DataPortability
The data portability contracts enable users to securely grant authorized grantees access to their data files through trusted servers with cryptographic signature verification and granular permission management.
The Vana data portability system consists of three interconnected smart contracts that work together to enable secure, user-controlled data sharing and transfer across the network. This architecture implements a decentralized permission management framework where users maintain complete sovereignty over their data while selectively granting access to authorized entities through trusted infrastructure providers. The system leverages cryptographic signatures (EIP-712 standard) for gasless transactions, role-based access control for administrative operations, and temporal validity tracking through block numbers to create an auditable, transparent data portability ecosystem. By separating concerns across three specialized contracts—permissions, grantees, and servers—the architecture achieves modularity, upgradability, and clear separation of responsibilities while maintaining tight integration for seamless user experiences.
The contracts are deeply interconnected through a carefully designed permission flow that ensures data security and access control at every step. DataPortabilityPermissions serves as the orchestration layer, validating that grantees exist in the DataPortabilityGrantees registry before creating permissions and ensuring servers are registered in DataPortabilityServers before facilitating data transfers. When users create permissions, the DataPortabilityPermissions contract automatically updates the grantee's permission list in DataPortabilityGrantees through privileged function calls (using the PERMISSION_MANAGER_ROLE), maintaining bidirectional linkage between permissions and their recipients. Similarly, the atomic addServerFilesAndPermissions operation in DataPortabilityPermissions demonstrates the system's integration capabilities by coordinating with DataPortabilityServers to register or verify server trust status, then creating file records in the DataRegistry, and finally establishing permissions—all within a single transaction that either succeeds completely or reverts entirely, ensuring data consistency across the ecosystem.
The trust model implemented across these contracts creates multiple layers of verification and authorization. Users must first register or trust servers in DataPortabilityServers before those servers can facilitate their data exports, creating an explicit trust relationship that can be temporally tracked and audited. Grantees must be registered in DataPortabilityGrantees with valid public keys before they can receive any permissions, ensuring that only known, verified entities participate in data transfers. The DataPortabilityPermissions contract enforces file ownership validation by checking the DataRegistry, preventing users from granting permissions to files they don't own. This multi-contract validation approach, combined with cryptographic signature verification for all user actions, creates a robust security model where compromising any single component doesn't break the entire system. The temporal tracking through start and end block numbers across all three contracts enables users to grant time-limited access, revoke permissions or trust relationships at any time, while maintaining a complete historical audit trail of all data portability operations for compliance and transparency purposes.
Updated 20 days ago