This CAIP defines a simple syntax for scopes of authorization between applications (e.g. dapps) and user-agents (e.g. "wallets" or signers). These are expressed as JSON objects as a building block across multiple protocols and mechanisms, for example:
The layering of today's cryptographic and decentralized systems favors loosely-coupled combinations of protocols (representated in the CAIPs model as namespaces), instances or consensus-communities within those protocols (addressed in the CAIPs model as CAIP-2 URNs), and sets of supported RPC methods and notifications used in those namespaces. Bundling all of these into an object facilitates unambiguous authorization schemes, including progressive authorization patterns, feature discovery, authority negotiation (See CAIP-211) and delegations.
An authorization scope is represented in JSON as an object which is keyed to a
string that expresses its target network and contains arrays of strings
expressing the various capabilities authorized there. When embedded in any other
JSON context (including the params of a JSON-RPC message), the object MUST be
expressed as the value of a property named by the scope string.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" written in uppercase in this document are to be interpreted as described in RFC 2119
The syntax of a scopeObject is as follows:
Where:
scopeString} (conditional) = EITHER a namespace identifier string registered in the CASA namespaces registry to authorize multiple chains with identical properties OR a single, valid CAIP-2 identifier, i.e., a specific chain_id within a namespace.references (conditional), formerly chains = An array of 0 or more references - a resolution to a specific blockchain for the namespace specified as the scopeString. For each entry in references, all the other properties of the scopeObject apply, but in some cases, such as when members of accounts are specific to 1 or more chains in references, they may be ignored or filtered where inapplicable; namespace-specific rules for organizing or interpreting properties in multi-scope MAY be specified in a namespace-specific profile of this specification.
chainId by the scopeString value above.references are defined or no CAIP-2 profile has been published.chainIds are defined. An empty references array MUST NOT be interpreted as authorizing an entire namespace in which a finite list of CAIP-2 values could be set, but rather, as applying equally to zero members of that finite list until 1 or more of them are added to references.methods = An array of 0 or more JSON-RPC methods that an application can call on the agent and/or an agent can call on an application.notifications = An array of 0 or more JSON-RPC notifications that an application send to or expect from the agent.accounts (optional) = An array of 0 or more CAIP-10 identifiers, each valid within the scope of authorization.rpcDocuments (optional) = An array of URIs that each dereference to an RPC document specifying methods and notifications applicable in this scope. See CAIP-211 for semantics and usage.rpcEndpoints (optional) = An array of URIs that each dereference to an RPC endpoints for routing requests within this scope. See CAIP-211 for semantics and usage.Additional constraints MAY be imposed by the usage of scopeObjects in
protocols such as CAIP-25, and specific namespaces may have
implicit values or validity constraints for these properties.
Whenever another CAIP uses the name scopeObject and has this CAIP in the
required front-matter property, it SHALL be interpreted as reference to this
specification.
Copyright and related rights waived via CC0.