Anticipating questions around self authentication such as “how can it do X?” I have been trying to understand how it works, both from the self_authentication crate docs & example and imagining how that might be used to do what I understand it to achieve. So I may have made some wrong assumptions.
This fits part of @dirvine’s explanation here, about changing credentials but I’m unsure if what I’ve drawn is correct because it doesn’t entirely fit. David says:
This is all in the self_auth paper. It does not create a file but a
pointer to potential files. When you change credentials then a new
pointer is create and old one deleted. So all trace is gone when new
data is on line. Your old data is not gone unless you have the new data.
So there is an implicit read after write check before old account is
gone.
Using my diagram, changing credentials would mean doing another PUT of the datamap using the new credentials, and then using those from that point on. However, if data is never deleted, the old datamap would still be there and although the “pointer” would be changed, ie using the new credentials to encrypt/PUT and GET/decrypt (not shown), the old datamap would still be there.
So I guess either my diagram is wrong or there is a way to destroy the old datamap (sounds unlikely).
@dirvine what have I got wrong? Am I anywhere near even?!
I did look at the self authentication paper (PDF) but was a bit intimidated and am not sure I could answer this by reading it.