Skip to main content

User to User Delegation

Overview​

The FPX wallet, through its delegation feature, enables a wallet user to delegate service access to another user. This means that the delegatee (from now on referred to as Wallet User B) can access a permitted service on the delegator's (from now on referred to as Wallet User A) behalf. This access is granted through a mutually verified connection between the two wallet users. Users can determine the particular services they wish to delegate and for how long the connection & delegation will stay valid.​

The Delegation feature, as a part of the FPX product suite, meets the need for convenience in access delegation while keeping security at heart.

For instance, a person can now use the feature to allow their caretaker to access their calendar and manage their medical appointments for them. On top of that, they can choose to restrict their caretaker's access to sensitive information, such as an appointment for surgery, and only allow access to information that is relevant.

User Flow​

The delegation process unfolds in the following way:

Connection:

  1. Wallet User A creates an invite to send to Wallet User B.
  2. Wallet User B accepts invite.
  3. Wallet User A confirms invite after Wallet User B has accepted their invite.

Once the flow above is sucessfully completed, a connection between both users is formed.

Access delegation:

  1. Wallet User A creates delegate access for Wallet User B
  2. Wallet User B receives the required set of permissions created by Wallet User A to access Wallet User A's services on their behalf.

Created at the wallet server by Wallet User A, the invitation link is used to establish the CONNECTION from User A to User B. It can be shared through any supported method (QR, via email, etc.). Once shared, Wallet User B is able to view and either accept or decline the invitation (The link expires after a predetermined duration). If accepted in time, Wallet User A can choose to confirm or decline the acceptance. If Wallet User A confirms the acceptance, a connection is established between both users. Otherwise, the invitation will expire due to no activity on the creator's behalf. Also, an invitation may include other information, such as a service to automatically delegate upon confirmation of the invitation.

Connection​

A connection is a relationship between two Wallet accounts that have been mutually verified. Users can create and manage connections directly from their wallets. Establishing a connection does not delegate a service by itself. It is, however, the channel through which delegations between two users take place (in either direction). It will automatically expire after a predetermined period.

Delegate access to service​

Service delegation is a direct sharing of access to a particular service from one wallet user to another within an established connection. This delegation, for example, will allow Wallet User B to access a service on behalf of Wallet User A. Once a Connection is established between two wallet users, a typical delegation process unfolds in the following steps:

  1. Wallet User A selects that active connection
  2. Wallet User A creates delegate access
  3. Wallet User B uses the delegate access details to create necessary permissions in order to then access Wallet User A's service.

A delegation will also expire after a predetermined duration.

Revocation​

The invitation link, connection, and delegation access expire after a predetermined time frame. In addition to that, these processes can also be revoked by both the delegator and the delegatee.

Both users, through the wallet server, can revoke:

  • A connection, upon request by either user
  • Delegated access upon request by the delegator
  • All connections and delegated access upon deletion of either user

For a user that is deleted, all delegated access with them as either the delegator or delegatee, as well as all connections involving them, are revoked. Upon revocation of delegated access, the wallet server stores its revocation status and the authorization server also recognizes that it is no longer valid.

Sensitive Resource Restriction​

Through the Sensitive Resource Restriction functionality, An Admin, via the Wallet Server Admin API, can restrict resources considered sensitive from being delegated. An admin can strategize using one of the two modes to protect resources - The permissive mode and the restrictive mode

The Permissive Mode​

If user-led-delegation.delegation-restriction-mode is set to permissive, no resource can be delegated except for the resource/s that is added to the delegatable_rs_resource_to_client table by the Wallet Server Admin

The Restrictive Mode​

If user-led-delegation.delegation-restriction-mode is set to restrictive, All resources can be delegated except for the one that is added to the restricted_rs_resource_to_client table by the Wallet Server Admin