XELIS Secure WebSocket dApp
What is XSWD?
XELIS Secure WebSocket dApp (XSWD) is a groundbreaking application layer protocol designed to elevate security and usability in the interaction between applications and user wallets. The XSWD protocol facilitates secure interaction with dApps from any website by establishing WebSocket connections. WebSockets enable real-time, bidirectional communication between web clients and servers, for direct communication. In any case, the user can easily prevent any unauthorized access. Without this protocol, you would have to authorize full access to your wallet for interacting with any third-party application.
Features and Benefits
-
Elimination of RPC Bridge Dependency: XSWD eliminates the need for the RPC bridge browser extension.
-
On-Demand Communication: XSWD adopts a novel paradigm where communication between dApps and wallets occurs on a per-request basis.
-
Secure dApp Interaction: XSWD ensures safe connections and authentication with dApps via WebSocket.
-
Flexible Permissions: Users can opt to deny, allow (one-time or always), or permanently reject requests from dApps, providing control over data access.
-
Ease of Integration: Manage integration effortlessly through CLI wallet commands. Toggle the XSWD Server and manage dApp permissions.
-
Proxy for Daemon Requests: XSWD acts as a proxy, offering a comprehensive API for developers to integrate DERO into their services or dApps.
Permissions
The permissions are set based on the RPC method requested and are the following:
- ask: The application must ask each time the permission to the user when a request is made.
- accept_always: The application is allowed to make the request without asking the user each time.
- deny_always: The application is not allowed to make the request and the user will not be asked again. Request will be always denied until changed.
The permissions are not persisted in the wallet and are only valid for the current session. For persistance, the application must store the permissions set by the user and send it back in the ApplicationData message if allowed.