We can port this model into Ocean, where (a) is a datatoken, and (b) is a credential. The datatoken is the baseline access control. Its fungible, and something that youve paid for or had shared to you. Its independent of your identity. The credential is something thats a function of your identity or your roles in society (the RBAC part). Ocean now supports fine-grained permissions for asset-based access control. Heres how: a consumer can only access the resource if they have 1.0 datatokens and one of the credentials in the allow list of the DDO. 20 Ocean also has complementary deny functionality: if a consumer is on the deny list, they will not be allowed to access the resource. The rules combine as follows: Access = allowed denied. Allowed = everyone by default, or allow list if it has entries.

Denied = entries in deny list. Initially, the only credential supported is Ethereum public addresses. To be fair, its more a pointer to an individual, not a credential; but it has a low-complexity implementation so makes a good starting point. For extensibility, the Ocean metadata schema enables the specification of other types of credentials like W3C Verifiable Credentials and more. When this gets implemented, asset-level permissions will be properly RBAC too. Since asset-level permissions are in the DDO, and the DDO is controlled by the publisher, asset-level restrictions are controlled by the publisher. 4. Subblock: OceanDAO 4.1. The previous section described Ocean Tools to power a data ecosystem. We now discuss the next subblock in the Ocean System: OceanDAO. It addresses the questions:

Introduction How to kickstart growth? and How can the system not only self-sustain but actually improve over the decades, without guidance by a centralized actor? Our answer to this is OceanDAO: a DAO with its own treasury, active treasury management, and grants program. OceanDAO closes the loop with the rest of the Ocean System, such that growth in Ocean usage leads to more funding to teams, to work on further growing usage. This helps both short-term growth and long-term sustainability. 4.2. OceanDAO Components OceanDAO has an initial treasury from the 51% of unminted OCEAN. It converts some to ETH, DAI, etc by selling time-locked OCEAN (bonds). It grows its treasury via income from Network Revenue and from active treasury management (LPing into OCEAN-ETH and OCEAN-DAI, yield farming, etc). It spends its treasury towards rewards (e.g. Data Farming) and grants.

4.3. OceanDAO Implementation Many tools for DAOs are emerging. At the smart contract level, these include Aragon [Aragon2020a], Moloch V2 [Turley2020], DAOStack [DaoStack2020], Colony [Colony2020], and Collab.Land [CollabLand2020]. Higher-level interfaces/apps for soft-signaling or voting include Snapshot, Boardroom, Pokemol, Daohaus, Discourse, Discord, and Telegram. The DAO & governance space is evolving rapidly. Ocean will need to have flexibility to be able to learn over time. Therefore rather than deploying one perfect DAO a single time and hope that it stays perfect, we plan to bake slowly to give ample opportunity to change things. OceanDAO was deployed live on Nov 30, 2020 [Napheys2020], initially as just a grants DAO. Proposals are posted on a Ocean Port (a Discourse Forum), discussion has text chat on Ocean Discord 21 and videochat in weekly Town Halls, and voting on Snapshot. The OceanDAO wiki is a unifying connector of these tools [OceanDAOwiki].