Stellar connection accounts will get their minimum balance from intermediate installation accounts created for that purpose from central Mifos account.
Status | Decided |
|---|---|
Stakeholders | @Markus Geiss (Deactivated) @Myrle Krantz (Deactivated) Jed McCaleb (Stellar) Bartek Nowotarski (Stellar) |
Outcome | MFI accounts created for connection with Mifos will be funded from a dedicated Mifos account created for that purpose and funded with a minimum amount to protect against excessive losses should we make some kind of mistake. |
Due date | Dec 18, 2015 |
Owner | @Myrle Krantz (Deactivated) |
Background
We wish to make it possible to automate the connection of a tenant to the Stellar network. Ideally, this would mean automating the creation of the Stellar account. But Stellar accounts require a minimum balance upon creation. That balance in turn requires a source.
There are currently 100+ tenants for which accounts would have to be created. The minimum balance is 20 lumens, which is roughly 4 cents. We should reserve 10 dollars for account creation. We need to keep track of any accounts that we create so that they can be removed when they are no longer needed.
There are several possible solutions to this problem:
Ask Stellar if there is a way around the minimum balance problem for our special use case.
Make the tenant create their account by hand and give the responsibility for their minimum balance to them. The tenant then provides the account number when connecting Stellar and Mifos.
Set up a single central account from which the balance for all new tenants for all installations is booked.
Have the administrator of an installation setup a master account for the entire installation. Read the secret seed for this account from configuration. Automatically set up the tenant accounts from this master account.
Ask Stellar if there is a way around the minimum balance problem
Stellar says no
Make the tenant create their account by hand
Some of our tenants are not very technologically savy. This will probably be too difficult for them.
Set up a single central Mifos account
If this account is empty, no one can create new connections between Mifos and Stellar. If we have only one central account, we would have to distribute the secret seed for that central account. Anyone with access to the code (and the code is open-sourced) would have access to the lumens in the account. It would never have very many lumens, so our financial jeopardy would be low. But if someone empties the account, we can no longer create new installations.
Set up a master account for a Mifos installation
This approach solves the above problems, but how is a Mifos hoster to set up his master account?
Combination solution
Set up a single central Mifos account, create master accounts from that Mifos account upon request, create tenant accounts from those installation master accounts automatically.
The secret seed for the central Mifos account remains Mifos' secret. Should that secret be revealed, it can be replaced with a new account without forcing a redistribution of code.
The seeds for the master accounts are configurable per installation. Should they be revealed, a new account can be created and pointed to via configuration.
The seeds for the tenant accounts are saved with the other information about the tenant accounts. Should one of them be revealed, a new connection can be set up. This would only effect the tenant for whom the secret seed was revealed.
Note that the problem we solve with this is not financial jeopardy: none of these accounts contain very much money. But we do prevent a kind of hacking attack which could stop us from creating new installations or new tenants.