Assert Manifest Security ModelEOSIO Labs™
A layered security model for signing transactions in applications
The Assert Manifest Security Model addresses possible misrepresentations from malicious applications with enhanced user security. By introducing an Application Manifest and an Assert Contract that work in harmony, users can be sure of the true identity of the application they are using and what they are agreeing to when they sign a transaction.
Application Manifests help validate the source of the application, answering the “who do you legitimately represent?” question. The Assert Contract installed on the destination chain then provides assurance that the transactions being posted by the application are legitimate by validating transaction contents against the on-chain contents of the Application Manifest. These two share responsibility with a series of related tools like Ricardian renderers, authorization transport protocols, and others, to help deliver a secure and trusted experience to blockchain users.