accessing an object's method.