【通读EOS白皮书】账户-02
今年币圈链圈一个重大事件就是:EOS在6.1日正式发布,但是还有非常多的人从未阅读过EOS技术白皮书。在此我准备做一个通读EOS白皮书系列,主要是翻译官方原文并加入个人解释的形式展现,水平有限,欢迎大家讨论交流。
微信公众号:blockd-public
微信号:点击查看
基于角色的权限管理
权限管理涉及到一条消息是否被正确的授权。最简单的权限管理形式就是校验一笔交易是否具有必要的签名,不过这表明所需的签名都已经被知道了。 一般,权限与个人或群组有关,并且是公开的。EOS.IO 软件提供声明式权限管理,也就是在什么时间能做什么事给账户足够控制权。
解释:EOS可以根据角色设置不同的权限,且权限足够细化。
认证与权限管理标准化并且与应用程序的业务逻辑分开是非常重要的。这样开发工具并使用通用的方式管理权限,同时这样也有机会优化性能。
解释:做软件开发 要考虑到通用性,而显然与业务逻辑纠缠不利于开发通用工具,所以EOS作为平台型软件一定要考虑这个问题。
每一个账户都可以通过不同的组合(私钥+其他账户)来控制。这样可以创建一个分级的权限结构来反映出现实生活中的权限组织,并且前所未有的让多用户管理资产如此轻松。多用户管理最大的贡献就是安全,并且如果使用得当,可以极大的减小因为被黑而导致资产丢失的风险。
解释:现在很多人账号都是自己控制的,也就是说黑客攻破你自己的账就可操作你的账户了。但是如果是多人控制,那么黑客一定要把所有用户都黑了才能控制这个账户。
EOS.IO 软件允许账户定义哪种密钥与账户的组合可以向另一个账户发送特定类型的消息。 举个例子: 可以一个密钥用于社交媒体账户,另外一个用于访问交易所。甚至可以在不给密钥的情况下,让别的账户代一个账户行事。
解释:EOS在权限配置上具有多样性。通过不同的组合做出合适的权限分配
原文如下
Role Based Permission Management
Permission management involves determining whether or not a message is properly authorized. The simplest form of permission management is checking that a transaction has the required signatures, but this implies that required signatures are already known. Generally authority is bound to individuals or groups of individuals and is often compartmentalized. The EOS.IO software provides a declarative permission management system that gives accounts fine grained and high level control over who can do what and when.
It is critical that authentication and permission management be standardized and separated from the business logic of the application. This enables tools to be developed to manage permissions in a general purpose manner and also provide significant opportunities for performance optimization.
Every account may be controlled by any weighted combination of other accounts and private keys. This creates a hierarchical authority structure that reflects how permissions are organized in reality, and makes multi-user control over funds easier than ever. Multi-user control is the single biggest contributor to security, and, when used properly, it can greatly reduce the risk of theft due to hacking.
EOS.IO software allows accounts to define what combination of keys and/or accounts can send a particular message type to another account. For example, it is possible to have one key for a user's social media account and another for access to the exchange. It is even possible to give other accounts permission to act on behalf of a user's account without assigning them keys.