If a Party P hasn’t been allocated to a Participant node, but there is a contract on that node on which the P as a Controller, can an application (with authority to actAs§) exercise a choice on behalf of P from that Participant Node?
Generally, no. DAML Parties do not have a cryptographic identity on the Ledger, only Participant Nodes do. Part of the shared ledger state is a mapping from Party to Participant. That relationship is called “Hosting” in the sense of Participant A hosts Party Alice. A Participant can host a Party read-only, or read-write.
When a Participant submits a transaction it annotates it with the submitting Party and signs it. The validating nodes then check that signature and verify that the Participant hosts the Party with write permissions.
Note that it is in theory possible to allocate the same Party on multiple Participant, but I’m not sure which Ledgers currently support that. In cases where that is possible, you could allocate a party, and then delegate write access to several Participants.
Thanks for the details Bernhard.
How is the hosting relationship established? Is it the AllocateParty method (https://docs.daml.com/app-dev/grpc/proto-docs.html#allocatepartyrequest)?
If so, this doesn’t specify if a Host has read-only or read-write authority. How do the validating nodes determine if a Host Participant has read-only or read-write authority on a Party? Is it determined by the Auth-Token?
Alternatively, am I right in presuming that unless a Party is allocated to a Node, it is considered to have read-only permission?
The Ledger API’s allocate party functionality creates a new party on that participant and allocates it read-write. That’s the only uniform functionality available via the Ledger API. The ledgers that can do more have additional party administration functionality that doesn’t go via the Ledger API.