Architecture Update: Trusted Sources 🤝 & Proxy Canister 📡
We’re updating DAB’s architecture to add an interim permissioning system for automatic additions from trusted sources.
Another DAB update, coming in hot! 🔥 Today, we’re taking some promised first steps towards automatic submissions to DAB’s registries by adding a new role under DAB’s interim permissioning system, trusted sources.
Also in this post, we’re outlining our three step plan to transition DAB to be a fully automated & decentralized open internet service (you guessed it, the first step is adding trusted sources!).
Step 1 — Trusted Sources
The problem? Currently, all submissions to DAB’s registries are managed by the DAB team and processed manually. Not only is this taxing on the team, but it doesn’t meet the open internet service standard that we’re looking to achieve.
As a first step towards fully automated additions, we’re introducing DAB’s Proxy Canister. This canister acts as an intermediary permissioning system that tracks & checks the status of a caller looking to add their canister to one of DAB’s registries, passing the call along if and only if the caller is a Trusted Source.
As a result, Trusted Sources will be able to make automatic submissions to any of DAB’s registries (and removals and updates to their own submissions only).
Why add a new canister to our architecture? Creating a proxy canister was the easiest route to add permissions to DAB without having to make any updates to the hardened versions of all of our registries.
Do you make frequent additions to DAB & want to open up a direct access line by becoming a trusted source? Get in touch with us on Discord!
Steps 2 & 3 — Trustless Additions & Governance Module
Trusted Sources still rely on, well, trust! As an open internet service, DAB should run void of any trust assumptions & governed by a body of contributors and community members who know it best — that’s what steps two and three set out to accomplish!
For those reasons, we’re calling Trusted Sources an interim solution while we try to solve a blocking limitation set by the IC where we are unable to ask the IC for a canister’s list of controllers, as outlined in this forum post.
Once this limitation is lifted (most likely by us submitting an NNS proposal for the issue), DAB will be able to accept automatic submissions by using the proxy canister to check if the caller of a submission is in-fact one of the controllers authorized to the canister they’re making the submission for.
In step three, the proxy canister, along with all other admins of the DAB registries will be replaced by a single controller in the form of a governance module.
This module will be able to, similar to the proxy canister, ensure that only controllers or owners can submit information to DAB registries against their own canisters. In addition, the governance module will be responsible for settling proposals made by the community who governs and owns DAB.
