Hello Safe Community,
I have been watching Safe for many months now and I must say that I am very excited. I have couple of businesses that I do IT work for. and by that I mean i support just about all of the IT they have grant it its not a lot but what they have is important to them. I have been thinking that Safe is going to be a great addition to the tools available to them. even if its just the use of a secure (basically free) cloud backup for all the PC in the offices. In thinking about this implementation I realized that there will be a need for client software that has a slightly different functionality. in an office setting where there are several people using different PCs in the office. This client would need the ability to keep separate data stores for the individual end user and a second copy of data saved to a master account the business owner also the Safecoin that is not used to pay for what that individual clients network usage should then be deposited to the business owners Safecoin wallet. the other option would be to have the ability to spawn user accounts under your main SafeNetwork account you could then use those ( an admin & user account situation) user accounts would be able to have passwords recovered ( or reset ) via some type of mechanism saved under the master account and the admin account should be able to access the data saved in the sub user accounts. also grouping would be nice for maid to be implemented in enterprise situations user accounts should not be able to change the for the client on a pc that is owned by the business owner. This functionality would open up alot of potential nodes for the network.( I might add well maintained and reliably connected nodes)
here may be a thread or two with some similar helpful infoâŚ
The reply from @mvanzyl might actually contain what I wanted to add in. Itâs not in any documentation and itâs been only briefly mentioned, perhaps a developer from outside the maidsafe team will get to it first but there will be and app named âLifestuffâ that is to be an app they launch after the network is feature complete and has been refined a bit but it has been mentioned before to have a counter part later on aptly named âWorkstuffâ. I know this is really only a glimmer of hope but with how competent the team is and their deep level understanding of the networks capabilities makes me just excited enough to keep my fingers crossed
Thanks for the information guys. However reading over the posts has actually got me more concerned that something very important is being overlooked in the project and I feel its imperative that this be discussed now before things get to close to go live. Trust relationships are important in every organization and in most services be it in an AD environment or in accessing email. I for one think that Maidsafe will be a vital tool to organizations particularly small business that need affordable secure and reliable information solutions. given that it has builtin the proper management capabilities / utilities. the thing that makes maid safe so great other than its low or no TCO is that it just works this is important especially to small businesses who cant afford a lot of maintenance or downtime and for that matter cant waste alot of time on management of a system. The BIG thing that makes maid safe just work is that the system is not reliant on a central server ( of course right thatâs like almost the whole point right ) If we leave trust relationships to be handled by an app built on topp of the network rather than making it something inherent in the net work then arnt we just falling back on a more client server like model? do we then find ourselves in a place where Maidsafe wonât just work? The vision that I have for a solution model is that there would be the ability to make personas under a master account so if for example if the master account was samllbiz i could then create accounts like smallbiz_amy smallbiz_mike smallbiz_tom these accounts then could be assigned access levels and roles all of the data for these accounts could be stored under the master smallbiz account and the clients could self authenticate to a hash table saved there but thats just my take on how this problem could be solved. I know that people far smarter than I figure out how to make this thing work but to close out my point amy mike and tom probably all use there own computers at work but the data the work with dosnt belong to them and the PCs they use dont belong to them but there is no reason that that idle PC power cant perticipate ( farm ) in the network if the person that owns them wants them to participate in the network and we as a community should make Maidsafe want to participate in. I keep hearing that part of maid safe is letting people get paid for what they put in to the network Content, Products, Resources. Why shouldnât there be a way for people with resources ie an office of workstations to participate in the network while still easily controlling the data they own.
It was explained to me as essentially to think of the SAFE Network as a giant shared drive or database.
The access and creation of account hierarchy can be dictated by the end user/clients/corporations. So, for example a company could create user entitlements and access levels based on the software used. This would allow each user to have their access set to specific designated locations/files, etc.
The network is just the database that holds the files, how they are retrieved and what permissions they have will be entirely determined by the end users. The network itself is just the protocol that enables decentralized file storage and encryption. Building specific features into the network would only increase the code base and could possibly limit the capabilities of what it is capable of going forwardâŚjust my two centsâŚ
Could you please use paragraphs? Walls of text are hard to readâŚ
What are the goals of this set up exactly? Does it include preventing employees from creating data that the master account canât see? Preventing data leaks by employees? Because the core network gives the an account owner full control without any oversight. Iâm not sure if using SAFE for user account control for a company that doesnât trust itâs own employees is a good idea.
I see what youâre saying but I just want to be certain of something I think Iâm picking up from what youâre saying. Do you think that this is something you believe needs to be in the network code itself? Because if so it doesnât really work like that. If not please donât be insulted I was just getting that impression so correct me if Iâm wrong. The network will have an api and apps will be built on top of the network and so all data will be handled and stored in a secure and distributed and redundant manner. The feature of a master account and sub accounts are possible but that is something that is higher level and built on top of the existing network. The network is complex but itâs basically taking care of secure connection/communications, distributed data storage, ranking, farming, consensus, etc. the low level stuff thatâs under the hood.
Here are two posts made in another thread about forking SAFE for a business. It may add some insight to your queries.
In some cases businesses have no choice but to not trust employees. and its not a matter of trust worthy employees. Taek a law firm for example where the firm might have several clients working with different groups of lawyers and lets say for example some of the lawers work on real estate law for apple for managing the opening of apple stores and another group of lawyers work with Samsung on intellectual property. the two donât over lap but for the protection of the lawyers and secretaries and everyone involved ( and not to mention the clients) you wouldnât want the two groups to overlap even on accident. to take it even further lets say that apple opened a new store and they used some type of tech in the store that supposedly infringed on some IP that Samsung owned like gorilla glass windows ( for the record this is all clearly hypothetical and unlikely but I think you can see what im getting at.
Similar things might happen in the world of medicine with the privacy laws in different countries
There are plenty of cases where this type of separation of information is not only smart but required by law within a single organization.
Yes, my argument is that the in some cases a master account would need to be able to control and set trust relationships on the network. if an employee suddenly leaves or even dies It may be necessary to take over an account. additionally there will definitely be a need to recover or set passwords. this is not possible on the network now.
Iâm not suggesting that it be changed so that all passwords are resetable on the network if forgotten on the master account that wont work on the safe network I get that but it would suck if smallbiz_amy or smallbiz_mike lost all her/his work and potentally a lot of smallbizâs money when a password cant be remembered after a long vacation ( that shit happens all the time)
I think its worth pointing out that the stated goal of safe is to replace all server environments or at least offer the capability within 10 years and I think thatâs great but in order to do that Safe needs to be able to do all the things that servers do now and do it well out of the box. in the business world that often means the easy control of access to data. IT also means managed trust relationships.
This is not just meant to be a discussion of the security of Maidsafe network That I am not questioning I with you guys you have my buy-in It is better but think about when you go to work as iâm sure many of you âgo to the officeâ you sit down at a computer that dosnt belong to you and you access data that dosnt belong to you and the person or group that does own it often wants to and has the right to manage those assets. deside what you have access to and what applications you use and what type of internet access you have ( and to generate Safecoin from the PCs in tat business should they chose. ( rather than the user logged into that gear)
I saw an interview where one of the devs said that one of the end goal visions Maid safe is that you sit down at a PC a dummy terminal essentially and you login to maid safe. Boom there is all your applications and data. I think thatâs great for your personal stuff because its all yours but work stuff often isnât all yours
i guess the short short simple version of the discussion is for Maidsafe to replace all servers and a big part of that is going to be to replace AD how can that be easily implemented on the Safe Network how can it âJust Workâ I think the answer to that question might be that something about the network might need to be changed. and that may be easier to do now rather than later or at least build in the foundation for that functionality later.
I think the main issue here is not the network itself but the access to the data. A solution to this might be having one personal login to the network and one work login. The work login access would be controlled by the company, any SAFEcoin earned would be paid to the company and the access and manipulation of the data would be controlled by the company. So if I used my work login, I could only see what they gave me access to, I could only read/write/save what I have access to, and when I log off, Iâm done. The company would still control the data and who has permissions, itâs just that instead of it being stored on their servers, it is stored on the network. All of this could be done by third party software/apps such as CRMâs, groupware,etc built on top of SAFE network. Come to think of it, access to the companyâs software would not even require a new login, the network would already know who you are and you would have access to the app with preset entitlements!
Everything said in the op could be built as an app on top of the network for sure. Just need a skilled developer!