IMO a universal and easier to reason about solution is you have a threshold signing wallet created across a series of remotely attestable cloud enclaves like Google/Azure Confidential VMs, AWS Nitro Enclaves, and even TPM2.0 enabled baremetal.
Deploy an open source, deterministically buildable, stateless, and immutable, unikernel OS to all platforms that enforces strict signing policies on a multisig wallet address signed and owned by whoever requested that wallet to be created.
End users will not need to trust the custodian as they will have access the remote attestation interface to prove systems they pay for are running expected binaries and thus obey the rules. A user then asks those systems to generate a wallet with a policy that grants the custodian the ability to transact only specific maximum amounts per day, with an automatic dead-mans-switch that always signs/exports an updated escape-hatch transaction sweeping all funds that a user can publish at any time.
It is possible, per the above, to create custodians with no raw access to key material that are provably bound to the terms a user agreed to on deposit.
This accountable computing setup ends up looking a lot like off-chain smart contracts. It could be used to ensure any type of user owned cryptographic key material can only be used by a SaaS according to user defined policies.
I am working with several custodians on implementing this type of accountability right now.
Anyone that fails to have a good proof-of-funds solution is going to become irrelevant in the medium term and hopefully illegal in the long term.
Deploy an open source, deterministically buildable, stateless, and immutable, unikernel OS to all platforms that enforces strict signing policies on a multisig wallet address signed and owned by whoever requested that wallet to be created.
End users will not need to trust the custodian as they will have access the remote attestation interface to prove systems they pay for are running expected binaries and thus obey the rules. A user then asks those systems to generate a wallet with a policy that grants the custodian the ability to transact only specific maximum amounts per day, with an automatic dead-mans-switch that always signs/exports an updated escape-hatch transaction sweeping all funds that a user can publish at any time.
It is possible, per the above, to create custodians with no raw access to key material that are provably bound to the terms a user agreed to on deposit.
This accountable computing setup ends up looking a lot like off-chain smart contracts. It could be used to ensure any type of user owned cryptographic key material can only be used by a SaaS according to user defined policies.
I am working with several custodians on implementing this type of accountability right now.
Anyone that fails to have a good proof-of-funds solution is going to become irrelevant in the medium term and hopefully illegal in the long term.