Security and Privacy
Overview
FoldDB implements a comprehensive security model built on public key authentication, trust-based access control, and schema-enforced data operations. The system integrates security at every level, from authentication and permissions to payments and data access.
graph TD
subgraph Node[FoldDB Node]
Data((User Data))
subgraph Access[Access Control]
S1{{Medical Schema}}
S2{{Social Schema}}
S3{{Public Schema}}
end
subgraph Security[Security Layer]
PK[Public Key Auth]
TD[Trust Distance]
PM[Payment Manager]
end
Data --> Security
Security --> Access
S1 --> |Validate| Security
S2 --> |Validate| Security
S3 --> |Validate| Security
end
Doctor([Doctor]) --> |Auth + Payment| S1
Friend([Friend]) --> |Auth + Trust| S2
Public([Public]) --> |Auth + Payment| S3
S1 --> |Encrypted + Verified| Doctor
S2 --> |Encrypted + Verified| Friend
S3 --> |Encrypted + Verified| Public
X1([Unauthorized]) --> |Rejected| Security
X2([Unpaid]) --> |Rejected| Security
Core Security Components
1. Authentication System
- Public key based authentication
- Secure key management
- Certificate validation
- Access token handling
- Session management
2. Trust-Based Access Control
graph TD
A[User A] -->|Trust Level 1 <br> Full Access| B[User B]
B -->|Trust Level 2 <br> Limited Access| C[User C]
A -->|Trust Level 3 <br> Minimal Access| C
B -->|Trust Level 1 <br> Full Access| D[User D]
C -->|Trust Level 2 <br> Limited Access| D
- Trust distance calculations
- Permission scaling
- Access level determination
- Relationship tracking
- Trust verification
3. Schema-Enforced Security
- Field-level permissions
- Data validation rules
- Access control policies
- Payment requirements
- Transform validation
4. Payment Verification
- Lightning Network integration
- Payment confirmation
- Hold invoice validation
- Transaction verification
- Payment state tracking
Security Architecture
Data Access Flow
sequenceDiagram
participant C as Client
participant A as Auth System
participant T as Trust Manager
participant P as Permission Manager
participant S as Schema Manager
participant D as Data Store
C->>A: Authenticate (Public Key)
A->>T: Calculate Trust Distance
T->>P: Check Permissions
P->>S: Validate Schema Access
S->>D: Access Data
D-->>C: Return Encrypted Result
Privacy Features
1. Data Control
- Local data storage
- Encrypted transmission
- Schema-enforced access
- Trust-based sharing
- Payment-gated access
2. Access Management
- Granular permissions
- Field-level control
- Trust relationship management
- Payment configuration
- Access auditing
3. Data Protection
- Immutable versioning
- Atomic operations
- Encrypted storage
- Secure transmission
- Access logging
Security Measures
1. Authentication
- Public key verification
- Session management
- Token validation
- Access control
- Key rotation
2. Authorization
- Trust distance validation
- Permission checking
- Payment verification
- Schema validation
- Access logging
3. Data Security
- Field-level encryption
- Secure transmission
- Version control
- Audit trails
- Error handling
Best Practices
1. Key Management
- Secure key storage
- Regular key rotation
- Certificate management
- Access token handling
- Session security
2. Trust Management
- Regular trust updates
- Relationship verification
- Access monitoring
- Trust distance audits
- Permission reviews
3. Payment Security
- Payment verification
- Invoice validation
- Transaction monitoring
- Fee calculation
- Payment state tracking
4. Error Handling
- Security error logging
- Access violation tracking
- Payment failure handling
- Trust calculation errors
- Schema validation issues
Security Considerations
- Regular security audits
- Trust relationship monitoring
- Payment verification checks
- Schema security reviews
- Access pattern analysis
- Error recovery procedures
- Version control security
- Data integrity checks