search

reseau-constellation / constellation

Le système distribué et ouvert pour le partage de données scientifiques.
https://réseau-constellation.ca
GNU Affero General Public License v3.0
7 stars 1 forks source link

Support Privacy and Access control #8

Closed TheRook closed 8 months ago

TheRook commented 1 year ago

I am working with LabDAO and the New Atlantas citizens science project and we were also looking at OrbitDB for storage of scientific data. We like Orbit, however Peerbit maybe a better fit because it allows for searching of large datasets, encryption of sensitive information and better security features and access control over OrbitDB.

https://github.com/dao-xyz/peerbit

Maybe these features align with your project.

julienmalard commented 1 year ago

Hello, Thanks for the suggestion! I'm definitely open to considering other "back-ends" (if we can use that word for distributed systems) for Constellation. Of course, such a change would be a large amount of work, not to mention compatibility questions with existing datasets.

I had a few questions on Peerbit:

  1. Does Peerbit work with multiple devices? Orbit does not have this built-in but Constellation implements this functionality on top of Orbit.

  2. How does Peerbit work with encryption, and with multiple devices per peer? The main reason I did not include encrypion to restrict read access in Constellation is that we would need to reencrypt everything if someone loses or removes a device, which is impossible due to the CRDT nature of Orbit-DB.

  3. How does the searching algorithm work?

  4. Does Peerbit require a blockchain to work?

Thanks!

TheRook commented 1 year ago

A bit of background, I am a security engineer and I have worked with healthcare providers and in fintech and I am helping LabDAO out with a shared platform that can be used for a wide range of biological data, which could be used in the healthcare space, which butts up against HIPPA.

  1. Peerbit is a fork of Orbit, so it has all of the orbit core features - but adds features that are useful in medical sciences where privacy preservation is a fundamental requirement.
  2. Peerbit uses a system of shared keys, but more than that you can enforce access control. The loss of a physical device is possible, but not the most common why that people get hacked. From a regulatory and security engineering perspective, lost devices is an OpSec concerns that has its own mitigation practices.
  3. It is a clever way of doing Map Reduce on a distributed dataset.
  4. No blockchain what so ever, the point is that it is free - that anyone can pick it up have have a private distributed database. (There are still merkel proofs and advanced cryptography to support identity and repudiation)
julienmalard commented 8 months ago

Closing this as we have transfered the interface here and core Constellation code here. Feel free to continue the discussion there if you would like. In the meantime, I'll keep looking at PeerBit and its possibilities.