RIP-011 — Pull-Secured Account
Status: Draft Derived semantics
RIP-011 defines the Pull-Secured Account (PSA): a minimal custody container whose structure is implied once authorization exists as explicit, time-bounded machine state.
Purpose
A PSA is not an account abstraction or wallet UX standard. It is a value-holding primitive designed to enforce authorization-bounded execution under the Permissioned Pull model.
Key properties
- No unilateral push of value
- No owner, admin, or privileged role
- Outbound transfers only via permissioned pull (RIP-001)
- All execution bounded by Authorization Objects (RIP-100)
- Non-upgradeable, minimal attack surface
Relationship to other RIPs
- RIP-100 — defines Authorization Objects
- RIP-001 — defines permissioned pull execution
- RIP-002 (optional) — registry for observability and revocation
Together, these proposals imply that push-based custody is structurally incomplete. The PSA closes this gap by aligning custody semantics with explicit authorization state.
Specification
Specification (canonical):