Access Control ################# Single user ============== By default only the owner of a Nano has exclusive access to the resources being shared. The owner can issue administrative commands that change the Nano's configuration. Administrative commands will require the owner to provide a password specific to their Nano. This provides some security for the worst case scenario, when the owner's account is effectively stolen by a malicious party. .. _security-access-conrol-room-reference: Multiple user rooms ==================== The only way other Nano clients may request anything from the owner's Nano client is through a room. Rooms are entities on the server that the owner creates. A Nano client can be bound to a room using a drive. Rooms have a configuration stored by the server that contains the membership and group permissions. Room encryption ---------------- Room configurations are stored on the server. On the server, room configurations form a digitally signed DAG (directed acyclic graph) blockchain. This helps in keeping them secure against manipulation. Only the owner is able to make blocks that their Nano will accept. The server is denied the possibility of omitting the top N blocks because the Nano client will save the hashes of the top blocks. This helps in lie-of-ommission events. If blocks become missing the owner will need to re-validate the room-config and attach it to the Nano's resource. All rooms have a secret key that is automatically shared with new members. This key is used to encrypt server-powered features. The key is also used as salt for the end-to-end encryption key that the Nano expects for a specific room. Room configuration ------------------- The server cannot manipulate the config of the room, but it can read it. By doing so the server can provide pre-filtering for requests. For example an account that is not authorized to access a room will be denied by the server to send a request. (The Nano client would not accept it anyways.) Other configuration options will allow you to set whether anonymous access is allowed (by share-link). You can also configure content editing, content sharing, administrative and room access permissions for each individual user. The message board of a room can be configured to be read only. This way only the owner and the appointed administrators and moderators will be able to create new messages. Room permissions ----------------- The owner has absolute control over the permissions of their room. In case of very populated rooms, the owner may want to allow trusted accounts to help in administrative tasks. Members in a room-config can be appointed the administrator role. This grants them the unique permission to ask the Nano to perform room-config changes in their name. Anonymous access ----------------- By default only the owner and invited, authorized users can access the room. This can be overridden in the room configuration so that anonymous users may also see the contents of the room. This configuration enables a room specific share-link. This share link contains the room secret key. The enabled link can be used by anonymous collaborators to enter the room and see it's contents unencrypted.