CAP: 0029
Title: AllowTrust when not AUTH_REQUIRED
Author: Tomer Weller
Status: Draft
Created: 2019-12-13
Discussion: https://groups.google.com/d/msg/stellar-dev/igkJhpPUm-g/7k_3v6SKBQAJ
Protocol version: TBD
This CAP addresses the following authorization semantics requirements:
- An issuer should always be able to authorize a trustline regardless of any issuer flags.
- An issuer should always be able to revoke a trustline for an asset that is set as revocable.
Trustline authorization is an important feature of the Stellar protocol. It allows issuers to handle various regulatory requirements. However, it's current behavior is not sensible with regards to to configuration changes and revocable assets:
- The authorize (
ALLOW_TRUST, Authorize=true) operation fails if the issuer does not have any flags set, even when the trustline is unauthorized. This complicates asset configuration changes. - The revoke (
ALLOW_TRUST, Authorize=false) operation fails if the issuer does not have theAUTH_REQUIREDflag set. This defeats the purpose of having revocable assets that default to authorized trustlines ("Blacklist authorization").
This CAP introduces two changes to ALLOW_TRUST semantics:
- Allow
ALLOW_TRUSToperations withAuthorize=trueto be performed regardless of any issuer account flags. - Allow
ALLOW_TRUSToperations to be performed on trustlines to assets that have theAUTH_REVOCABLEflag set, regardless of whether or not theirAUTH_REQUIREDflag is set.
This change is backward compatible for sensible consumers. It is not backward compatible for consumers that rely on the above operations failing.
//TBD
//TBD