Overview
Overview of DALP's security architecture covering authentication, authorization, identity and compliance, on-chain compliance modules, and wallet verification as layered defenses for digital asset operations.
Purpose
This section documents DALP's security architecture as a set of layered controls that protect digital asset operations from identity verification through on-chain enforcement.
- Doc type: Reference
What you'll find here
- Authentication mechanisms across console and API access
- Authorization model with role-based and resource-level controls
- On-chain identity and compliance enforcement via ERC-3643
- Modular compliance rules that govern token transfers
- Wallet verification gates for blockchain write operations
Defense-in-depth model
DALP enforces security at every platform layer. No single control failure grants unauthorized access to digital assets.
| Layer | Control | Enforced by |
|---|---|---|
| Identity | Authentication (session, API key, SSO) | Asset Console, Unified API |
| Access | Role-based and resource-level authorization | Unified API middleware |
| Transaction | Wallet verification (PIN, TOTP, backup codes) | Unified API before blockchain writes |
| On-chain | Identity claims and compliance modules | SMART Protocol (ERC-3643) |
| Custody | Provider policy evaluation and MPC signing | Key Guardian, custody providers |
Each layer operates independently. A compromised session token is blocked by wallet verification. A bypassed API authorization check is blocked by on-chain compliance. Custody provider policies provide the final gate before any transaction reaches the blockchain.
Section pages
| Page | Description |
|---|---|
| Authentication | Identity provider options, session management, passkeys, and enterprise SSO |
| Authorization | Role-based access control, resource-level permissions, and permission inheritance |
| Identity and compliance | On-chain identity (ERC-734/735 OnchainID), KYC/AML claims, and verification lifecycle |
| Compliance modules | Modular transfer rules, country restrictions, investor limits, and time-based locks |
| Wallet verification | PIN, TOTP, and backup code verification for blockchain write operations |
Trust boundaries
Three trust boundaries define the security perimeter:
- Platform boundary -- between external users/systems and DALP's API surface. Controlled by authentication and rate limiting.
- Execution boundary -- between the API layer and the Execution Engine. Controlled by authorization and input validation.
- Chain boundary -- between the Execution Engine and the blockchain. Controlled by wallet verification, on-chain compliance, and custody provider policies.
See also
- Signing flow for the complete transaction security sequence
- Key Guardian for cryptographic key protection
- SMART Protocol integration (ERC-3643) for on-chain security enforcement
- Authorization for role-based access control
- Custody Providers for MPC custody integration
Supported Networks
Reference for blockchain networks supported by the DALP platform, covering EVM-compatible Layer 1 mainnets, Layer 2 rollups, testnets, and private consortium networks with their configuration differences.
Authentication
DALP implements multi-method authentication using Better Auth with passkeys, API keys, session cookies, and wallet verification. Enterprise SSO protocols are supported via installable plugins but are not active by default.