Verida Documentation
  • Welcome
  • Network Overview
  • Start Building
  • Verida Wallet
  • Whitepapers
  • Glossary
  • Protocol
    • Core concepts
      • Design Principles
      • Decentralized Identity
      • Confidential Databases
      • Confidential Compute
      • Accounts and Identity
      • Data Storage
      • Application Contexts
      • Messaging
      • Schemas
      • Data Sharing
    • Client SDK
      • Getting Started
      • How It Works
      • Authentication
      • Data
      • Queries
      • Permissions
      • Messaging
      • Account Profiles
      • Events
      • Command Line Tools
      • Configuration
      • React Native
      • Advanced
    • Verida Connect SDK
      • Getting Started
      • WebUser
      • WalletConnect Support
      • Authentication Server
    • Blockchain Bridge
    • Run a Node
      • Database Node
        • Setup
        • Operations
        • FAQ
      • Compute Node
    • Verida Networks
  • Extensions
    • Credentials
      • Verifiable Credentials Developer SDK
      • cheqd Credential Service
      • Privado ID (fmr Polygon ID)
      • zkPass credentials
      • Reclaim Protocol credential
    • Verida URIs
    • Vue Components
Powered by GitBook
On this page
  • Security
  • Discoverability

Was this helpful?

  1. Protocol
  2. Core concepts

Application Contexts

PreviousData StorageNextMessaging

Last updated 10 months ago

Was this helpful?

A Verida account can connect to multiple applications. These connections are called application contexts.

An application context has a unique name (ie: Verida: Markdown Editor) and provides a specific set of capabilities:

  • Database storage

  • Messaging

  • Block storage

  • Notifications

Application contexts are siloed from each other. A Verida account connected to one application context has no access to data in a different application context. This ensures a web application can only access data for it’s own application and not be provided with an account’s private key.

Security

An application context is “unlocked” by a Verida account signing a consent message. The signature is unique for a given DID and context name. The signature is used as entropy to create a deterministic set of encryption keys:

  • Symmetric encryption key — for encrypting private data

  • Asymmetric encryption key — for encrypting data for other users and applications

  • Signing key — for signing data

Discoverability

When a new application context is created, metadata about the account and the context is published to the account’s DID document on the Verida DID server. This information includes:

  • The (asymmetric and signing) public keys

  • Database endpoint

  • Messaging endpoint

  • Block storage endpoint

  • Notification endpoint

This allows other users and applications in the Verida network to discover information per context:

  • The endpoint used to communicate with an account

  • Encrypt data for an account using it’s public asymmetric key

  • Verify data signed by an account using it’s public signing key

Through this approach, user’s have complete control over where their personal data is stored.

These applications contexts are accessed by applications via the .

These context encryption keys can only be generated from the consent signature generated by the account when logging into an application. The signature is used as a seed to create a , which in turn, is used to generate multiple child keys.

Client SDK
Hierarchical Deterministic Wallet