Terminology
Last updated
Was this helpful?
Last updated
Was this helpful?
A Classification is a link between a and a classified entity. , and can have Classifications.
A consists of a tree of Classification Nodes. A Classification Node
belongs to a Classification Scheme
has a parent Classification Node, unless it is the root node
has property name
has property label
has property description
has property image
The Meeco platform has a very flexible way to tag information. Instead of having a flat list of tags the system can be configured to have multiple independent . Combinations of these Classifications are called Classification Schemes.
It is possible for a user to have multiple Data Encryption Keys: there is one that is used to encrypt your private data; new Keys are created for any Shares, so that other users never see your private DEK.
The Slots in an Item are keyed by their name property, so an Item can be thought of like a dictionary or hash-map containing only encrypted values.
There is one Key Encryption Key per user.
No encryption is done in the Keystore, the Cryppo library is required to create and use keys.
Number of iterations
Salt
Derived key length
The secret key is a component of the authentication flow.
The format for version 1 is as follows:
The username is generated by the server
The salt is a 256 bit randomly generated key, which is base58 encoded and has a hypen (-) at each 6th character.
The salt component created on the client and stored (securely) by the user. It is used to generate
An Item you have received via a Share, can be shared to another user, but you cannot alter any of its Slots. Only the original creator of the Item can update the Share, other than deleting it.
Slots are typed, however the values cannot be checked that they match the given type, as the API does not have decrypted keys for these items. Example Slot types are:
key_value
bool
date
datetime
image
url
phone_number
email
password
attachment
Notice that new types cannot be created; key_value should be the default type used.
An authentication method which sends proof that a user knows their password without revealing the actual password to the server.
The user's data is end-to-end encrypted, this means that the users data cannot be decrypted and read by anyone at Meeco. Your data is your data.
A Connection between two users is a channel via which users can share . It is essentially a pair of (yours and the other party's), and user ids.
You can read a more detailed explanation of Sharing Items , and you can run through creating a Connection and sharing an item using the Meeco CLI tool . (Make sure you've gone through the first to have gained access to the API sandbox!)
Data Encryption Keys are keys used to encrypted and decrypt user data. Data Encryption Keys are stored in the encrypted with the Key Encryption Key.
An Item is a group of related by a topic. For example, a user profile is an Item. A club membership, a flight reservation - all these can be Items, each having a number of Slots of different types in them.
If a user makes a with another user, they can share the encrypted slots with that user.
An Item Template is a predefined list of empty . Each [Item](](#item) is created by cloning such a template and filling in the Slots with your data.
You can read a more detailed document about Items and Templates
The Key Encryption Key is used to encrypt all other keys (data encryption keys and keypairs) before they are stored in the . The Key Encryption Key is encrypted with the , which is private to the user.
In the current implementation this is an key, but the serialization format of encrypted data used in the Meeco platform allows for adding new encryption algorithms without breaking backwards compatibility.
Public key cryptography is used for exchanging when are created between users. Private keys are stored in the encrypted with the .
Storage for secrets and keys. This is where the , , and the , are stored along with the . All of the stored keys are encrypted with the KEK, except for KEK itself, which is encrypted with the Passphrase Derived Key.
In the the Keystore is reachable through the https://sandbox.meeco.me/keystore endpoint.
A Passphrase Derived Key is a key. To generate or re-generate this key, a passphrase and derivation artefacts are required. Derivation artefacts include:
In the current iteration of our authentication and passphrase derivation the number of keys Number of iterations and Derived key length are static and the Salt is pulled from the Secret Key.
Derivation artefacts are stored in the . Neither the Passphrase Derived Key itself nor the passphrase are stored in the Keystore.
an encryption key () with which to encrypt your .
a password which, along with a username, will be used for authentication.
A Share is created when a user grants access to their to another user that they've with. The Item is re-encrypted with a shared with the recipient of the Share.
For a detailed look at Sharing and Connections, have a look at the Connections and Sharing Guide, or read through the tutorial for creating a Connection and sharing an item using the tool
A Slot in the smallest data entity in the . An is made up of Slots, which are keyed by their name property. Each Slot has a name, a label, and a value. Note that the API does not return the value property, but encrypted_value. The API will not allow storing any unencrypted data in either value or encrypted_value.
Slot values are always stored in an encrypted form and only the user can decrypt and read them. Once encrypted and serialized - you can use one of Meeco's family of encryption libraries - a Slot value of "BMW" would look something like this:
Slots are able to be shared after two users have made a with each other.
You can read more about it here -
The Vault is where a User of the API-of-Me will store and share the they create.
In the the Vault is reachable through the https://sandbox.meeco.me/vault endpoint.