#newt $NEWT @NewtonProtocol #NEWT
i originally thought a policy was just a fixed rule uploaded once and followed forever.
Newton separates reusable Rego policy logic from the configuration attached to a PolicyClient. Its owner can provide parameters such as thresholds, exposure limits or approved-address lists, and the Gateway passes that flat JSON configuration into the policy as data.params.
That changes the design.
The underlying logic can remain the same while its enforcement boundary changes. One application may configure a larger limit. Another may apply the same rule with a tighter one.
A PolicyClient configuration also includes expireAfter, but this does not expire or refresh the parameters themselves. It determines the block window during which an attestation can still be executed. Set it too short and users may not have enough time to complete the transaction. Set it too long and the approval remains usable for a wider security window.
i originally thought a policy was just a fixed rule uploaded once and followed forever.
Newton separates reusable Rego policy logic from the configuration attached to a PolicyClient. Its owner can provide parameters such as thresholds, exposure limits or approved-address lists, and the Gateway passes that flat JSON configuration into the policy as data.params.
That changes the design.
The underlying logic can remain the same while its enforcement boundary changes. One application may configure a larger limit. Another may apply the same rule with a tighter one.
A PolicyClient configuration also includes expireAfter, but this does not expire or refresh the parameters themselves. It determines the block window during which an attestation can still be executed. Set it too short and users may not have enough time to complete the transaction. Set it too long and the approval remains usable for a wider security window.