Abstract
Several districts want to implement a tower idea (see ‘Multi tenant LAND Proposal’) where members get their own room or virtual office space in a tower. With this comes the idea of privacy. Other people are not able to come in to your home or office with out your say so, the same should apply to homes and offices in Decentraland.
It has also been discussed that districts might want to offer paid events, e.g. club nights, private parties and other invite only or membership situations.
Currently there has been no mechanism proposed, to my knowledge to enforce this idea.
Chain Of Ownership
A parcel is an ERC token with a proven owning address. There is also a proposal for ‘portals’ to allow parcel owners to create regions of their land owned by a tenant, these portals are also mapped to an owning Ethereum address
The chain of ownership could very much look like a tree:
District Owned Parcel
-45, 56
District wallet address 0x1111111111
Rus’ Portal
Technical Problem
All Decentraland world data is open, Land lives on the Ethereum blockchain and references publicly available IPNS endpoints that hosts parcel data and objects. Anyone can write or hack a client to retrieve this data and travel through it so a security mechanism has to be built in.
Presence Server
I believe the Decentraland team are putting together the idea of presence servers (Rendevous?) that will be used to broadcast co-ordinates of parcel visitors to each other as well as handle other aspects such as real time chat/voice/video etc.
I also believe that parcel owners will have to run their own presence servers on a per parcel basis in order to scale horizontally and decentralise the infrastructure.
With these assumptions it makes sense for the presence servers to also work as a security model for ‘keyed’ areas.
Presence Solution
The assumed presence server is authoritative, users authenticated with it will be broadcast to other users authenticated to it. Users can authenticate to it by signing a message using their client Ethereum address when they join.
The presence server could then maintain an access control list (ACL) in a hierarchical structure ranging from the land parcel itself to any portals in it. The highest access control would go to the Ethereum address who owns the parcel of land then control of each portal would be given to the portal owners address.
By default there would be no access control and any visitor could go anywhere.
The land owning address would then be able to set up a whitelist or a blacklist for their land. The decentraland client would then talk to the presence server when the client enters the land and if permission is not granted, the user would be ejected. If permission is granted the user would enter the land and have their presence broadcast to the rest of the authenticated users.
The same thing applies to a user trying to enter a portal with ACL set up. If they have permissions they can then enter the portal, if they dont they are ejected.
If a compromised client tries to access a land parcel or portal they do not have rights to, they will fail to authenticate to the presence server but their client will not follow ejection rules, so they will be able to continue to explore the land but they will not get the benefit of presence i.e. other users being informed of their location and any messaging. From the point of view of other users, they will not exist.
Abstract Several districts want to implement a tower idea (see ‘Multi tenant LAND Proposal’) where members get their own room or virtual office space in a tower. With this comes the idea of privacy. Other people are not able to come in to your home or office with out your say so, the same should apply to homes and offices in Decentraland.
It has also been discussed that districts might want to offer paid events, e.g. club nights, private parties and other invite only or membership situations.
Currently there has been no mechanism proposed, to my knowledge to enforce this idea.
Chain Of Ownership A parcel is an ERC token with a proven owning address. There is also a proposal for ‘portals’ to allow parcel owners to create regions of their land owned by a tenant, these portals are also mapped to an owning Ethereum address
https://github.com/decentraland/proposals/issues/154
The chain of ownership could very much look like a tree:
Technical Problem All Decentraland world data is open, Land lives on the Ethereum blockchain and references publicly available IPNS endpoints that hosts parcel data and objects. Anyone can write or hack a client to retrieve this data and travel through it so a security mechanism has to be built in.
Presence Server I believe the Decentraland team are putting together the idea of presence servers (Rendevous?) that will be used to broadcast co-ordinates of parcel visitors to each other as well as handle other aspects such as real time chat/voice/video etc.
I also believe that parcel owners will have to run their own presence servers on a per parcel basis in order to scale horizontally and decentralise the infrastructure.
With these assumptions it makes sense for the presence servers to also work as a security model for ‘keyed’ areas.
Presence Solution The assumed presence server is authoritative, users authenticated with it will be broadcast to other users authenticated to it. Users can authenticate to it by signing a message using their client Ethereum address when they join.
The presence server could then maintain an access control list (ACL) in a hierarchical structure ranging from the land parcel itself to any portals in it. The highest access control would go to the Ethereum address who owns the parcel of land then control of each portal would be given to the portal owners address.
By default there would be no access control and any visitor could go anywhere.
The land owning address would then be able to set up a whitelist or a blacklist for their land. The decentraland client would then talk to the presence server when the client enters the land and if permission is not granted, the user would be ejected. If permission is granted the user would enter the land and have their presence broadcast to the rest of the authenticated users.
The same thing applies to a user trying to enter a portal with ACL set up. If they have permissions they can then enter the portal, if they dont they are ejected.
If a compromised client tries to access a land parcel or portal they do not have rights to, they will fail to authenticate to the presence server but their client will not follow ejection rules, so they will be able to continue to explore the land but they will not get the benefit of presence i.e. other users being informed of their location and any messaging. From the point of view of other users, they will not exist.