Dweb - Keys, Locks and Authentication
This page is user documentation of the Authentication and Key management library.
It builds on the Lists demo.
There are a few key concepts.
- Key: A Public/Private key pair owned by a user.
- Lock or ACL: A control put on an object to control who can access it.
- Token: Controls access for one Key to one Lock.
- KeyChain: A collection of Keys, Locks, and Master items.
- Locked Items: something secured with a Lock.
- Master Items: are thing that you control access to, this means owning the private key that they are locked with.
- DwebObjects.keychains: is the list of KeyChains currently logged into.
- Login Key: The private key pair generated for each user, the private part is really private - never stored online.
These concepts interleave, for example a Token is a symetric key, encrypted with one of the Public keys in the accessing person's KeyChain.
First step is to register.
- Click on the Bundle of Keys at the top right.
- A login box should appear; click on "Register"
- A registration dialogue should appear;
- Select a user name, this name may be seen by other people, it doesn't have to be unique, but its probably a good idea to use a longer one as others may see it.
- Enter a long passphrase which should be easy for you to remember, and hard for others to guess. This is not stored anywhere (not even on your computer) and so cannot be recovered.
- Hit Register
- - At the moment nothing happens when you do so, more functionality will be built here
To access anything you need to login with one or more of your identities.
- If you just registered you will already be Logged in
- - At the moment, the Login dialogue doesnt close, though you've been logged in, and can close the dialog to check.
- Next time you can just login with the user name and passphrase.
- - At the moment it doesnt check that this user exists (see note above about nothing happening on registration)
- Everything now is happening within the context of this User.
- Note you can login more than once (e.g. with a personal, and company id), and most things will use the combination of the two KeyChains, with the most recent being the default for Locking.
- We call each of these a Login Key and its never stored online, or (unless you cut and paste it somewhere) on your own machine.
Now you need a key
- Click on the name for your id
- A list of your Keys, Locks, and Master Items appears, it will be empty if you've just registered.
- Click "New Key" - the "New Key" dialogue appears
- Enter a name for the key, this is a name personal to you, for example everyone might have a key called "Front Door"
- A new private/public key pair is generated, the private part will only ever be stored encrypted with your Login key.
- Click on the newly made key and you'll see a URL with a long cryptic key, you can copy this to your clipboard, and share it with someone trying to give you access.
- Go ahead and create another key.
Anything your protect needs a lock, a single lock can be used with multiple Locked Items. Now lets create a lock.
- Clock on yor name, and then on "New Lock"
- As for the key, give it a name that means something to you.
- The private key for this lock controls who can add people to the lock, and the public key is how others can refer to it.
Adding Keys to Locks
You can add people to a lock, only people you add can access a Locked Item.
See more demos
- Click on the newly created lock
- The link icon gives a copy dialogue so you can get the Lock's URL.
- Click on "New Token", a dialogue opens.
- Give the Token a name, this is what you know them by, so for example "Mary at work".
- Paste the URL you got from the Key
- If you want to add the same person to a different lock then you can click on the Token and copy the URL from the box that opens.
- - the plan is to add a drop-down of existing used tokens here.
- Note that if you don't add one of your own keys to a resource then you won't be able to read it yourself.
Creating locked resources.
See example_versions.html for creating a locked version list.