Choose a start date for a sharing policy that's not today/tomorrow

[arjunhassard]

Currently create_policy accepts an expiration datetime and a number of duration periods, but by default the policy becomes active either a) when the grant function executes or b) at the start of the next period (i.e. within 24h)

Some Alices, across various use cases, may wish to future-date their sharing policies. For example, a staking-as-a-service company setting up a new validator instance wants its access to signing keys (and the unique conditions for that access) to commence at a specific date in the future, such that this access is synchronised with other processes/infrastructure.

Arguably this future-dating could be configured on Alice's machine, since she needs to be online and connected to the network for the policy creation in any case. On the other hand, if a re-encryption key can be generated by Alice and held by Ursulas in advance, including the condition of delayed access to a Bob, this would surely enhance the Disappearing Alice source of value (@jMyles – that's for you <3)

This would impact the first_period_value & first_period_rate – see #1063

Future ideas: sharing policy start dates based on arbitrary conditions, not just a datetime. For example, if we end up with Ursulas actively ingesting block heights from various networks, then reaching a certain epoch could trigger access for a set of pre-designated validators.

[derekpierre]

I like the idea of the feature.

Question: How does that affect the cost of the policy? Is the cost of the policy just the time from start date to expiration OR does it need to also include the time between issuance of the grant and the start date as well?

At issuance, Ursulas would be storing the kfrags, and actually enforcing a policy by not letting the policy be applicable before the start date arrives. Should the cost for the period between issuance of grant and the start-date be less since there isn't any re-encryption being done, just a witholding of execution of the policy until start-time?

[arjunhassard]

Following verbal discussion with @szotov.
Note: hereafter the time between policy creation and policy start date is the pre-activation period.

Fees
As @derekpierre points out, Ursulas are still responsible for holding the kfrags during the pre-activation period, so some retainer fee is required at a minimum. Indeed, if Alice couldn't deliver the kfrag in advance, the value of this feature is severely diminished.

However, Ursula do not technically need to be online in this period (acknowledging that in practice, they are likely to have other active policies requiring high uptime), nor perform any re-encryptions.

Hence, a lower fee, also based on duration, is likely the best answer.
Downside: extra gas costs for storing two payment metrics; shouldered by Alice, since she's invoking an advanced feature.

Revocation
If Alice wishes to cancel a policy during the pre-activation period, she can do so. However, if the corresponding Ursula is offline, then cancellation is only fully executed once Ursula returns. This is acceptable, as Alice can be sure that Ursula will not activate the policy (Ursula must come online to do so, at which point she instructed to cancel). This also does not cost extra, as fees paid for the pre-activation period can be withheld once cancelling occurs on Alice's end.

Conditional Policy Creation
This is possible, if conditions are specified as on-chain occurrences – similar to the current constraints of conditional re-encryption.

Use cases for this, as an improvement to conditional re-encryption, are not glaringly obvious. It may be that Alice does not want an active policy to be sitting on the network and on-chain (perhaps this affects her threat model slightly, or exposes meta-data to the world unnecessarily), unless specific and uncertain conditions are fulfilled in the future.

[cygnusv]

The same question applies for expiration. Currently, polices only expire on UTC midnight.

How difficult could be to change everything to overall duration in seconds?

[michwill]

I think, policies don't have to expire on UTC midnight in principle. The payment is just rounded up to integer periods, but I think, on the smart contract level, it shouldn't require that end time?

[arjunhassard]

@cygnusv @michwill Seems there are actually two separate issues contained within one here:

1. Adding to Alice's powers such that she can generate a sharing policy & kfrag that does not activate until some arbitrary future date – i.e. a new param ("commencement") similar to expiration.
2. The granularity of expiration and now, commencement. I.e. is Alice limited to choosing a duration of integer periods?