The PPOM version you received comprises mainly two components:

1. PPOM Docker: This image includes the engine and exposes no I/O operations other than a network operation to the Compliance Proxy.
2. Compliance Proxy: Exposes routes for a node provider and our CDN for data updates. It is a version of the open-source proxy, Caddy. We use Docker Compose to orchestrate the containers

Main Goals

• Complete Privacy
  • PPOM can’t access the internet
  • PPOM would only have the ability to perform read-only operations from remote CDN for data updates
  • PPOM can’t query information about a specific contract/address as this may be an information leak
• Proof of Compliance
  • The user has the ability to control what resources PPOM can access

Setup

https://lucid.app/lucidchart/e165f6ce-bfcb-4142-b49b-4b58dd7011f5/edit?viewport_loc=-1051%2C-211%2C2721%2C1274%2C0_0&invitationId=inv_60df535d-130d-4c27-9d3a-7ac16fdd329c

PPOM

PPOM Runs as an REST-API server in docker. PPOM doesn’t have internet access but the docker network. PPOM uses the Compliance Proxy in order to access some network resources.

Compliance Proxy

In order to ensure compliance, we configured a proxy to allow only specific resources access:

• Node access (for all chains)
• Specific S3 bucket This bucket is holding live update files to be fetched periodically each few hours
  • the bucket would hold addresses & pricing information

the use has the ability to audit the proxy and its configuration, and its future logs to ensure privacy compliance.

Current solution - Caddy As a simple open-source solution we used Caddy - The client only needs to audit the configuration to ensure compliance. Our configuration sets up a few proxies that only work for the specific bucket and configured nodes.