Access Control in composeDB model / composite

Is it possible to control in composeDB which key dids are allowed to write?

For example, if a user has a valid secp256k1 key did, can the model / composite require composeDB to check a smart contract to see if the address is listed before allowing the user to write?

If not, is there any other way to achieve a similar result?

Hi @andyjagoe, thanks for your post, and apologies for the delay in getting back to you.

Couldn’t the dApp check this before allowing a user to write to ComposeDB?

Think of ComposeDB as a decentralized SQL database, so there isn’t any programmability.

Hi @mohsin,

This is an interesting question and one that has been on my mind as well. I fear your answer doesn’t solve the problem of write permissions as, although I could make sure my code checks for specific accounts before being able to write to the model, what is there to stop someone creating a script that spams data into the model themselves?

For the decentralised database analogy to hold, we need a solution that enables certain models to be restricted to specific accounts if needed. A great example of this is Streamr, which saves write permissions to a smart contract, and enables you to have public or private streams, so only specific accounts can write data to it.

For our application, we are looking for a decentralised database and, for the reasons above, Ceramic would not be suitable unless there were plans to implement write access controls at some point in the roadmap.

Thank you for the work so far but I’m really hoping you can see why no write access control options is going to prevent a lot of use cases. I wonder if you could shed some light on this @avi?

Hey Martin @mkc and Andy @andyjagoe - just captured both your feedback in our product backlog under “Access Control for Reads/Writes to a Stream.” Definitely understand the need for both privacy on the read side and eliminating low quality content on the write side.

Beyond access lists, would reputational filters also be helpful? Could be a softer approach than manual allows.