Capability Management
Tools for issuing and managing capabilities and delegations in privacy-protected manner
Types
export interface CapabilityConstraints {
expires_at?: number;
custom_constraints?: any;
}
export interface Proof {
proof_type: string;
created: number;
proof_purpose: string;
verification_method: string;
proof_value: any;
}
export interface Capability {
id: string;
parent_id: string;
issuer: string;
subject: string;
resource: string;
actions: string[];
constraints: CapabilityConstraints;
can_delegate: boolean;
delegation_depth: number;
proof: Proof;
created_at: number;
revoked_at: number;
}grant_capability
Description: Issues and anchors a new capability on-chain for a specific subject and resource.
Input Schema:
id(string): Unique capability UUID.parent_id(string): The ID of the parent capabilityissuer(string): The identity granting the permission.subject(string): The recipient identity.resource(string): The resource URI (e.g.,storage://user/docs/*).actions(array[string]): List of allowed actions (e.g.,read,write).constraints(CapabilityConstraints): Optional object containingexpiresAtandcustom(JSON bytes).can_delegate (boolean): Determine if receipent can delegate the capability to othersdelegation_depth (number): Determine the depth of delegationproof (Proof): the proof of this grant capability action
Note: You shall be using the same above method for delegating the current capability being the
parent_id, and unique capability ID for this particular delegation.
get_capability
Description: Fetch capability details
Input Schema:
id(string): Unique capability UUID.
revoke_capability
Description: Revokes the capability from the subject by issuer
Input Schema:
id(string): Unique capability UUID.
Last updated on: