How to operate a standards body using the Guardian

[AlexIvanHoward]

Let’s say I am a standards body and I have 10 employees. Each of my 10 employees should be able to create policies, modules, schemas and tokens, and each of the 10 should be able to perform the standard registry (“Owner”) role in all the Guardian policies that we host. I would like to have a unique DID for each of my employees, so that, in the unfortunate scenario of discovering that one of them is corrupt, I can clearly trace the history of their actions on my system and take targeted corrective actions. I do, however, only want a single account on the Hedera network for my standards body, associated with a single DID, by which I can be identified and trusted by the rest of the world. How can I achieve this with the Guardian in its current form?

Current Guardian limitations to consider:

1. Only one active session per user account is allowed. I.e., at any given point in time, only one of my employees can be logged into my standards body’s “standard registry user” account.
2. No two user accounts on a Guardian instance can share the same combination of Hedera account ID + DID.
3. A Guardian user can only interact with policies on their own Guardian instance. I.e., if I were to set up a Guardian instance for each of my employees, Employee A will not be able to perform work, whether as a standard registry user or as a regular user, on a policy published by Employee B, unless Employee A logs out of their Guardian instance and into Employee B’s Guardian instance. To perform work specifically as a standard registry user on Employee B’s policies, Employee A will not only have to log into Employee B’s Guardian instance, but will have to do so using Employee B’s credentials.