Delegated writes & ACLs

A user can delegate write access to a third-party service on a subfield of the account. This grants the third-party service write access without giving it complete control of the account.

The delegation works by appending the third-party service’s public key to the access control list (ACL), which is a part of the account storage. The third-party writes are then done through a transaction that includes the third-party’s signature.

Delegation is revocable by deleting the third-party public key from the ACL. Updates to the ACL are simple writes.