Skip to main content

p2panda_auth/
lib.rs

1// SPDX-License-Identifier: MIT OR Apache-2.0
2
3#![cfg_attr(docsrs, feature(doc_cfg))]
4
5//! `p2panda-auth` provides decentralised group management with fine-grained, per-member
6//! permissions.
7//!
8//! Once a group has been created, members can be added, removed, promoted and demoted. Each
9//! member has an associated access level which can be used to determine their permissions. The
10//! access levels are `Pull`, `Read`, `Write` and `Manage`. Each access level is a superset of the
11//! lower levels and can be assigned an associated set of conditions; this allows fine-grained
12//! partitioning of each access level. For example, `Read` conditions could be assigned with a
13//! path to restrict access to areas of a dataset. Finally, only members with `Manage` access are
14//! allowed to modify the group state by adding, removing, promoting or demoting other members.
15//!
16//! The access levels defined by `p2panda-auth` may prove useful when controlling replication of
17//! datasets. Custom sync protocols can be defined which rely on group membership and access
18//! levels to determine who to sync with and over which subsets of data. Access conditions can be
19//! used to define application-layer specific access rules, for example when modelling moderation
20//! rules or additional write checks.
21//!
22//! ## Features
23//!
24//! ### Eventually Consistent Group State
25//!
26//! Peers replicating group operations will all eventually arrive at the same group state, even
27//! when operations are authored concurrently or received out of order. Resolution of conflicting
28//! state happens automatically.
29//!
30//! ### Strict Group Modification
31//!
32//! Only operations authored by members with “manage” access level will be applied to the group
33//! state.
34//!
35//! ### Customisable Concurrency Resolution
36//!
37//! A group operation "resolver" is used to decide which operations should be invalidated in
38//! certain concurrent situations. While the default concurrency resolver follows a cautious
39//! "strong removal" approach, alternative approaches can be realised using custom implementations
40//! of the provided `Resolver` trait.
41//!
42//! ## Design
43//!
44//! ### Group Operations
45//!
46//! Group state is modified by the publication of group operations. Each operation is signed by
47//! the author and includes an action, along with fields to define previous operations and other
48//! dependencies. The previous field allows causal ordering of operations in relation to one
49//! another and the dependencies field allows custom application logic to define relationships
50//! between groups and group operations.
51//!
52//! ### Directed Acyclic Graph (DAG)
53//!
54//! All operations comprising a group for a Directed Acyclic Graph (DAG). This data structure
55//! allows for concurrent operations to published and later resolved by merging divergent states.
56//!
57//! ### Concurrency Resolution for Conflicting Operations
58//!
59//! Certain concurrent scenarios lead to group state conflicts which must be resolved. In such
60//! cases, all operations in the DAG are walked in a depth-first search so that any "bubbles" of
61//! concurrent operations may be identified. Resolution rules are then applied to the operations
62//! in these bubbles in order to populate a filter of operations to be invalidated. Once the
63//! offending operations have been invalidated, any dependent operations are then invalidated in
64//! turn.
65//!
66//! The provided "strong removal" resolver defines the following rules:
67//!
68//! 1) Removal or demotion of a manager causes any concurrent actions by that member to be
69//!    invalidated
70//! 2) Mutual removals, where two managers remove or demote one another concurrently, are not
71//!    invalidated; both removals are applied to the group state but any other concurrent actions
72//!    by those members are invalidated
73//! 3) Re-adds are allowed; if Alice removes Charlie then re-adds them, they are still a member of
74//!    the group but all of their concurrent actions are invalidated
75//! 4) Invalidation of transitive operations; invalidation of an operation due to the application
76//!    of the aforementioned rules results in all dependent operations being invalidated
77mod access;
78mod extension;
79pub mod graph;
80pub mod group;
81mod operation;
82#[cfg(any(test, feature = "test_utils"))]
83pub mod test_utils;
84pub mod traits;
85
86pub use access::{Access, AccessError, AccessLevel};
87pub use extension::GroupsExtensionArgs;
88pub use operation::GroupsOperation;
89
90use p2panda_core::{Hash, VerifyingKey};
91
92use crate::traits::{IdentityHandle, OperationId};
93
94impl IdentityHandle for VerifyingKey {}
95impl OperationId for Hash {}