Within a Rayls Private Network, there are several different user roles that exist. Let's take a look:

Private Network Participants are transacting institutions that connect their Rayls Privacy Node to a Private Network to exchange tokens of value with other institutions.

The Operator is the authority of the Private Network. They install the Private Network and only they have the power to enforce governance within the permissioned network.

The Auditor is the regulator of the Private Network. They have read-only access to the Private Network, are responsible for validating state and transaction proofs, and may have the power to decrypt transaction data from the Private Network Hub.

As Private Network Participants have been covered in detail on the Rayls Privacy Nodes page, let's dive deeper on the Operator and Auditor roles.

Private Network Operator

A Private Network's Operator is empowered to enforce governance rules and make changes to how the Private Network operates.

🚧
Note that only the Operator's private key is able to execute updates to the Private Network Operator smart contract.

Below is a summary of the governance features available to Operators in Rayls.

Governance methods

Approve / reject member registration - add / delete members from member registry
Approve / reject token registration - add / delete tokens from token registry
Assign and update Private Network member roles (Issuer, Participant and Auditor are default options)
Freeze / unfreeze member - prevents / enables a Rayls Privacy Node from sending / receiving messages or tokens across the Private Network
Query state validation ‘Flagger’ to identify cryptographic proof anomalies between expected state and reported state of Rayls Privacy Node balances (used to ensure Private Network consistency and security)

Rayls Operator tools

Included within the Rayls Operator installation package are the following tools:

Rayls Operatorr API - enforce governance rules directly into the Operator smart contracts
Rayls Custody - update Governance contracts via the Rayls Custody API
Governance engine - inter-connected governance smart contracts, with Operator-only authentication
Rayls Auditor Application - the auditor view is the access for authorised users to visualize the information decrypted.

Private Network Auditor

A Private Network's Auditor is empowered to continuously cryptographically validate the Private Network's state and transactions. They may also be able (in accordance with the Private Network Governance Charter) to peek into the private transactions between Rayls Privacy Nodes, stored on then Private Network Hub.

Private Network Auditors are able to "peek" into encrypted transactions as they performed a Diffie-Hellman (DH) key exchange with each Rayls Privacy Node when they joined the Private Network. These DH keys are what enables them to decrypt transactions stored on the Private Network Hub, enabling them to regulate the network. These DH keys are stored within Rayls Custody (or another preferred key custody solution).

To keep things simple, think of the Auditor role as having limited read-only access to the cross-private-network transactions that pass through the Private Network hub (not inside the Rayls Privacy Nodes). If they identify non-compliant transactions, then they may (if allowed / required by the Governance Charter of the Private Network) inform the Operator, who can then take action (e.g. freeze a member).

This interplay between an Auditor that monitors and flags (read-only) and a Operator who can enforce rules and changes to the system (write-only) enables a powerful separation of responsibilities. Alternatively, the approach also enables a Private Network Operator to play both of these roles at the same time. This is a design choice for the Operator to make when setting up their Private Network.

ℹ️
Currently the Operator and Auditor roles managed from the same infrastructure, but we are currently working to technically segregate these roles such that they can be managed by different entities.

Auditor methods

Query the list and statuses of members registered with the Private Network (Member Registry)
Query the list and statuses of tokens registered with the Private Network (Token Registry)
Query token balances held by each Rayls Privacy Node (individually and aggregated)
Validate state commits to proactively prevent double spend
Decrypt and query cross-private-network transactions and transaction statuses between Rayls Privacy Node within the transaction (block) explorer

Private Network roles

Private Network Operator

🚧
Note that only the Operator's private key is able to execute updates to the Private Network Operator smart contract.

Governance methods

Rayls Operator tools

Private Network Auditor

ℹ️
Currently the Operator and Auditor roles managed from the same infrastructure, but we are currently working to technically segregate these roles such that they can be managed by different entities.

Auditor methods

Private Network Operator

🚧Note that only the Operator's private key is able to execute updates to the Private Network Operator smart contract.

Governance methods

Rayls Operator tools

Private Network Auditor

ℹ️Currently the Operator and Auditor roles managed from the same infrastructure, but we are currently working to technically segregate these roles such that they can be managed by different entities.

Auditor methods

🚧
Note that only the Operator's private key is able to execute updates to the Private Network Operator smart contract.

ℹ️
Currently the Operator and Auditor roles managed from the same infrastructure, but we are currently working to technically segregate these roles such that they can be managed by different entities.