3.7.3 Permission Design

DGT Permission Design plays a crucial role in enabling a decentralized hybrid system that encompasses both public and private network segments. This design ensures the availability of services to a wide range of participants while maintaining compatibility with centralized economic models adopted by business organizations. The permissions framework is built upon two fundamental solutions: Transaction Permissioning and Node Permissioning.

Transaction Permissioning

Transaction Permissioning involves the verification and validation of transactions based on signature verification and network topology considerations. The process includes the following steps:

• Signature Verification: Initial transaction verification is performed within the cluster using signature verification with private keys among the peer validators. This ensures the authenticity and integrity of the transactions.

• Network Topology Considerations: Transactions are verified by the arbitrator, considering the network topology. This involves determining if a transaction type is allowed within a specific local branch of the network. Transactions that do not align with the topological structure of the network are discarded, and the block is reconstructed accordingly.

• Network-wide Transaction Support: The DGT network supports a range of transactions, including those within the DGT, and DEC topology families that are accepted and processed by the entire network.

Network Permissions

Network Permissioning focuses on controlling node access and participation within different network segments. The permissions process includes the following aspects:

• Public Sector Access: Nodes within the public sector are accessed through gateways, which handle interconnection requests. Nodes that possess the correct signature for a topological transaction are granted placement within one of the clusters based on dynamic topology considerations.

• Private Segment Access: To join a private segment, nodes need to obtain certification in the form of an X.509 certificate from a notary. This certificate grants access to a specified place in the network, typically within a designated segment of clusters. Access management within private segments is overseen by segment management entities.

• SEED Configuration: During the initial deployment of the network, the SEED configuration is utilized. This involves statically registering the public keys of the nodes and reserving network cells, including segment and cluster numbers. This ensures controlled access and a predefined network structure.

By implementing Transaction Permissioning and Network Permissioning mechanisms, DGT achieves a robust permissions framework that ensures proper access control, validation of transactions, and dynamic participation within different network segments. This design enables the coexistence of public and private sectors while adhering to specific permission requirements and maintaining the integrity and security of the DGT network.