Adding Parameters to Delegated Identity

Scoped Delegated Identity

In our use case we need to restrict Delegated Identities to make calls to some of the restricted functions based on certain arguments. Is there a way to add arguments to the DelegatedIdentity that can be retrieved on canister side in a verifiable manner?

Target Canisters in Delegation would not work for our use case as Ideally I would want to it access other functions in the canister but not the restricted ones.

Is there a way to mention custom parameters inside Delegation object that can be used inside cansiter.

pub struct Delegation {
    pub pubkey: Vec<u8>,
    pub expiration: u64,
    pub targets: Option<Vec<Principal>>,
    pub arguments: CustomArguments //ideally would need this sort of field
}

@frederikrothenberger any thoughts on how to tackle this?

Hi @gravity_vi

Currently, additional restrictions on delegations are not supported. I agree, that this would be a quite useful feature and is something that we should look into in the future.

Meanwhile, I would suggest that you solve this issue in the application code itself. I.e. rather than using a delegated identity, have the client use a different principal, and submit a token detailing the permissions / restrictions alongside the rest of the arguments.

This token should be signed by the same entity that would now issue the delegation.

1 Like