FoldDB System Design Document

Table of Contents

1. Introduction
2. System Overview
3. Key Components
   1. Node
   2. Schema
   3. Transform
   4. FoldDB Core
4. Component Details
   1. Node
   2. Schema
   3. Transform
   4. FoldDB Core
5. Security Architecture
6. Payment Integration
7. Authentication System
8. Data Access Policies
9. Conclusion

Introduction

In today's digital landscape, user data is typically stored on company servers. FoldDB changes this paradigm by returning data control to users. Applications run in FoldDB nodes where their network access is restricted to only pre-approved queries within the FoldDB network. Data leaks are prevented because users approve all data access permissions through schemas with explicit permission policies.

Schemas have immutable definitions and updatable transforms. These transforms allow data updates in one schema to affect all other relevant schemas. Data access through any schema is eventually consistent. Schemas are published with immutable definitions, ensuring permanence. A micropayment system funds successful schemas, enabling continued development of new and more useful schemas. The result is a new relationship between applications and users where users maintain full control of their data.

System Overview

FoldDB operates on a network of nodes, each managing trust relationships, schemas, and transforms that define the structure and policies of the data they handle. Schemas are immutable once published, ensuring consistency across the network. The system supports dynamic data transformations through transforms, enabling real-time updates and integrations with external applications via secure authentication endpoints.

Key Components

The FoldDB system consists of four primary components:

Component Details

Node Details

Functionality

The Node component provides these capabilities:

• Network Connectivity - Establishes and maintains connections with other nodes
• Trust Management - Handles trust relationships with connected nodes
• Schema Hosting - Stores and serves schemas for queries by other nodes
• Authentication Endpoint - Provides secure access for third-party applications

Interactions

Nodes interact with the network through these mechanisms:

1. Incoming Connections - Accepts connections from other nodes for queries
2. Outgoing Connections - Connects to other nodes to request data
3. Authentication Requests - Handles authentication from third-party applications
4. Trust Relationship Management - Establishes and maintains trust with other nodes

Schema Details

Functionality

The Schema component provides these capabilities:

• Data Structure Definition - Specifies fields and subfields using JSON format
• Field-Level Policies - Defines read/write permissions for each field
• Immutable Publication - Ensures schema definitions remain consistent
• Trust Policy Mapping - Maps trust levels to access permissions

Field Policies

Schemas support these permission policies:

• R:1 - Read by nodes up to one distance away
• W:1 - Write by nodes up to one distance away
• R:0 - Only readable by authenticated user applications
• R:n - Readable by anyone
• R:X1/R:Xn - Readable by explicitly approved entities once or until revoked
• W:X1/W:Xn - Writable by explicitly approved entities once or until revoked

Transform Details

Functionality

The Transform component provides these capabilities:

• Source Integration - Utilizes multiple source schemas for data conversion
• Transformation Model - Maintains a model for converting between schemas
• Automatic Triggering - Activates when source schemas are updated
• Data Consistency - Ensures consistent data across different schemas

Implementation

Transforms are implemented with these features:

1. Multiple Inputs - Accepts data from multiple source schemas
2. Single Output - Produces data conforming to the target schema
3. Update Monitoring - Detects changes in source schemas
4. Conversion Logic - Applies transformation rules to source data

FoldDB Core Details

Functionality

The FoldDB Core component provides these capabilities:

• Hierarchical Data Organization - Structures data from schema to atoms
• Data Atom Management - Stores and retrieves immutable data atoms
• Version History - Maintains complete history of data changes
• Permission Enforcement - Ensures compliance with schema policies

Data Atom Structure

Each data atom contains:

• Timestamp - When the data was created or modified
• Transforms Log - Record of transformations applied
• Schemas Log - Pointers to specific schema fields
• Originating Source - Reference to the node that created the data
• Content - The actual data, which may include external links

Security Architecture

FoldDB implements these security measures:

Authentication and Authorization

• Public Key Authentication - Verifies identity using cryptographic keys
• Permission Policies - Enforces field-level access control
• Trust Distance - Limits access based on network proximity
• Explicit Approvals - Requires explicit permission for sensitive operations

Data Protection

• Immutable Data - Prevents unauthorized modifications
• Version History - Tracks all changes for auditability
• Encryption - Protects data in transit and at rest
• Node Blacklisting - Excludes nodes that introduce invalid data

Access Control

• Field-Level Permissions - Controls access at the most granular level
• Trust-Based Access - Scales permissions based on trust relationships
• One-Time Keys - Limits scope and duration of application access
• Revocation Mechanisms - Allows removal of previously granted permissions

Payment Integration

FoldDB integrates payments through:

Lightning Network

• Micropayments - Enables small payments for data access
• Hold Invoices - Supports complex operations with payment holds
• Payment Verification - Ensures payment before data access
• Trust-Based Pricing - Adjusts costs based on trust relationships

Fee Structure

• Base Rates - Establishes minimum payment thresholds
• Schema Multipliers - Applies schema-specific pricing factors
• Field Multipliers - Enables field-level pricing control
• Trust Scaling - Adjusts costs based on trust distance

Authentication System

FoldDB provides authentication through:

Endpoint System

• Secure Endpoints - Exposes authentication interfaces for applications
• One-Time Keys - Issues temporary access credentials
• User Approval - Requires explicit user consent for data access
• Scope Limitation - Restricts access to approved schemas only

Integration Options

• OAuth Support - Integrates with standard authentication protocols
• Application Authentication - Verifies application identity
• User Authentication - Confirms user identity and permissions
• Audit Logging - Records all authentication activities

Data Access Policies

FoldDB enforces these data policies:

Granular Control

• Field-Level Policies - Defines access at the field and subfield level
• Proximity-Based Access - Limits access based on network distance
• Application-Based Access - Restricts data to authenticated applications
• Public Access - Allows open access where appropriate

Policy Enforcement

• Immutable Policies - Ensures consistent enforcement once published
• Node Enforcement - Requires nodes to enforce all policies
• Revocation Support - Enables removal of ongoing access permissions
• Policy Verification - Validates policy compliance for all operations

Conclusion

The FoldDB system provides a decentralized framework for managing and querying data across interconnected nodes with trust and security mechanisms. By using immutable schemas, granular permissions, and dynamic transforms, FoldDB ensures data integrity, consistency, and secure access. The integration of micropayments facilitates a sustainable ecosystem for data sharing and schema development, making FoldDB a versatile solution for user-controlled data management.