How can I exercise a choice that involves another party who is not the owner without exposing the party ID of that second party

Let me take the IOU daml contract as an example. If Alice wants to send Bob an Iou, she needs the unique identifier of Bob as an argument in order to exercise the TransferIou choice. But now that she has Bob’s unique identifier, what’s stopping her from just using Bob’s identifier in the ActAs field and archive the contract. Let’s assume that both the parties exist on the same participant.

I am new to Daml and may be making some wrong assumptions here, so please feel free to correct me. Is there any other way to refer to Bob without using their unique partyID?

The Ledger API has a concept of authentication and authorization via JWTs and the user management APIs. The sandbox runs without these which means any agent can impersonate any party as you suggest.

On a production system:

  1. The node admin creates parties pAlice and pBob.
  2. The node admin creates users uAlice and uBob.
  3. The node admin gives uAlice read/write access to pAlice and similar for Bob.
  4. The node admin sets up an identity management system such that Alice can obtain a JWT that identifies her as uAlice.
  5. Alice obtains a JWT via some OAuth flow or similar.
  6. Alice sense the JWT as part of every API call.
  7. The participant node checks whether the authenticated user has sufficient authorization for the API call.

So if Alice were to set pBob as the actAs party, but as per 3. above her user uAlice only has actAs rights to pAlice, the API call will be rejected.

1 Like

I have looked into the concept of users, but I am unsure how to deploy them. I have deployed my canton in development mode using the simple topology and made parties using the participant1.parties.enable(“Alex”) command, but I wasn’t able to find one for users. Can you tell me the commands I can use to make these users. Additionally, I would be grateful if you could link me the method to do the same using HTTPS JSON API as well.

See here for JSON API endpoints reference
See here for Canton Console commands reference.
See here for sample user setup in Daml Script.

See here for User Management main docs.