Privy resources, such as wallets and policies, are controlled by a user, an authorization key, or a key quorum. These are known as owners.

Owners have the ability to update a resource, such as updating the rules for a policy or updating the policies assigned to a wallet. Owners can also update the owner for a resource they control, enabling transfer of control over resources.

With wallets, owners also have the ability to take actions with the wallet, such as signing messages or sending transactions.

Privy also enables custom configurations of owners, so that you can configure different owners to have different permissions over resources. You can additionally update these owner configurations over time, given authorization from an existing owner, allowing you to update controls over resources as needed.

Learn more about three types of owners: users, authorization keys, and key quorums.

Users

Users of your application can own and take actions with wallets and are represented by the Privy user ID. You can assign users to a resource or execute actions with a user key by passing the user ID in your request.

Authorization keys

Authorization keys are a P256 cryptographic key that allow any party that controls the key to take actions from wallets. You can assign authorization keys to a resource or execute actions with authorization keys by signing the request with the respective private key.

Common examples of authorization keys include:

  • app keys, which are controlled by your app’s server, and allow your app to execute requests
  • passkeys, following the WebAuthn standard, which allow users to easily sign and execute requests with a P256 key

Key quorums

Owners can also be composed of a mix of user keys and authorization keys. This is known as a key quorum.

Key quorums have an authorization threshold that defines how many keys in the quorum must sign a request for the aggregated signature to be valid. You can use key quorums to implement use cases such as:

  • Allowing users or apps to sign requests from user wallets
  • Requiring both users and apps to sign requests from user wallets
  • Requiring a distributed set of authorization keys to sign requests from a wallet

Key quorums are an advanced integration. To determine if key quorums are right for your use case, please reach out.