Verida Documentation
  • Welcome
  • Network Overview
  • Start Building
  • Verida Wallet
  • Whitepapers
  • Glossary
  • Protocol
    • Core concepts
      • Design Principles
      • Decentralized Identity
      • Confidential Databases
      • Confidential Compute
      • Accounts and Identity
      • Data Storage
      • Application Contexts
      • Messaging
      • Schemas
      • Data Sharing
    • Client SDK
      • Getting Started
      • How It Works
      • Authentication
      • Data
      • Queries
      • Permissions
      • Messaging
      • Account Profiles
      • Events
      • Command Line Tools
      • Configuration
      • React Native
      • Advanced
    • Verida Connect SDK
      • Getting Started
      • WebUser
      • WalletConnect Support
      • Authentication Server
    • Blockchain Bridge
    • Run a Node
      • Database Node
        • Setup
        • Operations
        • FAQ
      • Compute Node
    • Verida Networks
  • Extensions
    • Credentials
      • Verifiable Credentials Developer SDK
      • cheqd Credential Service
      • Privado ID (fmr Polygon ID)
      • zkPass credentials
      • Reclaim Protocol credential
    • Verida URIs
    • Vue Components
Powered by GitBook
On this page
  • Security
  • Discoverability

Was this helpful?

  1. Protocol
  2. Core concepts

Application Contexts

PreviousData StorageNextMessaging

Last updated 10 months ago

Was this helpful?

A Verida account can connect to multiple applications. These connections are called application contexts.

An application context has a unique name (ie: Verida: Markdown Editor) and provides a specific set of capabilities:

  • Database storage

  • Messaging

  • Block storage

  • Notifications

These applications contexts are accessed by applications via the Client SDK.

Application contexts are siloed from each other. A Verida account connected to one application context has no access to data in a different application context. This ensures a web application can only access data for it’s own application and not be provided with an account’s private key.

Security

An application context is “unlocked” by a Verida account signing a consent message. The signature is unique for a given DID and context name. The signature is used as entropy to create a deterministic set of encryption keys:

  • Symmetric encryption key — for encrypting private data

  • Asymmetric encryption key — for encrypting data for other users and applications

  • Signing key — for signing data

These context encryption keys can only be generated from the consent signature generated by the account when logging into an application. The signature is used as a seed to create a Hierarchical Deterministic Wallet, which in turn, is used to generate multiple child keys.

Discoverability

When a new application context is created, metadata about the account and the context is published to the account’s DID document on the Verida DID server. This information includes:

  • The (asymmetric and signing) public keys

  • Database endpoint

  • Messaging endpoint

  • Block storage endpoint

  • Notification endpoint

This allows other users and applications in the Verida network to discover information per context:

  • The endpoint used to communicate with an account

  • Encrypt data for an account using it’s public asymmetric key

  • Verify data signed by an account using it’s public signing key

Through this approach, user’s have complete control over where their personal data is stored.