Developer Intro System Model

The scrambls system includes the following high-level concepts:

  • content: information that is to be scrambld. Scrambls was built with social networks and public internet-infrastructure-based communication in mind and the main type of person-to-person information transmitted is textual in nature (e.g., email, social network posts, etc.) so the current system supports only textual information. In the future, non-textual information will be supported (e.g., images, and binary data generally). Content is identified by a globally unique number, generally referred to as an XID.
  • protocols: the rules by which to scrambl and descrambl content. These protocols include the details of (substitution) ciphering and deciphering the content but define more than that. The web-based nature of scrambls dictates the the protocols accept ASCII and UNICODE and output ASCII and UNICODE (currently). Support of binary content will require new protocols.
  • keys: the cryptographic key used by the protocols. Keys are arbitrarily long arrays of bytes.
  • accounts: representations of scrambls users. Users are currently identified only by their (verified) email address.
  • policies and policy terms: policies are user-specific ordered lists of policy terms. Policy terms are specific tests to evaluate whether or not an account has permission to receive a key for a particular piece of content.
  • browser extensions: user-installed code modules that implement the scrambling protocols
Architecturally, scrambls comprises the following software components:

  • Cassandra column-oriented data store system: this is a scalable and fault-tolerant data storage mechanism to store all persistent data, including accounts, keys, and policy information
  • policy server: a server that provides the programmatic ability to manage accounts, keys, XIDs, and policies and terms.
  • dashboard: a user-level web application that allows users to sign up and manage their accounts and policies.
  • server API: an HTTP-based API to communicate with the policy server
  • client API: a JavaScript library of functions to scrambl and descrambl content that conforms to the protocols. Other client languages will be supported in the future
  • browser extensions: downloadable and installable browser-specific modules that use both the server API and the client API to scrambl and descramble content within the context of generic browser-based HTML textarea and HTML 5 “edit host” containers.

next Security Model