Controlling the access to shared wallets using RINO
The same convenience and the same feature set of most custodial offerings, without having any access to the user's funds.
Organizations and groups of individuals often face the challenge of managing shared access to common funds, in a way that provides them the required flexibility to execute their day-to-day operations while maintaining a certain level of security.
In the fiat world, one can rely on banks for this service. In the crypto world, this often requires custodial wallets and services. An alternative available in the crypto world are multi-signature wallets. However, these are harder to get right and don't provide many features that organizations need to operate and stay compliant. Features that are usually readily available in the custodial offerings.
Monero even adds a few other layers of complexity to achieve the same outcome, because of its focus on security and privacy (that we all love). Regular wallets are a great fit for individuals, but not well suited for organizations and other groups. Multi-signature is available, but hard to work with, error-prone and time-consuming.
This is where RINO comes in. With its 2-out-of-3 multi-signature wallet model, it makes it possible to provide the same convenience and the same feature set of most custodial offerings, without having any access to the user's funds. Even when sharing access to a wallet with spending permissions, no other party has full control of the wallet aside from the owner.
In this post, let's explore the sharing features that RINO provides for both its community and enterprise offerings.
How it works
How RINO works is "simple": the owner of a wallet has 2 of the 3 keys, giving him full control of the funds. RINO has access to the third key (alone, it cannot do anything).
One of the owner's keys should be safely stored offline, and the other is meant to be used regularly. The latter is the one that will be shared with other users if they are added to the wallet and have "spending" permission.
With this setup, RINO will enforce the permissions and configurations set by the wallet owner/admin, by only adding the second signature when the created transactions are compliant. Remember that RINO is unable to access the funds without prior validation of a user with the access to the second key.
With the setup described above, RINO implements 5 user roles that are common in most organizations, communities and groups of people in general. Two of those roles are available in the community version, while all of them are available in the enterprise version.
When managing your wallets using a community account, you will only be able to give admin access to other users, since only 2 roles are supported. The same happens the other way around.
The basic roles available in RINO’s community offering are the following:
Owner: The owner has full privileges over the wallet. It can basically do anything that is supported by RINO, such as editing wallet settings, sending funds, generating subaddresses, etc. One peculiar aspect of this role is that this membership can't be removed from the wallet. There can only be one owner.
Admin: Users with the admin role have the same permissions as an Owner. However, multiple of them can exist at the same time, and these roles can also be revoked/removed by the owner or the other admins.
Both roles have access to 1 of the 3 keys, which will allow them to move funds when cosigned by RINO.
Note that while these two roles exist in the community version, they don’t have access to several features that are exclusive of the enterprise version (approvals, transaction limits, etc.).
In addition to the 2 roles above, enterprise accounts can share wallet access using more granular roles, this is very useful for bigger organizations where more control and scrutiny is necessary over the actions done with a wallet.
The additional roles available in RINO’s enterprise offering are:
Spender: Users with this role have access to 1 one of the keys, so they can create new transactions and sign them. However, it is not guaranteed that a transaction will be accepted by RINO, since RINO will only cosign if/when it complies with the wallets requirements/settings. This role cannot edit the wallet settings.
Approver: The approver role doesn't have access to any wallet key. Users with this role can view the wallet and its activity, but cannot spend funds or edit any settings. Nevertheless, they can approve pending transactions that require a minimum number of approvals before RINO signs and publishes them.
View-only: As it is obvious from the name, when a user has the “view-only” role on a shared wallet, that user will only be able to see the wallet data, without having the power to change the wallet state in any way.
In the end...
Different users will have distinct requirements for either the security of their wallets and the access model that allows them to operate efficiently. RINO was built to provide the tools and the convenience to address the day to day Monero operations of individuals and organizations, without compromising the security and the custody of the funds.
If any doubts persist, or you would like to discuss these features in more detail, feel free to reach us using the support channels, we will be glad to help and to hear any feedback you might have.
Otherwise, stay tuned, we have many more features and improvements coming soon.