Subpool owner can remove the identity of the user from the identity list and prevent the user from any further private transaction. In that case user should be allowed to withdraw to a public eth_address attached to their account.
why would a business want this?
A single secret key controls the update of user identity list (i.e. subpool config tree root). If the subpool owner loses the secret to a hacker, the hacker can uproot all user identities and lock funds of all users of the subpool. Forced withdrawal (to a pre-approved public address) provides a way out for the users.
Subpool owner can remove the identity of the user from the identity list and prevent the user from any further private transaction. In that case user should be allowed to withdraw to a public eth_address attached to their account.
why would a business want this?
A single secret key controls the update of user identity list (i.e. subpool config tree root). If the subpool owner loses the secret to a hacker, the hacker can uproot all user identities and lock funds of all users of the subpool. Forced withdrawal (to a pre-approved public address) provides a way out for the users.