Authors

• Derek Chiang (ZeroDev)
• Dan Finlay (MetaMask)
• Shane Jonas (MetaMask)
• Many more, tba

Context

This standard iterates on and evolves from the following documents:

Permissions Standard — DApp Signing Flow

Permissions Standard Pre-draft

Permissions Standard Pre-draft for AA Wallets ONLY

To distinguish from those documents, this one makes some changes to more closely resemble the ideas from Fthis blog post, which I believe make for a simpler standard, while maintaining maximal optionality for all agents in the system.

This standard does not attempt to solve login permissions for EOAs, and should be considered a post-EOA flow. If EIP-3074 were adopted, there would be ways for EOAs to evolve to be compatible with these standards.

Abstract

In this document, we outline the full flow for

1. The dapp to request what it needs on behalf of its session account.
2. The user account to grant the permissions it wants.
3. The dapp to use the granted permissions without requiring an active wallet connection.

This is useful for a variety of use cases, including:

• “automation”, where the DApp can automatically send UserOps for users even when they are offline, such as in the case of subscriptions.
• “warm keys”, where a cold account can still be used without having all of its permissions exposed.

This also provides a variety of security benefits over the current dominant paradigm of “request account, propose transaction”:

• Attacker does not know what a user has before making a request.
• All requests are user legible (without reliance on external infrastructure, and friendly to offline signers)