Securitize Logo

DS Protocol — The Trust and Registry Services

Go to the profile of Jorge Serna

by Jorge Serna

This is the third post in our series describing the details of Securitize’s Digital Securities Protocol (DS Protocol). After our initial introductory post, we introduced the basic interfaces for the Protocol in the second post.

This post will concentrate on two specific DS Protocol Services:

  • The Trust Service
  • The Registry Service

In particular, we will look at the role they play when working with Exchanges so that they can support DS Tokens.

The Trust Service

The Trust Service allows for the coordination of activities between different actors in the DS Protocol. This is managed via the roles that the Trust Service can assign to different Ethereum addresses. DS Services take into consideration the roles of those invoking any of their methods, in order to allow or deny certain actions. For instance, the issuer control functions that we described when talking about the DS Token are only offered to actors that have the ISSUER role assigned.

The roles contemplated in the first code release for the DS Protocol are described in the DSTrustServiceInterface:

<em>// Role constants</em>
<strong>uint8</strong> <strong>public</strong> <strong>constant</strong> NONE = 0;<strong>uint8</strong> <strong>public</strong> <strong>constant</strong> MASTER = 1;<strong>uint8</strong> <strong>public</strong> <strong>constant</strong> ISSUER = 2;<strong>uint8</strong> <strong>public</strong> <strong>constant</strong> EXCHANGE = 4;

One typical use of the Trust Service is for an Issuer to authorize an Exchange so that they can add new investors into the Registry Service. To do this, the Exchange will provide the Issuer with the wallet address (or addresses) that they will use for the DS Protocol operations. The Issuer will then register the wallet as an EXCHANGE role via the Trust Service method defined in the DSTrustServiceInterface:

<pre><strong>function</strong> setRole(<strong>address</strong> _address, <strong>uint8</strong> _role) <strong>public</strong> <em>/*onlyMasterOrIssuer*/</em> <strong>returns</strong> (<strong>bool</strong>);</pre>

This will give the Exchange permission to add new investor information into the Registry Service.

The Registry Service

The Registry Service keeps an on-chain register of the investors that may hold the DS Token. To protect investor privacy, the stored data does not include personal identification information, only the relevant attributes to determine the investor category (relevant for regulatory purposes).

The canonical way to get the correct Investor Registry address is to query it from the DS Token via the DSServiceConsumerInterface, using the method:

<pre><strong>function</strong> getDSService(<strong>uint8</strong> _serviceId) <strong>public</strong> view <strong>returns</strong> (<strong>address</strong>);</pre>

with the appropriate service ID

<pre>DSServiceConsumerInterface. REGISTRY_SERVICE</pre>

Relevance of the Registry Service

The Registry Service is much more than a simple whitelist of authorized wallets. The Registry Service is what allows the DS Protocol to provide investor-centric capabilities to its DS Tokens.

By supporting an entity (i.e. the Investor) that has its own unique identifier and can have one or more wallets assigned to it, DS Tokens move beyond the limitations of traditional ERC20 tokens.

On top of that, the Registry Service holds investor attributes that can identify an investor as a member of a generic category: an accredited U.S. investor, a retail Germany investor, etc. This characterization is fundamental to fulfilling the goal of applying regulatory constraints to trades. We will look more at this when we discuss the Compliance Service, but it is important to realize that said Compliance Service would not be able to provide its functions if not for the information provided by the Registry Service.

Adding an investor to the Registry Service

The DSRegistryServiceInterface includes all methods required to interact with the Registry Service. Both Issuers and Exchanges (authorized via the Trust Service) will have to interact with it to add new investors, so that they can be part of issuances and secondary trades.

The usual process to add investor information to the Registry Service is:

  1. Register the investor, using the method:

<pre><strong>function</strong> registerInvestor(<strong>string</strong> _id, <strong>string</strong> _collision_hash) <strong>public</strong> <em>/*onlyExchangeOrAbove*/</em> <strong>returns</strong> (<strong>bool</strong>);</pre>

If an investor with the same ID is already present in the Registry, the operation will throw. In that case, a different Investor ID must be used.

2. Assign a Country to the Investor, using the method:

<strong>function</strong> setCountry(<strong>string</strong> _id, <strong>string</strong> _country) <strong>public</strong> <em>/*onlyExchangeOrAbove*/</em> <strong>returns</strong> (<strong>bool</strong>);

The country value will be the country code in ISO 3166–1 alpha-2 code.

3. Add relevant attributes to the Investor, using the method:

<strong>function</strong> setAttribute(<strong>string</strong> _id, <strong>uint8</strong> _attributeId, <strong>uint256</strong> _value, <strong>uint256</strong> _expiry, <strong>string</strong> _proofHash) <strong>public</strong> <em>/*onlyExchangeOrAbove*/</em> <strong>returns</strong> (<strong>bool</strong>);

The parameters for setAttribute() include:

  • The attribute ID, from a set of defined attributes in the interface:
uint8 public constant NONE = 0;<strong>uint8</strong> <strong>public</strong> <strong>constant</strong> KYC_APPROVED = 1;<strong>uint8</strong> <strong>public</strong> <strong>constant</strong> ACCREDITED = 2;<strong>uint8</strong> <strong>public</strong> <strong>constant</strong> QUALIFIED = 4;<strong>uint8</strong> <strong>public</strong> <strong>constant</strong> PROFESSIONAL = 8;
  • The value of the Attribute, from the values:
uint8 public constant PENDING = 0;uint8 public constant APPROVED = 1;uint8 public constant REJECTED = 2;
  • The expiration date for this attribute. This will use the standard format of seconds since Unix epoch, to be able to be properly compared to the current block timestamp in the relevant transactions.
  • A hash for documented off-chain proof of the given attribute. For instance, a hash of an archive containing the ID images used for KYC and the report from a KYC provider. The actor (for instance the Issuer or an Exchange) providing this hash should be able upon regulatory request to provide the original document which generated this hash.

4. Add wallet addresses belonging to this Investor, using the method:

<strong>function</strong> addWallet(<strong>address</strong> _address, <strong>string</strong> _id) <strong>public</strong> <em>/*onlyExchangeOrAbove*/</em> <strong>returns</strong> (<strong>bool</strong>);

This operation will fail if the wallet is already assigned to another Investor.

Ready to receive tokens

Once an Investor is added to the Registry Service, they will be ready to start receiving tokens, either at the initial issuance or in a secondary trade. Of course, being registered is a required step, but that is not enough. Besides registration, it is also necessary that the Investor attributes match the specific criteria required by the issuance or secondary trade.

We will discuss that in our next post when we look at the Compliance Service, which holds the specific rules that govern the issuance and holding of DS Tokens.

Securitize delivers trusted global solutions for creating compliant digital securities. The Securitize compliance platform and protocol provide a proven, full-stack solution for issuing and managing digital securities (security tokens). Securitize’s innovative DS Protocol has the highest adoption rate in the industry and enables seamless, fully compliant trading across multiple markets simultaneously. Multiple Securitize powered digital securities are already trading globally on public marketplaces with many more in the pipeline.

You can learn more about Securitize at our website:

And you can join the conversation about the Digital Securities revolution in our Telegram channel.

This site is operated by Securitize, Inc. (“Securitize”), which is not a registered broker-dealer. Securitize does not give investment advice, endorsement, analysis or recommendations with respect to any digital securities. All digital securities powered by Securitize’s technology are offered by, and all information related thereto is the responsibility of, the applicable issuer of such digital securities. Neither Securitize nor any of its officers, directors, agents and employees makes any recommendation or endorsement whatsoever regarding any digital securities powered by Securitize’s technology. Nothing on this website should be construed as an offer, distribution or solicitation of any digital securities. Securitize does not provide custodial services in connection with any digital securities powered by Securitize’s technology.