OCP-0001

Protocol/Operator Separation

Core Draft Author: OpenCrown DAO Created: 2026-01-30

OCP-0001: Protocol/Operator Separation

Abstract

This OCP establishes the separation between the OpenCrown protocol layer and the operator layer. The protocol layer consists of the Open Crown Standard specification, reference smart contracts, and governance process. The operator layer consists of services that implement and serve the protocol to end users. This separation ensures no single point of failure, enables censorship resistance, and allows permissionless participation in the ecosystem.

Motivation

Early blockchain ecosystems often relied on centralized gatekeepers that controlled access to protocol functionality. This created several problems:

  1. Single point of failure - If the gatekeeper goes offline, users lose access
  2. Censorship risk - Gatekeepers can selectively deny service
  3. Trust requirements - Users must trust the gatekeeper, not just the protocol
  4. Vendor lock-in - Switching costs discourage competition and innovation

The Open Crown Standard needs a clear architectural separation to ensure that:

Specification

Terminology

Term Definition
Open Crown Standard The specification document defining the protocol (this standard)
OpenCrown The overall ecosystem implementing this standard
OCP Open Crown Proposal - the formal process for proposing changes to the standard
Operator A service implementing the standard to serve end users
OpenCrown DAO The governance body overseeing the protocol and standard

Protocol Layer

The protocol layer consists of three components:

  1. Open Crown Standard - The specification document defining all protocol rules, data structures, and behaviors

  2. Reference Contracts - Smart contracts deployed on each supported chain that:

    • Implement Crown NFT minting and management
    • Enforce verification requirements
    • Execute heartbeat decay logic
    • Are independently deployed per chain

  3. Governance (OCPs) - The process for evolving the protocol through Open Crown Proposals

Operator Layer

Operators are services that implement the protocol for end users. Operators have defined capabilities and restrictions.

Operator Capabilities

Operators MAY:

Capability Description
Index events Read and index Crown contract events from any chain
Serve queries Provide API access to Crown and Symbol data
Curate content Flag, hide, or filter content in their UI (e.g., spam, scams)
Provide UI Build user interfaces for claiming and managing Crowns
Cache data Maintain local databases for performance
Add metadata Enrich data with off-chain information (market data, analytics)

Operator Restrictions

Operators MUST NOT:

Restriction Rationale
Create Crowns Only verified token owners can mint Crowns
Custody funds Crown ownership remains with users at all times
Modify on-chain state Operators have no special contract privileges
Bypass verification All claims require cryptographic proof
Alter proofs Verification proof hashes are immutable on-chain

Trust Model

The separation establishes a clear trust boundary:

┌─────────────────────────────────────────────────────────────┐
│                    PROTOCOL LAYER                           │
│  ┌─────────────┐  ┌─────────────┐  ┌─────────────┐        │
│  │ Open Crown  │  │  Reference  │  │ Governance  │        │
│  │  Standard   │  │  Contracts  │  │   (OCPs)    │        │
│  └─────────────┘  └─────────────┘  └─────────────┘        │
└─────────────────────────────────────────────────────────────┘
                            │
                    Implements & Serves
                            │
┌─────────────────────────────────────────────────────────────┐
│                    OPERATOR LAYER                           │
│  ┌─────────────┐  ┌─────────────┐  ┌─────────────┐        │
│  │ Operator A  │  │ Operator B  │  │ Operator C  │        │
│  │  (UI + API) │  │  (UI + API) │  │  (API only) │        │
│  └─────────────┘  └─────────────┘  └─────────────┘        │
└─────────────────────────────────────────────────────────────┘

Key principle: Users trust the protocol (contracts + standard), not the operator.

Guarantees

This separation provides the following guarantees:

Guarantee How It's Achieved
No single point of failure Multiple operators can serve the protocol independently
Censorship resistance Users can switch operators freely; all data is on-chain
Permissionless operation Anyone can become an operator by implementing the standard
Data portability All Crown data is stored on-chain and accessible to any operator

Rationale

Why Not a Single Canonical Operator?

A single canonical operator would be simpler to maintain but would reintroduce centralization risks. The protocol/operator separation adds complexity but ensures the protocol can survive the failure or malicious behavior of any single operator.

Why Allow Operator Curation?

Operators need the ability to curate (flag, hide, filter) content in their UIs to comply with local regulations and to protect users from obvious scams. However, this curation is purely at the UI layer, operators cannot modify on-chain data, and users can always switch to a different operator or access the contracts directly.

Why Independent Per-Chain Deployments?

Cross-chain messaging adds complexity, cost, and potential attack vectors. Independent per-chain deployments are simpler, cheaper, and more resilient. Coordination between chains happens at the operator layer (shared metadata databases) rather than the contract layer.

Backwards Compatibility

This OCP introduces no backwards incompatibilities. It formalizes the architecture that has been implicit in the Open Crown Standard design from the beginning.

Security Considerations

Operator Compromise

If an operator is compromised:

Operator Collusion

If multiple operators collude:

Rogue Contracts

Operators must connect to legitimate protocol contracts. Users should verify contract addresses against the official registry before interacting through any operator.

Copyright and related rights waived via CC0.