Requirements for the Client software
Wallets
Types
Clients should make use of different wallets.
Wallets that should be supported in the short term
include:
-
SOX2
-
DBS
Wallets that may be supported in the longer term include
Storage
Clients may be required to assist wallets with
a method of reliable storage.
The storage of DBS tokens and SOX receipts must be atomic
and reliable. It is not clear how to do this in Java yet,
but that does not change the requirement!
The requirement might be met by either of the following:
-
by having secure atomic storage onto the local disk, or
-
by replicating data over the net on virtual drives.
Basic Actions
Following Basic actions are required
in approximate order of priority.
-
Management ownership entities (accounts)
with the following sub-actions:
-
Create new
-
Read existing
-
Close and transfer all value.
-
Creation of payment and clearance of payment.
The Wallet and Applications should facilitate the
re-spending of any transaction as a test of the
system (this requirement also derives from licensing
conditions).
-
Import / Export of text-format value.
-
Display of sub accounts:
completed and pending transfers,
and in and out transfers
(this applies to all wallets).
-
Consolidated balance display.
-
Applications protocols.
TBD
Presentation
Wallets will provide packets for external transport
of data. This data should be turned into ASCII-armoured
or MIME format, and displayed in C&P dialogs.
Output
The client should have a basic export facility that
requests details:
-
source account
-
target account (optional)
-
amount
-
item
-
expiry date (depends on wallet) (sensible default)
When those details are supplied, the client should
conduct sanity checking, identify the wallet concerned,
and request the appropriate (binary packet?) payment.
The payment should be converted to ASCII armour or
MIME (preferably the latter?) and displayed on a
cut&paste-enabled dialog.
The user is now instructed to C&P the message into
an email (for example).
Input
On reception of the above message, a user can
feed the message into the client for processing.
An option in a similar place to the above output
mechanism should pop up a C&P-enabled dialog.
The user is instructed to paste the email (for
example) into the dialog and click ok, etc.
The presentation layer then strips off the armouring
or MIME, determines which wallet to send this message
to, and calls the API for the wallet to process the message.
Messages
This method of C&P messages is primarily intended for
value passing. It should be possible to later add other
messages.
A consolidated balance - of all accounts in all wallets -
should be made available, showing all assets and values
on one screen.
A strong requirement is that the user is shielded from
the minor differences in nominally simmilar assets.
That is, the individual balances of two items in
derivative e-gold should be consolidated into one
balance on this current display. However, this
consolidated balance should be obviously different
from a pure, non-mixed balance. I.e., bold or italic
or coloured.
Context within which Client operates
The client manages value within a context of Ricardian contracts.
A Ricardian contract is
-
A text contract that includes details of the value
relationship between the Issuer and the Holder of
instruments.
-
A signature in that contract that affirms the Issuer's
good intentions.
-
A message digest (hash) that identifies the contract uniquely.
-
Details of servers and PKI, generally held in a
separate file.
Both current wallets will use the hash as the basic
identifier. A client will need a separate module to
-
Read all current contracts held in the contract directory.
-
Make the contracts accessible, indexable on:
-
Hash - one contract returned per hash.
-
Common currency unit name (USD, NLG, EUR, etc).
Many contracts returned by base currency unit.
-
All contracts - return list of hashs.
-
Add a new contract from a file or URL (later).
-
Check signatures on contracts, based on keys in
PKI context
-
Display contracts in text form - contract browser - to user.
-
Display appropriate information on other displays. E.g.,
for a currency, the symbol ('$') is extracted and used as the
balance symbol.
PKI - public key infrastructure - will need to be managed.
The PKI management will be similar to, for example, the
facilities offered by the pgpk(1) program.
Specific PKI facilities needed:
-
Add public key to keyring.
-
Extract key according to key id.
-
Check signature on hash.
-
Generate canonical hash from document (Ricardian contract).
This work may be done within the Cryptix context, or may not,
so it may be a direct requirement of the Client project, or
it mau be an API provided...
There is an assumption that X.509 should be used, and
Diffie Hellman key exchange and ElGamal public keys
should be used. RSA may be supported.
In practice this means that signatures are self-identifying,
and the code can accept a signature of either type. It should
generate signatures according to the specifications in the
Ricardian contract or the SOX file.
Server context is managed by the SOX file. This file
includes details such as IP address, port, signature
and hash schemes supported, etc.
The location of the SOX file is identified in the
Ricardian contract by a URL.
Later versions of the code should be able to handle
multiple locations of the SOX file for replication
purposes.
Environment and Conditions
Clients should cope with the following:
-
Many issuers.
-
Many issues with each issuer.
-
Issuers handling different protocols (wallets).
-
Payment for zero - must be the same as a value payment.
-
Payment to self - ditto.
-
Negative balance - must handle maths correctly and not throw
exceptions, etc.
Strictly speaking, these requirements are that no exceptions should
be made between these cases. Experience suggests that these
special cases need to be specified in advance. Each of these
is necessary, not gratuitous.
The Applications
The other applications are deferred for the immediate term.
The following is un-reviewed high level business requirements.
Purchasing
A.k.a. Retail and ecommerce.
-
Only one class of user - Wallet must
include both selling and purchasing halves.
-
can receive a payment and store it
on safe storage in an automated
fashion (this is the merchant-wallet).
-
no identifying information (of either party)
is required to make a payment.
-
no particular requirement to allow the
identification of the payer or the payee,
but obviously a useful feature....
-
must be able to create a non-revocable
payment.
-
shielded from the distinction between
different contracts issued in the same
unit of account...
Trading
Deferred.
Management
Deferred.
Platforms
There are major platform/application combinations
envisaged for the software, listed in approximate
order of priority.
-
Servlet client providing interface over web.
-
Standalone client on user PC
-
Specialist client in dedicated NC-like box,
where we control the configuration for security
reasons.