ACL protection of DGL accounts, token creation, issuance, transfers, DAO, metering
At present, any client connecting to a node can do anything with cordite APIs.
Certainly in the case of our internal clients, but also others (as discussed in our live demos), some form of ACL and integration SPI with auth* services would be beneficial.
One use-case: protect access to accounts by business function and role. Roles may distinguish between ops/admin vs regular business users. So for example, we may wish the creation of a token to be constrained.
We also need to think about this from the Cordite alpha-net and beta-net perspectives. Do we want everyone connected to a respective node, to have free access to operate on each others state?