ERC-5585: ERC-721 NFT Authorization

Allows NFT owners to authorize other users to use their NFTs.

Metadata

Status: FinalStandards Track: ERCCreated: 2022-08-15

Authors

Veega Labs (@VeegaLabsOfficial), Sean NG (@ngveega), Tiger (@tiger0x), Fred (@apan826), Fov Cao (@fovcao)

Requires

EIP-721

Links

GitHub page Discussion on Ethereum Magicians

Abstract

This EIP separates the ERC-721 NFT's commercial usage rights from its ownership to allow for the independent management of those rights.

Motivation

Most NFTs have a simplified ownership verification mechanism, with a sole owner of an NFT. Under this model, other rights, such as display, or creating derivative works or distribution, are not possible to grant, limiting the value and commercialization of NFTs. Therefore, the separation of an NFT's ownership and user rights can enhance its commercial value.

Commercial right is a broad concept based on the copyright, including the rights of copy, display, distribution, renting, commercial use, modify, reproduce and sublicense etc. With the development of the Metaverse, NFTs are becoming more diverse, with new use cases such as digital collections, virtual real estate, music, art, social media, and digital asset of all kinds. The copyright and authorization based on NFTs are becoming a potential business form.

Specification

The keywords “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY” and “OPTIONAL” in this document are to be interpreted as described in RFC 2119.

Contract Interface

The getRights() function MAY be implemented as pure and view.

The authorizeUser(uint256 tokenId, address user, uint duration) function MAY be implemented as public or external.

The authorizeUser(uint256 tokenId, address user, string[] rights; uint duration) function MAY be implemented as public or external.

The transferUserRights(uint256 tokenId, address newUser) function MAY be implemented as public or external.

The extendDuration(uint256 tokenId, address user, uint duration) function MAY be implemented as public or external.

The updateUserRights(uint256 tokenId, address user, string[] rights) function MAY be implemented as public or external.

The getExpires(uint256 tokenId, address user) function MAY be implemented as pure or view.

The getUserRights(uint256 tokenId, address user) function MAY be implemented as pure and view.

The updateUserLimit(unit256 userLimit) function MAY be implemented as public or external.

The updateResetAllowed(bool resetAllowed) function MAY be implemented as public or external.

The checkAuthorizationAvailability(uint256 tokenId) function MAY be implemented as pure or view.

The resetUser(uint256 tokenId, address user) function MAY be implemented as public or external.

The authorizeUser event MUST be emitted when the user of a NFT is changed or the authorization expires time is updated.

The updateUserLimit event MUST be emitted when the number of users that can be authorized per NFT is updated.

Rationale

First of all, NFT contract owner can set the maximum number of authorized users to each NFT and whether the NFT owner can cancel the authorization at any time to protect the interests of the parties involved.

Secondly, there is a resetAllowed flag to control the rights between the NFT owner and the users for the contract owner. If the flag is set to true, then the NFT owner can disable usage rights of all authorized users at any time.

Thirdly, the rights within the user record struct is used to store what rights has been authorized to a user by the NFT owner, in other words, the NFT owner can authorize a user with specific rights and update it when necessary.

Finally, this design can be seamlessly integrated with third parties. It is an extension of ERC-721, therefore it can be easily integrated into a new NFT project. Other projects can directly interact with these interfaces and functions to implement their own types of transactions. For example, an announcement platform could use this EIP to allow all NFT owners to make authorization or deauthorization at any time.

Backwards Compatibility

This standard is compatible with ERC-721 since it is an extension of it.

Security Considerations

When the resetAllowed flag is false, which means the authorization can not be revoked by NFT owner during the period of authorization, users of the EIP need to make sure the authorization fee can be fairly assigned if the NFT was sold to a new holder.

Here is a solution for taking reference: the authorization fee paid by the users can be held in an escrow contract for a period of time depending on the duration of the authorization. For example, if the authorization duration is 12 months and the fee in total is 10 ETH, then if the NFT is transferred after 3 months, then only 2.5 ETH would be sent and the remaining 7.5 ETH would be refunded.

Copyright