This question regarding signing made me realize that I am very possibly misunderstanding how authorization is propagated in a Canton setup - specifically the fact that:
A typical transaction will be signed by more than one participant, as it will involve more than one party and those parties may be represented on different participants.
Now say I have a super simple situation where a delegator allows a delegate to act on their behalf - specifically to send some kind of Proposal to third parties. Delegator is in P1, delegate is in P2, and the receiver of the proposal is in P3 (of course all 3 participants within the same domain). Example:
template Delegation
with
delegator : Party -- in P1
delegate : Party -- in P2
where
signatory delegator
observer delegate
nonconsuming choice CreateProposal: ContractId Proposal
with
receiver : Party -- in P3
controller delegate
do
create Proposal with sender = delegator, ..
template Proposal
with
sender: Party
receiver: Party
where
signatory sender
observer receiver
When the delegate party in P2 issues a CreateProposal
to a receiver party in P3, my understanding is that when the transaction is submitted the participant will receive their sequenced share of the transaction. Specifically, both P1 and P2 will “see” the whole exercise (delegate is the controller, delegator is a signer) while P3 will only see a new Proposal “sent” to them (the “create Proposal” action) signed by someone (i.e. delegator in P1) - and will learn nothing about the Delegation contract and the delegate party. What i fail to understand is how the delegator in P1 can sign said transaction, which has been submitted by the delegate in P2, within the same sequencer + mediator round. For P2 it’s easy, because it knows the Delegation contract and therefore can reason about authorization locally, but P3 has no way of knowing that P2 can act on behalf of P1. So what does P3 receive from the sequencer that convinces them that the contract it got has been really signed by P1?
I mistakenly thought that the mediator was sort of “fixing-up” the authorizations because ultimately P1 must have agreed with the creation of the Proposal at some point and the mediator receives that acknowledgement - and since the mediator knows the required confirmers it can somehow pass along the “proof of authorization” to the involved parties. However this clearly is not the case since the mediator confirmation message seem authoritative in the diagrams, i.e. there’s no other chance for the participants to reject the confirmation after it has been issued. Many thanks!