WCIP-4: Session Permissions on Session Request

[pedrouid]

When a Dapp initiates a session request, it would be useful to include a set of permissions associated with a session to be approved by the Wallet.

This would include a more restricted read-only mode that would only disclose accounts and chainId plus other read methods like (eth_getBalance and eth_call) and the regular read-write mode which would allow the dapp to also request signing messages and transactions with the private key.

Finally it would be possible to include a more advanced set of special permissions like auto-signing with a specific scope of methods to support Layer 2 solutions like State Channels and Plasma Chains without prompting the user every time it needs to counter-sign messages that for example include receiving or withdrawing amounts.

[filips123]

I think that permission should be divided into a few basic categories:

• Private: Only allow reading network and some basic network calls (like eth_getBalance) but without account disclosure (like MetaMask with EIP-1102).
• Read-only: Also allowing reading accounts.
• Safe write: Also allowing personal_sign and eth_signTypedData (but without eth_sign).
• Full write: Also allowing signing and sending transactions and eth_sign (which can be used to trick the user into signing transaction).

Also, it should be possible to add additional permissions on-demand.