FULA Security Layer
- Start Date: 2022-02-27
- RFC PR: functionland/docs/pull/74
- Functionland Issue: functionland/docs/issues/65
- Status: Draft
- Authors: Jamshid
- Reviewers: Masih, Aaron
Authentication and encrypted data storage are the main structural elements for decentralized networks and Web3 applications. By default, IPFS does not encrypt the data persisted to it. This means that if someone has a CID, they can access the data without the author's permission. The fula-sec layer aims to solve this, so that data owners can have full control over how their data is accessed.
The fula-sec layer is broken down into the following fundamental building blocks:
- Decentralized Identity (DID)
- Box Authentication
What Security Protocols Implemented
We aim not only to encrypt the data, but also to verify its valid data and use a key exchange mechanism. The key exchange mechanism remains the DID (Decentrilized Identity) mechanism. In the table below, you can see which algorithm was used for what purpose.
|Ed25519||Edwards-curve Digital Signature Algorithm(EdDSA)|
|AES||Advanced Encryption Standard Algorithm (AES)|
|JWS||A JSON Web Signature (abbreviated JWS) is an IETF-proposed standard (RFC 7515) for signing arbitrary data.|
|JWE||JSON Web Encryption (JWE) is an IETF standard providing a standardised syntax for the exchange of encrypted data, based on JSON and Base64.|
- Content Access Revoke
- Storing DID document in L3 blockchain
- A box owner can associate multiple peer addresses with a DID.