Overview
What you need to know, from 100,000 ft.
Last updated
What you need to know, from 100,000 ft.
Last updated
Hybrid Custody has Parent and Child accounts. A parent account can be granted full or partial access to a child account, with the child account having full control of what that access looks like. For instance, an app may elect to only share access to NFT collections to a parent, while leaving out access to FungibleToken resources.
This access can be changed or be revoked at any time by any entity with full control of the child account.
In order to share access to a child account with a (would be) parent, the child must publish said access to another account, and that account (the would be parent account) must redeem it. Once redeemed, the parent <> child relationship between two accounts is established, and a user will be able to sign in with the parent account and access anything given to them by the associated child account despite having no way to login with or use their application (child) account on third party platforms.
A child account has a few mechanisms at its disposal to control what a parent account has access to:
CapabilityFactory - What types of capabilities can a parent account attempt to get?
CapabilityFilter - Requested capabilities will only be successfully returned if the filter's allowed method returns true.
Linking and Unlinking - Parent accounts are not able to create, delete, or edit existing links. So if a child account does not want the parent to have access to a target resource, they can elect to not set up a link to it that would be accessible.
Please see Resources and Transactions for sample configurations of CapabilityFactory and CapabilityFilter resources
As of the last time Hybrid Custody's compatibility with CapabilityControllers (an upcoming rework to Flow's Capability system) was checked, Linking and Unlinking may not be a control that is reliable in the future.
