# DMZ Proposal
The purpose of DMZ is to determine whether `authorization` is required for inbound messages. This determination is made based on a message's `descriptor`. Specifically, `method` and optionally `schema`
## DMZ Policy Data Model
| Field | Data Type | Required (Y/N) |
| -------- | -------- | ------ |
| `method` | String | Y |
| `schema` | String | N |
## DMZ Interface
### Methods
#### `DMZPolicyAdd`
```json
{
"descriptor": {
"objectId": "some-uuid-v4",
"method": "DMZPolicyAdd",
"policy": {
"method": "THE_METHOD_YOU_WAWNT",
"schema": "THE_SCHEMA_YOU_WAWNT"
}
},
}
```
- A `DMZPolicyAdd` message's descriptor, **MUST** contain the following properties:
- `objectId` - the id of the policy
- `method` - durr
- `policy` - the `policy` property **MUST** be an object that includes the following properties
- `method` - The method you want to demilitarize
- `schema` - The schema you want to demilitarize
- A `DMZPolicyAdd` message **MUST** contain `authorization`
**Example Message**:
```json
{
"descriptor": {
"objectId": "104932a6-85b3-4fb5-90d2-f46707e2dd8b",
"method": "DMZPolicyAdd",
"policy": {
"method": "ThreadCreate",
"schema": "https://schema.org/LikeAction"
}
},
}
```
This Policy would enable anybody to send Music Playlists to your Identity Hub
#### `DMZPolicyRemove`
```json
{
"descriptor": {
"objectId": "some-uuid-v4",
"method": "DMZPolicyRemove",
}
}
```
- A `DMZPolicyRemove` message's descriptor, **MUST** contain the following properties:
- `objectId` - the id of the policy
- `method` - MUST be the string `DMZPolicyRemove`
- A `DMZPolicyRemove` message **MUST** contain `authorization`
- `objectId` - the id of the policy you want to remove
### Pseudocode
```javascript
async processMessage(message) {
// message validation and other things
const { descriptor } = message;
// build DMZ policy out of message's descriptor
const policy = {};
for (let field of ['method', 'schema']) {
if (field in descriptor) {
policy[field] = descriptor[field];
}
}
// check to see if policy is within DMZ
const isWithinDMZ = !! await this.DMZCache.get(policy);
// authorization is required if message op is not within DMZ
}
```
### Logic
- Build policy out of fields within `message.descriptor`
- Check to see if policy exists in hub's DMZ store
- if it does, no auth is required.
- Otherwise, expect auth
Sign in with Wallet
Connect another wallet