NEAR Protocol has an account names system. Account ID is similar to a username. Account IDs have to follow the rules.
- minimum length is 2
- maximum length is 64
- Account ID consists of Account ID parts separated by
- Account ID part consists of lowercase alphanumeric symbols separated by either
Account names are similar to a domain names.
Anyone can create a top level account (TLA) without separators, e.g.
near can create
alice.near. And only
alice.near can create
app.alice.near and so on.
near can NOT create
Regex for a full account ID, without checking for length:
Top level account names (TLAs) are very valuable as they provide root of trust and discoverability for companies, applications and users.
To allow for fair access to them, the top level account names that are shorter than
MIN_ALLOWED_TOP_LEVEL_ACCOUNT_LENGTH characters going to be auctioned off.
REGISTRAR_ACCOUNT_ID account can create new top level accounts that are shorter than
REGISTRAR_ACCOUNT_ID implements standard Account Naming (link TODO) interface to allow create new accounts.
def action_create_account(predecessor_id, account_id): """Called on CreateAccount action in receipt.""" if len(account_id) < MIN_ALLOWED_TOP_LEVEL_ACCOUNT_LENGTH and predecessor_id != REGISTRAR_ACCOUNT_ID: raise CreateAccountOnlyByRegistrar(account_id, REGISTRAR_ACCOUNT_ID, predecessor_id) # Otherwise, create account with given `account_id`.
Note: we are not going to deploy
registrar auction at launch, instead allow to deploy it by Foundation after initial launch. The link to details of the auction will be added here in the next spec release post MainNet.
ok bowen ek-2 ek.near com google.com bowen.google.com near illia.cheap-accounts.near max_99.near 100 near2019 over.9000 a.bro // Valid, but can't be created, because "a" is too short bro.a
not ok // Whitespace characters are not allowed a // Too short 100- // Suffix separator bo__wen // Two separators in a row _illia // Prefix separator .near // Prefix dot separator near. // Suffix dot separator a..near // Two dot separators in a row $$$ // Non alphanumeric characters are not allowed WAT // Non lowercase characters are not allowed firstname.lastname@example.org // @ is not allowed (it was allowed in the past) // TOO LONG: abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz
Data for an single account is collocated in one shard. The account data consists of the following:
- Locked balance (for staking)
- Code of the contract
- Key-value storage of the contract. Stored in a ordered trie
- Access Keys
- Postponed ActionReceipts
- Received DataReceipts
Total account balance consists of unlocked balance and locked balance.
Unlocked balance is tokens that the account can use for transaction fees, transfers staking and other operations.
Locked balance is the tokens that are currently in use for staking to be a validator or to become a validator. Locked balance may become unlocked at the beginning of an epoch. See [Staking] for details.
A contract (AKA smart contract) is a program in WebAssembly that belongs to a specific account. When account is created, it doesn't have a contract. A contract has to be explicitly deployed, either by the account owner, or during the account creation. A contract can be executed by anyone who calls a method on your account. A contract has access to the storage on your account.
Every account has its own storage. It's a persistent key-value trie. Keys are ordered in lexicographical order. The storage can only be modified by the contract on the account. Current implementation on Runtime only allows your account's contract to read from the storage, but this might change in the future and other accounts's contracts will be able to read from your storage.
NOTE: Accounts are charged recurrent rent for the total storage. This includes storage of the account itself, contract code, contract storage and all access keys.
An access key grants an access to a account. Each access key on the account is identified by a unique public key. This public key is used to validate signature of transactions. Each access key contains a unique nonce to differentiate or order transactions signed with this access key.
An access keys have a permission associated with it. The permission can be one of two types:
- Full permission. It grants full access to the account.
- Function call permission. It grants access to only issue function call transactions.
See [Access Keys] for more details.