So in designing security of our app, the ultimate solution would allow us to provide use of our app without hosting user data at all. Alternatively, we could host user data, but do so in a way that is encrypted with a key we do not have access to and couldn’t see our users’ data even if we wanted to.
I’m hoping that when the dgraph team starts planning enterprise security features, we could brainstorm ways this could be accomplished.
An interesting article about a startup called Blockstack. Our ideas are in the same vein…how can you allow users to use a service but have absolute control over the data used and generated by that service. Blockstack raises $52 million to build a parallel internet where you own all your data | VentureBeat
Hi @tamethecomplex we’re clearly barking up the same tree.
I believe that this would be a natural logical extension of the Gaia abstraction. Private keys are stored client side, and then dgraph instances can be hosted by users or by centralized entities but the data (nodes, predicates, and edges) are all encrypted. The problem if it’s hosted on untrusted infrastructure is that the topology of the graph itself is still “plain” - i.e. you can still see the general shape of the graph even if you can’t see any predicates. But I’d say if users really care, by the same token as self hosted gaia buckets you could just host the dgraph shards yourself.
Aside: I’m assuming you’re already aware of holochain and the rrDHT. I think that this model would map very well to a substrate of dgraph shards (as opposed to webasm graph shards on client browsers)