search

hashgraph / guardian

The Guardian is an innovative open-source platform that streamlines the creation, management, and verification of digital environmental assets. It leverages a customizable Policy Workflow Engine and Web3 technology to ensure transparent and fraud-proof operations, making it a key tool for transforming sustainability practices and carbon markets.
Apache License 2.0
98 stars 128 forks source link

Accessing a Guardian policy from a Guardian instance other than the publishing instance #3951

Open AlexIvanHoward opened 1 month ago

AlexIvanHoward commented 1 month ago

Problem description

A published Guardian policy is currently only accessible from the Guardian instance that published it. Consider a scenario where a standards body published the policy for a specific project. In such scenario, the validator, the data curator and the verifier who were contracted by the project developer to provide their services to the project will all have to log into the standards body’s Guardian instance to do their work on the policy. Now, consider a validator, verifier or data curator (any service provider, really) with clients across multiple, e.g., seven, different standards bodies. That service provider will have to log into and log out of seven different Guardian instances in order to do their work. The problem scales in a truly decentralised setup where there are tens of small, independent standards bodies and other service providers have project developers as clients across many or all of those independent standards bodies. Allowing service providers to access their clients’ policies from the service providers’ own Guardian instances will make a big difference in this setup.

Requirements

A Guardian user should be able to access a policy published by another Guardian instance from their own Guardian instance. This access should be based on a request-grant model.

Definition of done

Alice, using Guardian instance A, contracts Bob, using Guardian instance B, to provide her with some service that will require Bob to perform some role in a policy published by Alice on her Guardian instance. Bob then requests, from his Guardian instance, access to the relevant policy published by Alice on her Guardian instance. Alice receives Bob's access request on her Guardian instance, verifies that it comes from Bob, and subsequently grants Bob and his Guardian instance access to the policy. Alice's policy now shows up on Bob's Guardian instance from where Bob can perform the work he's been contracted for without having to log into Alice's Guardian instance.

Acceptance criteria

See DoD.

MarcAntoineLebourgeois commented 1 month ago

I strongly agree with Alex on this one.