diff --git a/src/manage-data/dataProtector/types.md b/src/manage-data/dataProtector/types.md index 9940edd..9688152 100644 --- a/src/manage-data/dataProtector/types.md +++ b/src/manage-data/dataProtector/types.md @@ -2,129 +2,97 @@ Types in DataProtector. -## GrantedAccess +## πŸ”‘ GrantedAccess -### dataset +### dataset: `string` -`string` +- Address of the `protectedData` containing user data -Address of the `protectedData` containing user data +### datasetprice: `string` -### datasetprice +- Price (iun nRLC) to charge the user specified in `requesterrestrict` for each + use of this `protectedData` -`string` +### volume: `string` -Price (iun nRLC) to charge the user specified in `requesterrestrict` for each -use of this `protectedData` +- Number of authorized uses of this `protectedData`; each use decrements this + counter -### volume +### tag: `string` -`string` +- Defines whether a `protectedData` is usable in a TEE environment; `0x00` is + TEE while `0x03` is non-TEE -Number of authorized uses of this `protectedData`; each use decrements this -counter +### apprestrict: `string` -### tag +- Address of the authorized application; a value of 0x0 indicates any + application may access this data -`string` +### requesterrestrict: `string` -Defines whether a `protectedData` is usable in a TEE environment; `0x00` is TEE -while `0x03` is non-TEE +- Address of the requester authorized to use this `protectedData` in workloads; + a value of 0x0 indicates any requester may use this data -### apprestrict +### workerpoolrestrict: `string` -`string` +- Address of the decentralized infrastructure (worker pool) authorized to + execute the application; a value of 0x0 indicates any worker pool may access + this data -Address of the authorized application; a value of 0x0 indicates any application -may access this data +### salt: `string` -### requesterrestrict +- Random value to make an order unique and reusable as nonce in a blockchain + transaction -`string` +### sign: `string` -Address of the requester authorized to use this `protectedData` in workloads; a -value of 0x0 indicates any requester may use this data +- Order signature of all the `grantedAccess` fields -### workerpoolrestrict +## πŸ” ProtectedData -`string` +### name: `string` -Address of the decentralized infrastructure (worker pool) authorized to execute -the application; a value of 0x0 indicates any worker pool may access this data +- Name specified when the protected data was created. This piece of information + is public and visible on-chain. -### salt +### address: `Address` -`string` +- Ethereum address of the protected data. -Random value to make an order unique and reusable as nonce in a blockchain -transaction +### owner: `Address` -### sign +- Ethereum address of the protected data owner. -`string` +### schema: `DataSchema` -Order signature of all the `grantedAccess` fields +- Data schema for the protected data as defined when the protected data was + created (see [protectedData](./dataProtectorCore/protectData.md)). `schema` + provides a structured representation of the protected data format and + attributes. This field plays a crucial role in understanding and interpreting + the underlying structure of the sensitive information. -## ProtectedData +### creationTimestamp: `number` -### name +- Timestamp specifying when the protected data was created, expressed in + milliseconds since the epoch. This timestamp provides precise information + about the moment of creation and can be used for chronological ordering or + time-based operations. -`string` +### multiaddr: `string` | `undefined` -Name specified when the protected data was created. This piece of information is -public and visible on-chain. +- The multiaddr field is the IPFS path of your encrypted data. -### address +## ❌ RevokedAccess -`Address` +### access: [`GrantedAccess`](#πŸ”‘-grantedaccess) -Ethereum address of the protected data. +- The granted access that was revoked. -### owner +### txHash: `string` -`Address` - -Ethereum address of the protected data owner. - -### schema - -`DataSchema` - -Data schema for the protected data as defined when the protected data was -created (see [protectedData](./dataProtectorCore/protectData.md)). `schema` -provides a structured representation of the protected data format and -attributes. This field plays a crucial role in understanding and interpreting -the underlying structure of the sensitive information. - -### creationTimestamp - -`number` - -Timestamp specifying when the protected data was created, expressed in -milliseconds since the epoch. This timestamp provides precise information about -the moment of creation and can be used for chronological ordering or time-based -operations. - -### multiaddr - -`string` | `undefined` - -The multiaddr field is the IPFS path of your encrypted data. - -## RevokedAccess - -### access - -[`GrantedAccess`](./types.md#grantedaccess) - -The granted access that was revoked. - -### txHash - -`string` - -The ID of the transaction that happened on iExec's side chain. You may view -details on the transaction using the [iExec explorer](https://explorer.iex.ec). +- The ID of the transaction that happened on iExec's side chain. You may view + details on the transaction using the + [iExec explorer](https://explorer.iex.ec). _Hash example:_ `0xc9c2d58fc01fe54149b7daf49a0026d4ab1fdd3d10fb7c76350790fff03fe24d` @@ -133,14 +101,13 @@ _Hash example:_ `0xc9c2d58fc01fe54149b7daf49a0026d4ab1fdd3d10fb7c76350790fff03fe You can read more about he iExec Explorer [here](https://protocol.docs.iex.ec/for-developers/toolbox/iexec-explorer). -## SuccessWithTransactionHash - -### txHash +## βœ… SuccessWithTransactionHash -`string` +### txHash: `string` -The hash of the transaction that happened on iExec's side chain. You may view -details on the transaction using the [iExec explorer](https://explorer.iex.ec). +- The hash of the transaction that happened on iExec's side chain. You may view + details on the transaction using the + [iExec explorer](https://explorer.iex.ec). _Hash example:_ `0xc9c2d58fc01fe54149b7daf49a0026d4ab1fdd3d10fb7c76350790fff03fe24d` diff --git a/src/manage-data/guides/create-and-share-access.md b/src/manage-data/guides/create-and-share-access.md index 40ba3f4..b91de13 100644 --- a/src/manage-data/guides/create-and-share-access.md +++ b/src/manage-data/guides/create-and-share-access.md @@ -9,12 +9,9 @@ description: **Want to keep your data private while still using it in confidential applications?** -Here's how DataProtector works: first you encrypt your data, then manage your -orders to control exactly who can access it, how many times, and at what price. - -Once data is protected, it's only accessible inside secure enclaves (TEEs) by -the specific people and iApps you authorize through the orders you create. No -exceptions. +DataProtector lets you encrypt data and control access through orders - +specifying who can use it, how many times, and at what price. Protected data is +only accessible in secure enclaves (TEEs) by authorized users and iApps. ## Installation @@ -65,15 +62,14 @@ console.log('Protected data address:', protectedData.address); ### What You Can Protect -**Data**: Any JSON object with custom keys. Think user profiles, API -credentials, datasets, model parameters - anything you want to keep private but -still use in computations. +**Data**: Any kind of data you want to keep private and make available for +computations by authorized users and iApps. -**Supported types**: Strings, numbers, booleans, nested objects, files (convert -to ArrayBuffer first), and arrays (convert to Record format). +**Supported types**: Common data types like text, numbers, true/false values, +and files. See the [full list here](/manage-data/dataProtector/types). -**Limits**: File size depends on your storage choice (IPFS or Arweave). For -large datasets, consider using another IPFS node. +**Storage**: Store your data on IPFS or Arweave. For larger files, you can use +your own IPFS node. ::: tip @@ -106,12 +102,15 @@ const protectedData = await dataProtectorCore.protectData({ ## Grant Access -**Here's the key:** The protocol blocks all access to your protected data by -default. You must explicitly grant permission for each app and user combination. -By doing this, you publish signed orders that ensure your protected data stays -private while controlling access to it. +By default, your protected data is private. To let others use it, you need to +grant access to both: + +- An authorized user (who can trigger the processing) +- An authorized iApp (the application that will process the data in the private + environment) -Once you own protected data, here's how to share access: +This ensures that only specific users can use specific applications to process +your data. Here's how to set it up: ```ts twoslash import { IExecDataProtectorCore, getWeb3Provider } from '@iexec/dataprotector'; diff --git a/src/manage-data/guides/handle-schemas-dataset-types.md b/src/manage-data/guides/handle-schemas-dataset-types.md index a6885cb..17d865c 100644 --- a/src/manage-data/guides/handle-schemas-dataset-types.md +++ b/src/manage-data/guides/handle-schemas-dataset-types.md @@ -86,6 +86,11 @@ MIME types manually. ## Why Schemas Matter +- **Clarity**: Makes your data easier to understand and reuse +- **Safety**: Ensures iExec apps don’t process the wrong data +- **Structure**: Facilitates structured communication between **front-end and + iApp logic** + ### 🎯 **For iApp Development** Schemas let your iApps validate and process data safely: diff --git a/src/manage-data/what-is-protected-data.md b/src/manage-data/what-is-protected-data.md index eb29223..44afe22 100644 --- a/src/manage-data/what-is-protected-data.md +++ b/src/manage-data/what-is-protected-data.md @@ -5,54 +5,205 @@ description: Understanding iExec's data protection mechanisms # ❓ What Is Protected Data? -Protected Data is iExec's revolutionary approach to data privacy and ownership. -It allows you to maintain control over your data while enabling computation on -it without exposing the raw information. +Protected Data refers to any data encrypted using the **iExec Data Protector +tool**. This end-to-end encryption solution enables users to protect, manage and +monetize their data within the Web3 ecosystem. -## Key Concepts - -### Data Ownership - -- **You own your data**: The original data never leaves your control -- **Granular permissions**: Decide who can access and use your data -- **Revocable access**: Grant and revoke permissions at any time - -### Privacy-Preserving Computation - -- **Encrypted processing**: Data is encrypted during computation -- **TEE (Trusted Execution Environment)**: Secure enclaves protect data during - processing -- **Zero-knowledge**: Compute on data without revealing it +
+

Unlike standard datasets, Protected Data exposes its data types on-chain (for example, indicating that it contains an email address or a photo). This allows anyone to identify entries with the corresponding types.

+
-### Monetization +## Key Concepts -- **Data marketplaces**: Sell access to your protected data -- **Usage tracking**: Monitor how your data is being used -- **Fair compensation**: Get paid for data usage +### πŸ‘‘ Data Governance + +
+ +
+
+
+ β€’ +
+ You own your data: The original data never leaves your control +
+
+
+ β€’ +
+ Granular permissions: Decide who can access and use your data +
+
+
+ β€’ +
+ Revocable access: Grant and revoke permissions at any time +
+
+
+
+ +### πŸ”’ Privacy-Preserving Computation + +
+ +
+
+
+ β€’ +
+ Encrypted Processing: Maintains a complete chain of trust. +
+
+
+ β€’ +
+ TEE (Trusted Execution Environment): Secure enclaves protect data during processing +
+
+
+ β€’ +
+ Secret storage: Secrets stored in a TEE database. +
+
+
+
+ +### πŸ’° Monetization + +
+ +
+
+
+ β€’ +
+ Data marketplaces: Sell access to your protected data +
+
+
+ β€’ +
+ Usage tracking: Monitor how your data is being used +
+
+
+ β€’ +
+ Fair compensation: Get paid for data usage +
+
+
+
## How It Works -1. **Protect**: Encrypt and register your data on the iExec network -2. **Share**: Grant access permissions to specific users or applications -3. **Monitor**: Track usage and maintain control -4. **Monetize**: Earn from your data while keeping it private +
+
+
+ 1. +
+ Protect: Encrypt and register your data on the iExec network +
+
+
+ 2. +
+ Share: Authorize specific users and applications to access your data +
+
+
+ 3. +
+ Monitor: Track usage and maintain control +
+
+
+ 4. +
+ Monetize: Earn from your data while keeping it private +
+
+
+ 5. +
+ Compute: Authorized users can compute on your data with the authorized iApps +
+
+
+
## Use Cases -- **Personal Data**: Health records, financial data, personal preferences -- **Business Intelligence**: Market research, customer analytics, proprietary - datasets -- **AI Training**: Training models without exposing sensitive data -- **Research**: Collaborative research with privacy guarantees +
+
+
+ πŸ‘€ +

Personal Data

+
+ +
+ +
+
+ 🏒 +

Business Intelligence

+
+ +
+ +
+
+ πŸ€– +

AI Training

+
+ +
+ +
+
+ πŸ”¬ +

Research

+
+ +
+
+ +
+

Ready to protect your data? Start with our DataProtector guides and learn how to secure your sensitive information while unlocking its value.

+
## Next Steps -Ready to protect your data? Check out: - -- [Getting Started with DataProtector](/manage-data/dataProtector/getting-started) -- [DataProtector Guides](/manage-data/guides) - ---- - -_Protect your data, maintain control, and unlock its value with iExec's -DataProtector._ +
+
+
+ πŸ“š +
+ Learn More: Complete DataProtector Documentation +
+
+
+ πŸš€ +
+ Getting Started: DataProtector Quick Start Guide +
+
+
+