Remote Policy UI

1. Creation

To create a policy suitable for operating by users via multiple (different) instances of Guardian, at the publishing stage ‘Public’ availability type must be selected.

Once such policy is published it can be imported into other Guardian instances via its publishing Message ID.

2. Import

The import of ‘external’ policies is initiated from the Remote Policies tab in the Policies grid

The original policy Message ID must be specified in the Search dialogue box.

The operation must be approved by the Standard Registry

Imported policy will become accessible from the Remote Policies tab alongside the ordinary policies

3. Users

To enable users to participate in the remote policy workflow they must be registered on the ‘home’ Guardian of the policy (from which it has been published). Such registration involves importing user profile. Please note that private information, such as private keys, are not exported, imported or accessed in any way.

Profile files can be used to create corresponding Remote Users, which can participate in the policy execution workflow using external (other) Guardian instance as a ‘console’ without exposing users private keys to any Guardian other than user’s home instance.

4. Encryption

To protect private information all data exchanges between Guardians are encrypted with the addressee public key. Each policy can be configured with a unique key:

1. Generate the key on the ‘home’ Guardian user account

2. Input the message ID of the Policy for which the key is being prepared

3. Copy the generated key

Note: The key is not retrievable after the initial creation. If lost a new one would need to be generated.

  1. Import the key into the ‘remote’ Guardian via the user account page

5. Policy execution

Remote policies are used in the same way as those running locally with few differences:

  • Speed and waiting time

Synchronization of policy execution state between different Guardian instances is performed via Hedera, an update of the policy state on other Guardians can take several minutes.

  • Publishing actions

When user take actions in their home Guardians there is a time delay associated with the remote Guardian instance processing the action request.

  • Action request

Processing remote user actions may require user private keys for signatures. These keys never leave users’ home Guardians, instead the remote Guardian formulates corresponding requests which require user action confirmations in their ‘home’ Guardians.

For the avoidance of doubt, such confirmations to do not pass private keys to the remote Guardian instance. The confirmation is performed locally, remote Guardians receive only the result of the actions (e.g. signed documents etc).

Last updated