In this three-part series, we will explore the innovative Orbit platform - a secure on-chain governance solution for teams managing digital assets and smart contracts across multiple blockchains.
This article delves into Orbit's flexible policy engine, demonstrating how it provides teams with customizable access control through its smart contract framework.
In our upcoming articles, we will explore Orbit's financial management capabilities in 'Orbit for Treasuries: Secure Management' and examine container governance in 'Orbit for Canisters: Secure Governance from Day One,' showcasing how Orbit transforms the governance of the Internet Computer through multi-user governance.
The Internet Computer has a unique capability to develop mature smart contracts, enabling teams to securely manage crypto assets and govern other smart contracts through robust approval policies and four-eye control.
The Internet Computer's smart contract container goes beyond traditional functions, supporting general computation, signing transactions with threshold keys, and directly interacting with other blockchains or web services via HTTPS Outcalls.
Motivation and background
Managing smart contracts and treasuries often lacks flexibility and security, with existing solutions constrained by fixed threshold policies, hard-coded user roles, or ecosystem-specific support (e.g., Safe for EVM chains).
Enterprises may turn to centralized platforms like Fireblocks, which offer flexibility but at a high cost and primarily focus on asset management without addressing broader governance needs.
Recognizing these challenges, the DFINITY Foundation set out to build a flexible, open smart contract solution capable of replicating on-chain team processes and approval workflows, addressing the real needs of DFINITY's own financial team and providing valuable feedback during the development process. This effort was further validated.
The Birth of Orbit
Orbit was created as an open-source solution designed to address the operational challenges teams face in securely managing assets and smart contracts. Orbit aims to provide a stable, secure, and flexible policy engine that enables teams to define and execute approval processes according to their needs.
To showcase the powerful capabilities of the Orbit platform, we launched Orbit Wallet, the first browser-based wallet built on Orbit Station. Orbit Wallet provides a user-friendly interface to manage crypto assets securely and conveniently, fully leveraging the powerful features of the Orbit Station smart contract platform.
Advanced Design
Station
Station is the central smart contract of Orbit, designed to securely manage assets and enforce policies. It controls the private keys associated with account assets and ensures transactions can only be initiated after all approval policies have been validated.
Core Features:
User management with fine-grained permissions;
Creating accounts for crypto asset operations;
Creating approval policies for various operations (e.g., transfers, user management);
Executing transactions only after policy validation;
Comprehensive audit logging due to its request system.
Upgrader
The upgrader is a smart contract that supports upgrades and disaster recovery, ensuring the security and operational continuity of the space station.
Core Features:
Secure station upgrades;
Disaster recovery capabilities;
Backup of asset and user configurations.
After deploying the workstation, the initial administrator and the number of approvals will be defined, with the upgrader designated as the controller of the workstation, ensuring no single user has direct control over the workstation. Upgrade and recovery operations must comply with policies and be managed through dedicated APIs.
Key Concepts
Resources: Operations or entities used to configure permissions and approval policies within the system.
Users: Identities with access rights to resources, abstracted for flexibility, where a single user may have multiple identities.
User groups: Configurable groups that determine access to specific functions and are associated with user permissions.
Accounts: Bound to private keys through unique seeds and assets, governed by approved policies for transfers and configurations.
Assets: Crypto assets managed by accounts, constrained by account approval policies and permissions.
External containers: Containers managed by the space station for secure upgrades, operations, and access control.
Requests: Since smart contracts set up an approval policy evaluation framework for executing operations, we established the concept of requests, where any change to the smart contract, addition of users, initiation of transfers, or even upgrades first requires users to have the right to create requests, and to execute a request, all approval policies must be successfully met.
What this means for developers
For developers, Orbit introduces new flexibility and security in smart contract management, allowing you to define fine-grained permissions, execute approval workflows, and manage updates through built-in disaster recovery - all while maintaining control over assets and smart contracts.
The launch of Orbit Wallet provides a practical example for developers on how to leverage Orbit Station to build user-friendly and powerful applications. Orbit's open-source design offers scalability, allowing developers to create custom solutions or integrate them into existing workflows.
What this means for the treasury
Orbit is a transformative tool for teams managing crypto assets and funds, eliminating the risks of centralized asset management while maintaining operational efficiency by providing secure approval policies and multi-user governance.
Treasuries benefit from features such as fine-grained access control, audit trails for each transaction, and disaster recovery mechanisms to protect assets. Orbit Wallet adds extra convenience, allowing teams to securely manage their assets through a browser-based interface, leveraging the powerful capabilities of Orbit Station.
Orbit Operation
Orbit's policy engine provides teams with a comprehensive framework for managing crypto assets, controlling access permissions, and securely managing operations. Whether initiating transfers, upgrading smart contracts, or configuring permissions, Orbit implements flexible approval policies that allow teams to operate confidently and securely.
By integrating features like audit logging, disaster recovery, and proxy operations for external containers, Orbit has become a powerful governance and asset management platform. The release of Orbit Wallet marks an important step in making these features available to all users and intuitive to use.
The IC content you care about
Technical advancements | Project information | Global activities
Follow the IC Binance channel
Stay updated