Currently, there are no permissions enforced on a client generating or using a key. This reduces the security of the system to the difficulty of compromising any one client. Instead, clients should be assigned ownership of resources they should be allowed to use. Requests to use those resources should require authorization from all parties that share ownership.
Potential Solution
Require an access policy be submitted with any requests to create resources. The access policy should be stored locally on the node. Even if a service node makes a request for another service node to create a resource, an access policy must be attached.
Approvals can be required by enforcing signatures on a common message from each approving party are submitted with a request. For example, a request to use a protected resource might require that signatures from each party listed in the access control policy be submitted alongside the request.
Description
Currently, there are no permissions enforced on a client generating or using a key. This reduces the security of the system to the difficulty of compromising any one client. Instead, clients should be assigned ownership of resources they should be allowed to use. Requests to use those resources should require authorization from all parties that share ownership.
Potential Solution