Open asabya opened 2 weeks ago
This ACT implementation will build upon the existing pod sharing functionality available in fairOS-dfs, but with a key enhancement. Instead of sharing the pod sharing reference directly, we'll wrap that reference using ACT and share the ACT's historyRef
.
Once access is granted to a pod, the specific grantee will import the historyRef
, open the pod, and access its files. Even if someone else obtains the historyRef
, they won't be able to access the sharing information because of the access control enforced by ACT.
These imported Access Controlled Pods (ACPs) will be listed differently from regular shared pods, distinguishing them within the system.
Furthermore, the ACT integration in fairOS-dfs will include additional features such as:
By incorporating these features, fairOS-dfs enhances transparency and control over data sharing. Users can manage permissions more effectively, ensuring that sensitive information is only accessible to authorized individuals.
What is the implementation plan for lists and keeping them up-to date ?
The plan is straightforward, similar to how we store pods: we serialize the ACT list as a JSON blob and save its reference in a Single Owner Chunk (SOC) with topic ACT File
.
{
"acts": [
{
"name": "SharedDocuments",
"historyRef": "abc123...",
"createdAt": "2023-10-02T12:34:56Z",
"grantees": [
{
"publicKey": "def456...",
"grantedAt": "2023-10-02T12:35:00Z"
},
{
"publicKey": "ghi789...",
"grantedAt": "2023-10-02T12:36:00Z"
}
],
"content": [
{
"podName": "ProjectFiles",
"reference": "jkl012...",
"addedAt": "2023-10-02T12:37:00Z"
}
]
}
]
}
NOTE: there might be small changes in the json while implementation
Access control is a critical feature for fairOS-dfs to ensure secure and flexible data sharing among users. With the recent availability of the Access Control Trie (ACT) natively in Swarm, we have the opportunity to enhance fairOS-dfs by integrating this feature.
However, the native implementation of ACT in Swarm is node-based, meaning that only a node can act as a publisher or grantee, lacking the concept of a user within the access control mechanism.
Problem Statement
Proposed Solution
Integrate
swarm-act
into fairOS-dfs to enable user-based access control by:Tasks
Research and Analysis
Design User-Based Access Control Mechanism
Implement Integration
swarm-act
with user keys.Testing and Validation
Documentation
References