How PegaSys is Setting the Standard for Permissioning in DLT
DISCLAIMER: As of September 2019, Pantheon has been renamed to Hyperledger Besu. In posts prior to September 2019, we refer to the Ethereum client as Pantheon.
Our focus for the Pantheon 1.2 release (live since July 31) was progress and making it the best available Ethereum client. Arash Mahboubi, our product manager for permissioning, explains how the new smart contract-based and dApp tooling make Pantheon a great fit for consortiums that want Enterprise Ethereum but have complex access and governance rules.
Why Permissioning in Blockchain
Data is precious. Protecting it and being careful and deliberate with giving access to our data and systems is a critical need. For companies building on Enterprise Ethereum, there is a real need to limit the parties that can participate in your network and be privy to the data, and what types of transactions users can make – sending funds, deploying smart contracts, etc. Enter, permissioning.
In our previous post, Protecting the Enterprise: Permissioning Features in Pantheon, we highlighted the need for schemes that extend the capabilities of public chain Ethereum to provide the security and the surveillance resistance needs of enterprises. Since our Pantheon 1.0 release, we have made some great improvements, starting with adding to and enhancing the limited local file synchronization approach used by other EntEth clients. This approach was not suitable in an enterprise environment as files could be out of sync, meaning companies might hold different whitelists or accidentally cause a fork. Our upgrade to smart contract-based permissions enforces a more secure, consistent scheme.
What’s New with Permissioning in Pantheon?
With the release of Pantheon 1.2, the on-chain smart contracts now also provide the ability of defining a whitelist of Ethereum Accounts who are permissioned to transact on the network.
This will be highly useful to partners like LACChain (Latin America and Carribean), which is building a major consortium for banks, government agencies and the like. This “public permissioned” approach is highly innovative, allowing numerous enterprises to deploy use cases like identity attestations in a secure environment. But to handle multiple use cases and user types (startups, banks, etc) you need permissioning that can handle significant complexity, which wasn’t available in EntEth before now or required blockchain teams to waste time building their own tools.
Pantheon 1.2 comes with a complete set of permissioning features to be used out of the box for most enterprise needs:
- On-chain smart contract Node and Account permissioning
- Set of smart contracts that include the whitelist of nodes and accounts and administrator access rights
- A dApp that interacts with a web3 provider (e.g. Metamask) to read/write to the contracts
Smart contracts introduce new challenges: not everyone is comfortable and familiar with Solidity, and they can be tricky to write whilst ensuring security is maintained. As part of our goal to continually lower the barrier of entry for enterprises wanting to adopt EntEth, our Pantheon 1.2 release comes also bundled with a set of smart contracts that can be deployed off-the-shelf, along with a custom dApp written to ease the process of reading and writing to the smart contracts. Using a GUI based dApp simplifies the process, making it easy enough that less-technical business user can interact with the permissioning rules to add accounts and/or nodes to the whitelist, and adjust administrator rights as needed.
How We Plan to Take It Further
Working with our partners and understanding real-world use cases means there is more to come! Our roadmap over the next few months is to take the Pantheon permissioning solution and extend it even further by enabling support for Role-Based Access Controls and more granular levels of permissioning. This would enable complex and custom governance models to be developed by consortiums that suit their business needs; enabling permissions to be set across groups of nodes and accounts (e.g. when a new enterprise joins or leaves a consortium), and defining what types of transactions each user is able to make, ensuring the security of the chain is maintained.
In developing these new permissioning schemes, we worked very closely with the Enterprise Ethereum Alliance and Pantheon 1.2 is compliant with the EEA v3.0 specifications. We are committed to working with the EEA and its members to continue to create a permissions scheme that is widely adopted, addresses the needs of the enterprise community, meets regulatory concerns, and helps bring about the transformative power of Ethereum.
Want the latest PegaSys updates straight to your inbox? Join our mailing list.