Open cygnusv opened 1 year ago
This has been open for a while and I think there's more clarity now to answer it. IMO, we should have an additional interface encryption authorizer contracts where encryptors are identified by EVM addresses (for the moment, this is our only identification mechanism), in which case the interface is something like:
function isAddressAuthorized(uint32 ritualId, address encryptor) external view returns (bool);
The only question I have is how to make explicit the fact that this method gives no authentication guarantees for the address, so it serves just informational purposes. Compare it with the current interface of IEncryptionAuthorizer
:
interface IEncryptionAuthorizer {
function isAuthorized(
uint32 ritualId,
bytes memory evidence, // supporting evidence for authorization
bytes memory ciphertextHeader // data to be signed by authorized
) external view returns (bool);
}
This interface not only checks authorization but also authenticates the encryptor.
Can we resolve this by modifying the naming/nomenclature? So rename isAddressAuthorized
to isAddressPermitted
or isAddressAllowlisted
, where the permission or allowlist refers to one of many facets of authorization. And hence, it informs the caller that address
may not be authorized for a given ritualId
, only "permitted" (one of many authentication steps).
Yep, I think such naming (or something along those lines) makes sense, with the caveat that current GlobalAllowList
implementation calls it isAddressAuthorized()
(nothing that we can't solve with an alias method and a deprecation plan)
_Originally posted by @piotr-roslaniec in https://github.com/nucypher/nucypher-contracts/pull/116#discussion_r1324098876_