LogoLogo
  • README
  • Contribute
    • Discuss on Github
  • Example
    • Banana-Powered Bitcoin Wallet Control Protocol
  • Apps
    • The deployment-info.json Specification
  • Wallet
    • Transaction Creation
    • Data Encryption and Decryption
    • Digital Signature Creation and Verification
    • Input Redemption
    • HTTP Wallet Communications Substrate
    • XDM Wallet Communications Substrate
    • Window Wallet Communication Substrate
    • Wallet Transaction Output Tracking (Output Baskets)
    • Submitting Received Payments to a Wallet
    • Certificate Creation and Revelation
    • Unified Abstract Wallet-to-Application Messaging Layer
    • Transaction Labels and List Actions
    • Output Basket Removal and Certificate Deletion
    • Group Permissions for App Access
    • Extensible Proof-Type Format for Specific Key Linkage Claims
    • P Protocols: Allowing future wallet protocol permission schemes
    • P Baskets: Allowing Future Wallet Basket and Digital Asset Permission Schemes
    • Unified, Vendor-Neutral, Unchanging, and Open BSV Blockchain Standard Wallet-to-Application Interface
  • Transactions
    • Everett-style Transaction Envelopes
    • Simplified Payment Verification
    • Merkle proof standardised format
    • TSC Proof Format with Heights
    • Raw Transaction Format
    • TXO Transaction Object Format
    • Transaction Extended Format (EF)
    • Merkle Path JSON format
    • Compound Merkle Path Format
    • Background Evaluation Extended Format (BEEF) Transactions
    • Simplified Payment Verification
    • Merkle Path Binary Format
    • BSV Unified Merkle Path (BUMP) Format
    • Graph Aware Sync Protocol
    • Scalable Transaction Processing in the BSV Network
    • Atomic BEEF Transactions
    • BEEF V2 Txid Only Extension
  • Scripts
    • Bitcoin Script Binary, Hex and ASM Formats
    • Bitcoin Script Assembly Language
    • Pay to Public Key Hash
    • Pay to R Puzzle Hash
    • Pay to False Return
    • Pay to True Return
    • Push TX
    • Bare Multi-Signature
    • Pay to Push Drop
  • Tokens
    • There is no BRC-20
    • Definition of UTXOs as Bitcoin Tokens
    • Token Exchange Protocol for UTXO-based Overlay Networks
    • Mandala Token Protocol
  • Overlays
    • Overlay Network Data Synchronization
    • Confederacy Host Interconnect Protocol (CHIP)
    • Overlay Network Lookup Services
    • Confederacy Lookup Availability Protocol (CLAP)
    • Universal Hash Resolution Protocol
    • Overlay Network Transaction History Tracking
    • Private Overlays with P2PKH Transactions
    • Standardized Naming Conventions for BRC-22 Topic Managers and BRC-24 Lookup Services
    • Overlay Services Synchronization Architecture
    • Diverse Facilitators and URL Protocols for SHIP and SLAP Overlay Advertisements
  • Payments
    • Direct Payment Protocol (DPP)
    • Paymail Payment Destinations
    • Simple Authenticated BSV P2PKH Payment Protocol
    • PacketPay HTTP Payment Mechanism
    • Hybrid Payment Mode for DPP
    • HTTPS Transport Mechanism for DPP
    • Paymail BEEF Transaction
    • HTTP Service Monetization Framework
  • Peer-to-Peer
    • Authrite Mutual Authentication
    • PeerServ Message Relay Interface
    • PeerServ Host Interconnect Protocol
    • Identity Certificates
    • Genealogical Identity Protocol
    • Publishing Trust Anchor Details at an Internet Domain
    • Message Signature Creation and Verification
    • Serialization Format for Portable Encrypted Messages
    • Defining a Scalable IPv6 Multicast Protocol for Blockchain Transaction Broadcast and Update Delivery
    • Proven Identity Key Exchange (PIKE)
    • Peer-to-Peer Mutual Authentication and Certificate Exchange Protocol
    • HTTP Transport for BRC-103 Mutual Authentication
  • Key Derivation
    • BIP32 Key Derivation Scheme
    • BSV Key Derivation Scheme (BKDS)
    • Security Levels, Protocol IDs, Key IDs and Counterparties
    • Admin-reserved and Prohibited Key Derivation Protocols
    • Revealing Key Linkages
    • Protecting BRC-69 Key Linkage Information in Transit
    • Mnemonic For Master Private Key
    • Linked Key Derivation Scheme
    • Bidirectionally Authenticated Derivation of Privacy Restricted Type 42 Keys
    • Limitations of BRC-69 Key Linkage Revelation
    • Verifiable Revelation of Shared Secrets Using Schnorr Protocol
  • Outpoints
    • Format for Bitcoin Outpoints
    • Spending Instructions Extension for UTXO Storage Format
  • Opinions
    • Users should never see an address
    • List of user experiences
    • Legitimate Uses for mAPI
    • Security and Scalability Benefits of UTXO-based Overlay Networks
    • Improving on MLD for BSV Multicast Services
    • Web 3.0 Standard (at a high level)
    • Thoughts on the Mandala Network
    • Outputs, Overlays, and Scripts in the Mandala Network
  • State Machines
    • Simplifying State Machine Event Chains in Bitcoin
Powered by GitBook
On this page
  • Abstract
  • Motivation
  • Specification
  • Overview of Permission Types
  • Group Permission Trigger Methodology
  • Manifest File - manifest.json
  • Definition for groupPermissions key in manifest.json
  • Table 1: General Structure
  • Table 2: Protocol Permissions Object Structure
  • Table 3: Spending Authorization Object Structure
  • Table 4: Basket Access Object Structure
  • Table 5: Certificate Access Object Structure
  • Examples

Was this helpful?

Edit on GitHub
Export as PDF
  1. Wallet

Group Permissions for App Access

Ty Everett (ty@projectbabbage.com)

Abstract

This specification outlines the architecture and structure of permissions granted to apps. It focuses on the grouping of permissions to provide a concise overview for users. The key permissions include Protocol Permissions, Spending Authorizations, Basket Access, and Certificate Field Access Grants.

Motivation

As applications become more integrated with user data and cryptographic operations, the need for a clear and concise permission system has never been greater. This specification seeks to simplify user decisions by grouping permissions, ensuring transparency and user autonomy over their identities, their data and their digital assets.

Specification

Overview of Permission Types

There are four primary permission types that apps can be granted by users, each with its significance, function, and associated specifications:

  1. Protocol Permissions (BRC-43): This permission grants an application the ability to utilize a user's keys to execute cryptographic operations (such as BRC-2 encryption or BRC-3 digital signatures).

  2. Spending Authorizations (BRC-1): As the name suggests, this allows apps to transact or spend a predefined number of satoshis over a specified time frame, within BRC-1 transactions.

  3. Basket Access (BRC-46): This pertains to the app's capability to insert into and spend UTXO-based tokens from specific BRC-46 Output Baskets. The significance of this permission is to manage token operations within the app ecosystem. Each "basket" can be thought of as a container or grouping for tokens, and BRC-46 provides the framework for how apps can interact with these baskets, ensuring a structured approach to token management.

  4. Certificate Field Access Grants (BRC-52): This is about identity verification. The permission allows an app to reveal specific fields from a BRC-52 identity certificate to designated verifiers. It's a crucial step in processes that require identity verification or authentication.

Group Permission Trigger Methodology

  • Applications initiate the permission request process via a new requestGroupPermission function, which is added to the BRC-56 suite.

  • Wallets determine the group permissions from the application's manifest.json file. Alternatively, the groupPermissions object can be provided by the application to the requestGroupPermission function.

  • The user receives a prompt detailing the permissions. They can choose to accept or deny each or all permissions. The wallet then applies their choices.

Manifest File - manifest.json

  • The file is to be served over HTTPS and requested from the application by the wallet. HTTP is only accepted when running on localhost for development purposes.

  • The existing babbage key is expanded to include the groupPermissions key.

  • The groupPermissions key holds four subsequent keys representing the categories of permissions: protocolPermissions, spendingAuthorization, basketAccess, and certificateAccess.

Definition for groupPermissions key in manifest.json

The groupPermissions key is an object that encompasses various types of permissions, which the app might request from a user. This key contains four sub-keys: protocolPermissions, spendingAuthorization, basketAccess, and certificateAccess.

  1. protocolPermissions is an array of objects, where each object defines a specific Protocol Permission. Each object contains three fields: protocolID (a protocol ID array with two elements, the first a security level and the second a protocol string), counterparty (a string in hexadecimal format representing a public key, required only if the security level of the protocolID is 2), and description (a short text explaining the purpose of this request).

  2. spendingAuthorization is an object that provides details about the satoshis an app is requesting authorization to spend. It has three fields: amount (a number indicating the amount in satoshis), duration (a number representing the time in seconds for the authorization's validity), and description.

  3. basketAccess is an array of objects, where each object denotes the access to a specific BRC-46 basket. The objects here have two fields: basket (the name of the BRC-46 basket) and description.

  4. certificateAccess is an array of objects that represent the different certificate types an app wants access to. Each object here consists of type (indicating the certificate type), fields (an array of strings naming the fields the app wants to reveal), verifierPublicKey (a string in hex format, representing the public key of the verifier), and description.

With this structured approach, app developers can seamlessly integrate their permission requests within their manifest.json, and users can be assured of a clear understanding of the permissions they're granting.

For the avoidance of doubt, the following sections provide tables that define each specific field, and example data structures.

Table 1: General Structure

Key Name
Value Type
Description

protocolPermissions

Array of Objects

Contains Protocol Permissions requests.

spendingAuthorization

Object

Contains Spending Authorization details.

basketAccess

Array of Objects

Contains Basket Access requests.

certificateAccess

Array of Objects

Contains Certificate Field Access Grant requests.

Table 2: Protocol Permissions Object Structure

Field Name
Value Type
Description

protocolID

Array

BRC-43 protocol ID array with two elements. First the security level between 0 and 2, followed by the protocol string.

counterparty

String (Hexadecimal)

Public key, 33-byte in hex format. Only required if protocolID security level is 2.

description

String

Justification for the request, less than 50 characters.

Table 3: Spending Authorization Object Structure

Field Name
Value Type
Description

amount

Positive Number

Satoshis being authorized for the app to spend.

duration

Positive Number

Time in seconds for the authorization's validity.

description

String

Justification for the request, less than 50 characters.

Table 4: Basket Access Object Structure

Field Name
Value Type
Description

basket

String

Name of the BRC-46 basket.

description

String

Justification for the request, less than 50 characters.

Table 5: Certificate Access Object Structure

Field Name
Value Type
Description

type

String (base64)

Certificate type field of a BRC-52 identity certificate.

fields

Array of Strings

Array of field names being requested for revelation.

verifierPublicKey

String (Hexadecimal)

Public key of the verifier in 33-byte hex format.

description

String

Justification for the request, less than 50 characters.

Examples

  1. protocolPermissions Example:

    {
  "protocolID": [2, "Convo"],
  "counterparty": "...",
  "description": "For encrypted messaging."
}

  2. spendingAuthorization Example:

    {
  "amount": 10000,
  "duration": 3600,
  "description": "For in-app purchases."
}

  3. basketAccess Example:

    {
  "basket": "BRC-46 Gold",
  "description": "For in-game items."
}

  4. certificateAccess Example:

    {
  "type": "...",
  "fields": ["Name", "DOB"],
  "verifierPublicKey": "...",
  "description": "For age verification."
}

  5. Full manifest.json Example:

    {
  "babbage": {
    "groupPermissions": {
      "protocolPermissions": [
        {
          "protocolID": [2, "Convo"],
          "counterparty": "...",
          "description": "For encrypted messaging."
        }
      ],
      "spendingAuthorization": {
        "amount": 10000,
        "duration": 3600,
        "description": "For in-app purchases."
      },
      "basketAccess": [
        {
          "basket": "BRC-46 Gold",
          "description": "For in-game items."
        }
      ],
      "certificateAccess": [
        {
          "type": "...",
          "fields": ["Name", "DOB"],
          "verifierPublicKey": "...",
          "description": "For age verification."
        }
      ]
    }
  }
}

App developers should prioritize user understanding and transparency when requesting permissions. The description field must be utilized effectively to convey the reason for the request, allowing users to make informed decisions.

This approach ensures a streamlined and transparent process for apps to request and for users to grant permissions. It promotes a higher level of trust and clarity between applications and their users.

PreviousOutput Basket Removal and Certificate DeletionNextExtensible Proof-Type Format for Specific Key Linkage Claims

Last updated 1 year ago

Was this helpful?