BEP: 334 Title: Greenfield CrossChain Permission Module Status: Draft Type: Standards Created: 2023-12-06
BEP-334: Greenfield CrossChain Permission Module
1. Summary
Currently, Greenfield supports creating buckets and groups from the smart contracts deployed on BSC/opBNB. This means that the owner of a bucket can be a contract address. However, contract addresses cannot upload objects or put policies under the bucket, resulting in empty buckets owned by smart contracts.
To address this issue, we are going to introduce the cross-chain permission module. With this BEP, smart contracts can grant EOA addresses the ability to upload objects under their buckets, and even support additional functions.
2. Abstract
Greenfield CrossChain Permission Module has several significant differences and improvements compared to current implementations:
- BSC/opBNB account is allowed to put policy for Greenfield resources.
- BSC/opBNB account is allowed to disable policy for Greenfield resources.
3. Motivation
In the current framework, users could only change resource permission on Greenfield. The proposal allows Greenfield users to change resource permission directly on the BSC/opBNB network.
4. Specification
4.1 Definitions
- PermissionHub Contract: A new middle-layer contract to request permission changes from BSC to Greenfield
4.2 Interface
4.2.1 Create Policy
The interface to create policy is as follows:
function createPolicy(bytes calldata _data, ExtraData memory _extraData) external;
_data
is the RLP encoded bytes of the struct MsgPutPolicy as follows:
type MsgPutPolicy struct {
Principal *types.Principal `json:"principal,omitempty"`
Resource string `json:"resource,omitempty"`
Statements []*types.Statement `json:"statements,omitempty"`
ExpirationTime *time.Time `json:"expiration_time,omitempty"`
}
type Statement struct {
Effect Effect `json:"effect,omitempty"`
Actions []ActionType `json:"actions,omitempty"`
Resources []string `protobuf:"bytes,3,rep,name=resources,proto3" json:"resources,omitempty"`
ExpirationTime *time.Time `json:"expiration_time,omitempty"`
LimitSize *common.UInt64Value `json:"limit_size,omitempty"`
}
For MsgPutPolicy
:
Principal
defines the roles that can grant permissions. Currently, it can be account or group.
Resource
defines a greenfield standard resource name that can be generated by GRN structure
Statements
defines a list of individual statement which describe the detail rules of policy
ExpirationTime
defines the whole expiration time of all the statements.
For Statement:
Effect
define the impact of permissions, which can be Allow
/Deny
ActionType
defines the operation type you can act on. greenfield defines a set of permission that you can specify in a permissionInfo. see ActionType
enum for detail.
ExpirationTime
defines how long the permission is valid. If not explicitly specified, it means it will not expire.
LimitSize
defines the total data size that is allowed to operate. If not explicitly specified, it means it will not limit.
ExtraData is as follows:
struct ExtraData {
address appAddress; // callback app address
address refundAddress; // refund callback gas fee
bytes callbackData; // calldata for callback
}
appAddress
defines the callback contract after receiving the cross-chain ack package.
refundAddress
defines the refund address to receive the unspent callback gas fee.
callbackData
defines the calldata for the callback call.
4.2.2 Delete Policy
The interface to delete policy is as follows:
function deletePolicy(uint256 policyId) external payable returns (bool);
policyId
is generated while creating policy.
5. License
The content is licensed under CC0.