Application Contexts
Last updated
Last updated
A Verida account can connect to multiple applications. These connections are called application contexts.
An application context has a unique name (ie: Verida: Markdown Editor) and provides a specific set of capabilities:
Database storage
Messaging
Block storage
Notifications
These applications contexts are accessed by applications via the Client SDK.
Application contexts are siloed from each other. A Verida account connected to one application context has no access to data in a different application context. This ensures a web application can only access data for it’s own application and not be provided with an account’s private key.
An application context is “unlocked” by a Verida account signing a consent message. The signature is unique for a given DID and context name. The signature is used as entropy to create a deterministic set of encryption keys:
Symmetric encryption key — for encrypting private data
Asymmetric encryption key — for encrypting data for other users and applications
Signing key — for signing data
These context encryption keys can only be generated from the consent signature generated by the account when logging into an application. The signature is used as a seed to create a Hierarchical Deterministic Wallet, which in turn, is used to generate multiple child keys.
When a new application context is created, metadata about the account and the context is published to the account’s DID document on the Verida DID server. This information includes:
The (asymmetric and signing) public keys
Database endpoint
Messaging endpoint
Block storage endpoint
Notification endpoint
This allows other users and applications in the Verida network to discover information per context:
The endpoint used to communicate with an account
Encrypt data for an account using it’s public asymmetric key
Verify data signed by an account using it’s public signing key
Through this approach, user’s have complete control over where their personal data is stored.
