11-17, 15:00–15:30 (Europe/Istanbul), Conference Room 1
We spend a lot of time thinking about permission systems, but it's equally important to think about how we can design systems where permission prompts are minimized. Let's discuss how we can build such systems in a decentralized setting.
Explicitly asking users for permissions is problematic, because it's cumbersome and it opens up attack vectors: users might not understand what some permissions mean, or they might blindly approve them due to becoming desensitized to warnings or due to focusing on other things (satisficing).
Research exists on how to build systems that minimize information load on users and eliminate upfront permissions and warnings whenever possible by replacing them with automatic grants and trusted UIs or context-specific confirmation dialogs. [1] But the learnings from these systems are not directly transferable to decentralized applications.
For one thing, in a decentralized setting, it’s not clear what an application is. Is it a smart contract, is it a collection of contracts or is it a website or an app?
Another issue is that operating systems and web browsers don't provide trusted UIs for dapps. These are provided by various apps and extensions, each with their own iconography and language.
Finally, in traditional systems there is typically a centralized authority who monitors applications that request sensitive permissions. How can we safeguard users from malicious applications in a decentralized setting without a centralized registry or a plethora of warnings?
Fortunately, there are lots of new tools at our disposal. Let's discuss how novel ideas such as intent-based architectures and dapp isolation mechanisms (e.g. session keys or WebAuthn signers) help us build systems that minimize information load on users and eliminate upfront permissions and warnings whenever possible.
[1] https://www.usenix.org/system/files/conference/hotsec12/hotsec12-final19.pdf
I'm a software engineer working on the Ethereum Development Runtime at the Nomic Foundation and I'm a member of the Chain Agnostic Standards Alliance Secure Design working group.