[feature] add more granular asset application controller logic

[letmejustputthishere]

it would be great to be able to

• see the current controllers of the asset canister application
• add new controllers of the application
• remove controllers of the application

especially removing controllers is a very interesting use case. this would allow to blackhole the canister and then remove any application controllers, thus being able to prove that a frontend a) comes from building a certain repository by comparing file hashes of the build b) can't be tampered with

@adamspofford-dfinity @roman-kashitsyn

[adamspofford-dfinity]

What is the difference between what you are asking and

dfx canister update-settings <canister> --controller e3mmv-5qaaa-aaaah-aadma-cai

?

[letmejustputthishere]

What the above command does is (afaik) updating the canister controller. Blackholing the canister controller is a necessary step to make sure the Wasm of the canister cannot be tampered with.

But this isn't enough, afaik the application controller - the principal that can upload and modify assets - is derived from the deploying principal and stored in stable storage. Even if I blackhole the canister, the principal that deployed the canister can still change the assets of the asset canister, which is bad if we want an immutable asset canister that can be trusted.

Thus I propose a method to query for the current application controllers, so people can verify that indeed no one is able to modify assets for the asset canister, and another two update methods that allows to add/remove principal from the application controllers.

[letmejustputthishere]

@adamspofford-dfinity bump

[adamspofford-dfinity]

I've added a ticket to our internal tracker about it.

[ericswanson-dfinity]

This is available from the asset canister with these methods:

  grant_permission: (GrantPermission) -> ();
  revoke_permission: (RevokePermission) -> ();
  list_permitted: (ListPermitted) -> (vec principal);