This article describes the access rules concept on the Trusted Twin platform.
The purpose of this article is to provide system architects and developers with conceptual knowledge required to design solutions on the Trusted Twin platform. For developer resources, please consult the Trusted Twin docs website.
5 min read.
Data visibility and access on the Trusted Twin platform are based on rules.
Rules are logical expressions (e.g., ‘TWIN.kind == “cat” and entry_name in LEDGER.public’) which are evaluated every time access to a Twin, an Identity, or a Ledger is requested. They can resolve either to True (access granted) or False (access denied).
Rules use contextual variables including:
- resource or object names, UUID4 identifiers or descriptions (e.g., user, Twin),
- entry names, values, or timestamps (i.e., Ledger),
- user dictionary provided in the request (i.e., “X-TrustedTwin” header),
- current time.
Rules are used in:
- User roles to limit access to Twins and Entries in a Ledger
- Ledgers to define Entry visibility
- Identities to define Identity visibility
- Indexes to select Twins included in the index
Tips & tricks
- Entry value or object description can store any JSON serializable object. Rules allow for advanced addressing (e.g., entry_value.user_list or entry_value.user_dict.name).
- Include type Entries provide the ability to use global variables in rules.