Request for comments about the next architecture


#1

Hello,

Cozy is a personal platform as a service with a focus on data. Cozy can be seen as 4 layers, from inside to outside:

1.A place to keep your personal data
2. A core API to handle the data
3. Your web apps, and also the mobile & desktop clients
4. A coherent User Experience.

We would like to develop a new major version of Cozy that can solve our new challenges:

  • allow multi-users for self-hosted instances
  • decrease the resources consumption per hosted Cozy instance to reduce its cost
  • enhance the global security
  • review some facets of the platform that don’t look right to us.

For that, we have started a large project, and a first step was to write a document that describe the architecture we want to build. This document is available here: https://github.com/cozy/cozy-stack/blob/master/doc/architecture.md

Before we start to code, it’s important for us to discuss with our community about the choice in this document. Your feedbacks are very precious to show us what we forgot, to suggest us some alternatives, and to help us prioritize better the developments to make.


The Cozy Cloud team


[EN][Cozy News] Cozy Cloud is hiring! New Architecture and Best of Forum
Library app for the Cozy platform
#2

Thanks for sharing.

About authorizations

I know it’s a real PITA to implement correctly and all developers want to keep it super simple but could we consider invest in a system elegant as Android 6 permissions?

Here my pros:

  • Don’t afraid a user installing a new app by requesting a large set of permissions that he could feel as hazardous
  • No need to ask the user for a given permission before it’s really used
  • Possibility to revoke a permission OUTSIDE the app, so you always feel powerful on your cozy instance

The cons are evident:

  • Harder to implements at the basis
  • App developer need to keep in mind their permissions can be revoked from the outside and still run correctly

About encryption

Should we consider some kind of “trans-app” service, call it here Vault, which can overtake a some fields in a document, at the explicit user request, to encrypt some datas?
That way there’s less encrypted data, more indexed one, and people can step into secured data more easily.
Of course that’s just some thoughts and I don’t have an implementation to offer (I lie, writting it gave me an interesting architecture to discuss), but that can of idea could deserve discussions.

Again, thanks for sharing. Cozy’s way of building its path match my mind.


#3

Hi,

thanks for the feebacks. They are important to us.

About authorizations, we are thinking about something like that. People expect a lot from it and we will give us some time to have something that can answer to the many use cases.

About encryption, I ping @Paul and @Ljinod that are working on something like that.


#4

Hi @ook,

Again, thanks for your feedback! It is really appreciated.

We are actually thinking of something that resembles very much your idea. I would even say that only the name differs (we wanted to call it “crypto” but “vault” seems nice too :wink:).
What we have in mind is to add the possibility to encrypt any document of your Cozy from anywhere within your Cozy, and delegate the management of the key to the module. That way, just like you said, the user has the possibility to start “securing” the data he feels are important and with ease. The other main advantage we see is that this aspect will not be linked to a specific application, your Cozy will be responsible for it.

In any case for now we are still nurturing the reflexion and we don’t have a document to show you — we want to involve a research laboratory that is specialized in databases and has a focus on privacy — but when we will have it we will definitely keep the community informed.

In the meantime do not hesitate to discuss this matter, it will be of great help to us, even just to know what our users expect!


Call for contributors: We are looking for the new maintainer of the DataBrowser application
#5

This document is available here: https://github.com/cozy/cozy-stack/blob/master/doc/architecture.md41

Alas, that link gives a 404 error: New location please?


#6

Indeed the architecture link shows nothing !

anyway I like this perspective much

I think other users would too


#7

Hi @jahbini,

we have renamed the doc folder in docs, the good linkk is now https://github.com/cozy/cozy-stack/blob/master/docs/architecture.md


#8

Yes, thank you: I suspected a conversion to Golang. Good choice. Golang should play quite nice with docker image layering technology: microservices might not take as much memory as your team may fear.


#9

Hi @nono and cozy cloud team.
You guys have made an amazing product and I can see the amount of thought and careful consideration that has gone into the new application architecture.

I just got access to a test server and signed onto the forum today!
I haven’t explored too much, but am impressed by what the team is building.

I wanted to share something I found that may help address a couple of the challenges you identified:

I came across Demonsaw - http://demonsaw.com/ - a tool built by Eric Anderson (aka Eijah) that uses Demoncrypt - https://github.com/eijah/demoncrypt

From my understanding of how Demonsaw works, it enables inherently secure cross network communication and data sharing through obfuscating the data transmission based on multi-factor derived AES key
I thought this may be an interesting model to explore - very novel, yet simple and it appears to align with the Cozy architecture.
Just wanted to add my initial thoughts and say thanks for the opportunity!
Keep up the great work