Atomic Agents
Atomic Agents are used for authentication: to set an identity and prove who an actor actually is. Agents can represent both actual individuals, or machines that interact with data. Agents are the entities that can get write / read rights. Agents are used to sign Requests and Commits and to accept Invites.
Design goals
- Decentralized: Atomic Agents can be created by anyone, at any domain
- Easy: It should be easy to work with, code with, and use
- Privacy-friendly: Agents should allow for privacy friendly workflows
- Verifiable: Others should be able to verify who did what
- Secure: Resistant to attacks by malicious others
The Agent model
url: https://atomicdata.dev/classes/Agent
An Agent is a Resource with its own URL.
When it is created, the one creating the Agent will generate a cryptographic (Ed25519) keypair.
It is required to include the publicKey
in the Agent resource.
The privateKey
should be kept secret, and should be safely stored by the creator.
For convenience, a secret
can be generated, which is a single long string of characters that encodes both the privateKey
and the subject
of the Agent.
This secret
can be used to instantly, easily log in using a single string.
The publicKey
is used to verify commit signatures by that Agent, to check if that Agent actually did create and sign that Commit.
Creating an Agent
Since an Agent is used for verification of commits, the Agent's subject
should resolve and be publicly available.
This means that the one creating the Agent has to deal with this.
One way of doing this, is by hosting an Atomic Server.
An easier way of doing this, is by accepting an Invite that exists on someone else's server.