Firstly for this to work each maybe you need gateway relationship to be verified bi-laterally, i.e. a gateway to gateway trust relationship is pre-established, I am not sure this exists in the Ripple model which is why I think there is a problem - is this what you mean by federation.
this is precisely what i mean by federation.
Each buyer and seller legitimise the asset with each gateway involved e.g. deposit asset in escrow or reserve somehow.
The buyer sends the transaction request to the sellers gateway to buy the asset (with the relevant buy/sell asset ids from each gateway)
The sellers gateway initiates a transaction on the block chain which is seen by buyers gateway and this is validated by forging as legitimate (e.g. 10 confirms?)
The buyers gateway then confirms the transaction by re-submitting again to be validated by forging to confirm the buyer honours the contract.
The two gateways can then release the escrow asset to the buyer and seller respectively.
The transaction ledger could be the NXT blockchain, once the transaction is validated by forging the seller gateway releases the asset to the buyer and the buyer gateway releases the asset to the seller.
The buyer/seller gateways would get their fees from the buyer/seller respectively
There is a NXT fee for each of the transactions involved.
What I am trying to achieve is the gateways are acting to ensure the safe transfer of an asset between two parties but maybe this is too hard complicated?
For widespread adoption there needed to be trust in the integrity of the transaction and that should be down to whether Anon, Bob or Sally tokens have a different trust level.
Without some level of transaction legitimacy validated by NXT itself I fear we would have a massive dispute resolution problem with scam buyers as much of a problem as scam sellers.
ok so for all of the gateways that want to federate create a multig address to hold the btc that acts as reserve for the FederatedBTCTokens. If bob issues 5 FederatedBTCTokens than he also deposits 5 btc in the multisig address. Lets say bob and betty are federated. The FederatedBTCToken that bob issued is claimed at betty's gateway. Betty signs the transaction and publishes her signed transaction on the NXT blockchain. Of course its a multisig account so 1 signature is not enough. Bob is monitoring the blockchain. He sees the signed transaction. He downloads the transaction from the blockchain, adds his signature, and then broadcasts the transaction.
bob feels safe because he knows betty can not steal his btc without his signature. the buyer feels safe because he knows the btc is in reserve and that if bob were to attempt to misbehave than betty would offer some protection against this. betty feels safe because she is not extending a line of credit to bob, there is 100% reserve in a shared address.
Do I have this right? I think its a great idea if i do.
