Overview
Policies for the Vertex provide a way to control exactly which messages or transactions will be signed by a specific Key Share that the Vertex holds.
This is done by defining a set of Rules that are evaluated against the message or transaction that is being signed.
Rules
A Rule is a condition that is evaluated against the message or transaction that is being signed.
In practice, a Rule is defined by:
- A Rule Server URL - This is the URL that the Vertex will send the signing request data to for evaluation.
- A Rule Server public key - The public key of the Rule Server that must sign the response from the Rule Server.
- A name for the Rule
Rule Server
The Rule Server is a server that is responsible for verifying the message or transaction that is being signed, before actual signing takes place.
The Rule Server will receive the message or transaction data from the Vertex in the form of a JWT that must be signed by the Vertex public key.
The request will be verified, then the message data will be validated and then a response in JWT format (signed by the Rule Server public key) will be returned to the Vertex.
In case the signed JWT response is valid, and the response approves the transaction, the Vertex will then check that all other Rules in the Policy pass and then finally proceed with the MPC signing operation.
More information on setting up a Rule Server can be found here.
Policies
A Policy is defined a set of Rules that are evaluated against the message or transaction that is being signed.
All Rules of a Policy must be satisfied for the Policy to be satisfied.
A Policy may be an empty set of Rules, in which case all transactions will always pass validation.
Policies may be attached as a default Policy to a User, in which case all Key Shares generated by that User will be subject to the Policy.
Alternatively, a Policy may be attached to a specific Key Share directly by an Admin.
Setting Policies for the Vertex is shown here.