Consumer Architecture » History » Version 2
Suravi Regmi, 11/28/2025 06:59 PM
| 1 | 1 | Suravi Regmi | # Consumer Architecture |
|---|---|---|---|
| 2 | |||
| 3 | ## Overview |
||
| 4 | The consumer subscribes to policy-approved streams, detects new data via PSync, fetches manifests, extracts data names, and retrieves/decrypts encrypted data using NAC-ABE. It depends on the controller for stream permissions and on the Attribute Authority (AA) for public parameters and decryption keys. All received content is validated with the trust schema. |
||
| 5 | |||
| 6 | Configuration provides: |
||
| 7 | applicationPrefix – consumer identity used for cert and ABE. |
||
| 8 | syncPrefix – PSync group prefix. |
||
| 9 | controllerPrefix – controller namespace for POLICYDATA. |
||
| 10 | aaCertPath – AA certificate. |
||
| 11 | trustSchemaPath – trust schema for validating controller/publisher/AA. |
||
| 12 | |||
| 13 | ## Components |
||
| 14 | 2 | Suravi Regmi | mGuardConsumer initializes the consumer environment by loading the **trust schema** , configuring NAC-ABE, and creating the internal Subscriber. It triggers the initial ABE setup by asking NAC-ABE to fetch **public parameters** and the appropriate **decryption key** from the AA. After a small delay, it requests **POLICYDATA** from the controller so the consumer knows which streams it is legally allowed to subscribe to. Once the eligible stream list is received, the consumer automatically subscribes to them. |
| 15 | 1 | Suravi Regmi | |
| 16 | ## Subscriber |
||
| 17 | 2 | Suravi Regmi | The Subscriber handles **ABE setup, policy retrieval, PSync, manifest fetching, and data decryption** . It waits for NAC-ABE to finish fetching **PUBPARAMS and DKEY** , then sends a **POLICYDATA** interest to the controller and stores the eligible streams. It joins PSync, subscribes to the manifest version of each allowed stream, receives sequence updates, fetches manifests, extracts data names, and retrieves/decrypts data via NAC-ABE before delivering plaintext to the application. |
| 18 | 1 | Suravi Regmi | |
| 19 | ## Trust and Certificate Flow |
||
| 20 | 2 | Suravi Regmi | The consumer starts with its o **wn cert, the AA cert, and the trust schema** . AA provides PUBPARAMS and DKEY, the controller provides POLICYDATA, and the publisher provides manifest packets; all are validated through the trust schema. Repo does not participate in trust, **data integrity comes from signatures, and confidentiality comes from NAC-ABE.** |
| 21 | 1 | Suravi Regmi | |
| 22 | ## Subscription Behavior |
||
| 23 | Subscriptions are filtered by policy and always target the MANIFEST name for a stream. When PSync reports new sequence numbers, the consumer pulls the updated manifest, gets the list of data names, and fetches and decrypts those data packets. Unsubscribing removes the manifest prefix from PSync. |