A room-key is generated at creation by the owner that is encrypted for only them. This key will be shared on a peer-to-peer basis with each account that is invited to the room.
The membership and permissions in a room are critically important for security, since these policies are what govern who can access what on the computers by the attached Drives.
The permissions are stored in a cryptographically linked directed acyclic graph, commonly referred to as a blockchain. In addition to them being linked by secure hashing, each block is digitally signed by the owner. This means nobody but the owner can ever create blocks that are valid for the permission graph. This gives the owner of the room and Nano complete control over the room and can ensure the access policy for their Drive.
The Nanos strictly validate the graph when a room is assigned to them. They also save the heads of the graph and will require them to be present or be superseded by new valid blocks. This security measure prevents the server from maliciously omitting the top N blocks and revert some changes to the graph.
We emphasize the difference of this technology and the popular consensus protocols that are commonly referred to as “blockchains”. In our case there is no consensus, the permission policy data is always under the sole proprietorship of their owner account. We use the blockchain linkage of data blocks and their digital signature to guarantee tamper resistant storage.
The administrator role in a room effectively means that, the authorized member may send block-chain modification requests to the Nano that is attached to the room, of which the Nano will execute using the owner’s account.
This means the administrator role is not functional without a Nano attached to a room. This is necessary, as without a secure client of the owner, nobody is actually capable of modifying the permission blockchain because of the cryptographical challenges.
The owner cannot be removed from a room, ever. They also have all permissions regardless of anything stated in the blockchain.
Sharing a room using an access link will basically include the unencrypted room-key in the URL, so anyone with it can decrypt the chat and send requests to an attached Nano.
Once an anonymous share URL is public, the room’s chat is no longer private. Even if the anonymous access is turned off, “anyone” may have the key indefinitely. At this point the room’s chat is protected by the policy enforcement of the server, but not cryptography necessarily. Keep in mind, however that the policy enforcement and client controlled cryptography of the Nano provides complete cryptographic security even at this time for the Drive.