ERC-5585 — ERC-721 NFT Authorization

Back to Token Standards

ERC-5585: ERC-721 NFT Authorization

ERC-5585 separates NFT ownership from per-rights authorization. The owner holds the NFT; specific "rights" (commercial use, derivative work, display, license-back) can be authorised to other parties for bounded periods. Differs from rentals (ERC-4907) and roles (ERC-7432) in that rights are typed enums standardising what can be granted:

• commercial — commercial use rights.
• derivative — right to make derivative works.
• redemption — right to redeem associated benefits.
• display — right to publicly display.

The standard defines the rights enum + the grant mechanism; applications check authorization for whichever rights matter to them.

Required Interface

interface IERC5585 {
    event AuthorisationUpdate(uint256 indexed tokenId, address indexed user,
                              uint8 rights, bool authorised);

    function authoriseRight(uint256 tokenId, address user, uint8 rights, bool authorised) external;
    function isAuthorised(uint256 tokenId, address user, uint8 rights) external view returns (bool);
    function authorisedUsersOf(uint256 tokenId, uint8 rights)
        external view returns (address[] memory);
}

The rights byte indexes into a typed enum (commercial / derivative / redemption / display / etc.); applications check isAuthorised(tokenId, msg.sender, RIGHT_ID) as their authorization gate.

Neo Equivalent: NEP-11 + Per-(tokenId, rights, user) Storage

public static void AuthoriseRight(ByteString tokenId, UInt160 user, BigInteger rights, bool authorised)
{
    if (!Runtime.CheckWitness(OwnerOf(tokenId))) throw new Exception("NEP11:NotOwner");

    var key = AuthKey(tokenId, rights, user);
    if (authorised) Storage.Put   (Storage.CurrentContext, key, 1);
    else            Storage.Delete(Storage.CurrentContext, key);
    OnAuthorisationUpdate(tokenId, user, rights, authorised);
}

public static bool IsAuthorised(ByteString tokenId, UInt160 user, BigInteger rights)
{
    // Owner always has every right.
    if (OwnerOf(tokenId).Equals(user)) return true;
    return Storage.Get(Storage.CurrentContext, AuthKey(tokenId, rights, user)) is not null;
}

ERC-5585 (Ethereum)	Neo Equivalent	Notes
authoriseRight(tokenId, user, rights, bool)	AuthoriseRight(...) owner-witness-checked	Direct port
isAuthorised(tokenId, user, rights)	IsAuthorised(...) view honouring owner-default
authorisedUsersOf(tokenId, rights)	AuthorisedUsersOf(tokenId, rights) enumerated via Find
Rights enum constants	Application-defined BigInteger constants	Convention

Standard Rights Constants

By convention (subject to per-collection extension):

• 0 = COMMERCIAL — commercial use of the NFT's content.
• 1 = DERIVATIVE — make derivative works.
• 2 = REDEMPTION — redeem associated physical / digital benefits.
• 3 = DISPLAY — public display rights.

Custom rights can be added by extending the constant set; off-chain tools maintain a registry mapping numeric IDs to human-readable names.

Composition

• ERC-7432 — NFT roles. ERC-7432 is the generalisation; ERC-5585 standardises a small enum for the most common content-rights cases.
• ERC-4907 — rental NFT. Compose: rental grants display + redemption rights; doesn't grant commercial.
• ERC-5375 — NFT author + consent. Author retains commercial / derivative rights even after sale unless explicitly granted.
• ERC-2981 — royalties. Royalty splits per granted right (commercial sub-licensing pays the original author).

Migration Notes

For content-licensing NFT collections:

1. Define your rights enum in a comment / off-chain registry.
2. Owner grants are owner-witness-checked; revocation is the same path with authorised = false.
3. Consuming contracts (display platforms, derivative-work marketplaces) call IsAuthorised(tokenId, msg.sender, RIGHT) before serving content.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

contract ERC5585 {
    mapping(uint256 => mapping(uint8 => mapping(address => bool))) internal _authorised;

    event AuthorisationUpdate(uint256 indexed tokenId, address indexed user,
                              uint8 rights, bool authorised);

    function authoriseRight(uint256 tokenId, address user, uint8 rights, bool authorised) external {
        // ... owner check ...
        _authorised[tokenId][rights][user] = authorised;
        emit AuthorisationUpdate(tokenId, user, rights, authorised);
    }

    function isAuthorised(uint256 tokenId, address user, uint8 rights) external view returns (bool) {
        return _authorised[tokenId][rights][user];
    }
}

using System;
using System.ComponentModel;
using System.Numerics;
using Neo;
using Neo.SmartContract.Framework;
using Neo.SmartContract.Framework.Attributes;
using Neo.SmartContract.Framework.Native;
using Neo.SmartContract.Framework.Services;

namespace R3E.Examples;

[DisplayName("AuthorisedNFT")]
[ContractPermission("*", "*")]
[SupportedStandards(NepStandard.Nep11)]
public class AuthorisedNFT : Nep11Token<TokenState>
{
    public override string Symbol => "AUTH";

    public const byte RIGHT_COMMERCIAL = 0;
    public const byte RIGHT_DERIVATIVE = 1;
    public const byte RIGHT_REDEMPTION = 2;
    public const byte RIGHT_DISPLAY    = 3;

    private const byte Prefix_Auth = 0xE0;

    [DisplayName("AuthorisationUpdate")]
    public static event Action<ByteString, UInt160, BigInteger, bool> OnAuthorisationUpdate;

    public static void AuthoriseRight(ByteString tokenId, UInt160 user, BigInteger rights, bool authorised)
    {
        if (!Runtime.CheckWitness(OwnerOf(tokenId))) throw new Exception("NEP11:NotOwner");
        var key = AuthKey(tokenId, rights, user);
        if (authorised) Storage.Put   (Storage.CurrentContext, key, 1);
        else            Storage.Delete(Storage.CurrentContext, key);
        OnAuthorisationUpdate(tokenId, user, rights, authorised);
    }

    public static bool IsAuthorised(ByteString tokenId, UInt160 user, BigInteger rights)
    {
        if (OwnerOf(tokenId).Equals(user)) return true;  // owner has every right
        return Storage.Get(Storage.CurrentContext, AuthKey(tokenId, rights, user)) is not null;
    }

    public static UInt160[] AuthorisedUsersOf(ByteString tokenId, BigInteger rights)
    {
        var iter = Storage.Find(Storage.CurrentContext, AuthPrefix(tokenId, rights),
                                FindOptions.KeysOnly | FindOptions.RemovePrefix);
        var list = new System.Collections.Generic.List<UInt160>();
        while (iter.Next()) list.Add((UInt160)(byte[])iter.Value);
        return list.ToArray();
    }

    private static byte[] AuthKey(ByteString tokenId, BigInteger rights, UInt160 user)
        => new byte[] { Prefix_Auth }.Concat(tokenId)
            .Concat((ByteString)(byte[])rights.ToByteArray()).Concat(user);

    private static byte[] AuthPrefix(ByteString tokenId, BigInteger rights)
        => new byte[] { Prefix_Auth }.Concat(tokenId).Concat((ByteString)(byte[])rights.ToByteArray());
}

Display-Platform Integration

public static void DisplayContent(UInt160 nftContract, ByteString tokenId, UInt160 displayPlatform)
{
    var ok = (bool)Contract.Call(nftContract, "isAuthorised", CallFlags.ReadOnly,
        new object[] { tokenId, displayPlatform, AuthorisedNFT.RIGHT_DISPLAY });
    if (!ok) throw new Exception("PLATFORM:NotAuthorised");
    // ... serve content ...
}