Thinking about Jon’s lecture last night, it seems like this is solvable problem using existing tools - the question, stated, is “Does the roles table already exist?” There seem to be a few that get close, but don’t meet all our requirements. As an example, Clarity.so has both token gating with NFTs and roles, assignable to members. However, it doesn’t use the token-gate NFT to confer access. Roles are assigned to members after they’ve passed the token-gate. Roles are centrally managed in Clarity and unavailable elsewhere.

I’m not aware of an existing solution that fits our requirements, but I am interested in sketching one out.

👆 Requirements

• [ ] Ownership of an NFT confers access to a given resource
• [ ] Multiple apps can use the same method for checking NFT access rights (public)
• [ ] Immutable, append-only
• [ ] Scalable to billions+ of token IDs
• [ ] Only the admin of the table can append
• [ ] Admin ability to revoke access rights
• [ ] User ability to relinquish access rights

👉 Solutions

🛣️ Off-Chain

1. A federation of apps (ie. 1729) could create a literal SQL table in some centralized location. Each app could call home to reference this table. It could be made public. We could pretend it’s immutable, but in reality, it’s mutable. #dontbeevil
2. A SaaS-type product could provide this service to the public. Same solution as above, but the SQL table has a bunch of purpose-built CRUD methods attached to it.

⛓️ On-Chain

1. A federation of apps use an immutable, on-chain table abstractions like https://tableland.xyz/. Same solution as #1 above, but now it’s actually immutable. This would be purpose-built for the needs of that specific group of apps.
   1. ⚠️ Tableland has a 100k row limit, so this doesn’t meet our scaling requirements.
2. Same as above but go lower-level and write smart contracts. I strongly suspect we would have issues scaling this, especially if it needs to be snappy - like for accessing an app.
3. Do all RBAC in the NFT. I believe this is possible, and frankly it seems like the only solution that will scale effectively. The key thing to recognize is the different between creating and NFT and minting an NFT. POAPs are a good, simple example. There is only one POAP ERC-721 contract deployed, and it’s used to mint many POAPs. “Minting” is just storing in the main contract that a certain address owns a token.
   1. NFT tokens can be revoked, expired, or invalidated by an administrator or authorized address (ie. the owner.) It works in whatever way we write the ERC-721 contract.
   2. We can store metadata in the NFT. This covers the details of the roles and policies.

NFT-Only Example Workflow

1. 1729 admin deploys NFT contract 1729 Editor