How it works

Mandatory: any apixtrib request header have to set with:
{xalias,xhash,xdays,xtribe,xlang,xapp}
This webapp use :

In few words:
A Pagan is identify by an Alias (for human) known by api as a publicKey (for machine).
The owner of this Alias (stored in header xalias) have a privateKey generate when a Pagan is created. This private key is used to sign (with openpgp.js detachedsignature) the message "xalias_xdays" where xdays is a timestamp this signature is store into xhash (header) It is possible to trust a tribe to store this privateKey (and passphrase that encrypt this privatekey, that can be empty, if not the passphrase is needed to uncipher the stored privateKey).
api accept only xhash with a timestamp less than 24hours. Means app needs to store privatekey.

When authenticated, a Pagan can be identify as a Person into a tribe (xtribe) and then has an object instance of Person named "alias" into the tribe space (means /nationchains/tribe/xtribe/Person/alias.json).
In this file we get a key call accessright based onto the schema accessright to the ressource of the xtribe only.

accessright is based on a CRUDOwner rules per object. Owner of an instance can do any things on his data (until it respects schema). An object can have multiple Owners.
Other user needs to have specifics right to act on object instance {objectname:'CRUD', ..}.
Person can have key "profil" user of an app to manage webapp but action has to be on line with accessright to work.

GET nationchains/pagans/idx/alias_all.json -> data:{alias:{alias:publicKey}}

To allow trustable Tribe to store the Private and Passphrase Key, you get from the townId_all.json key:tribes

GET /nationchains/towns/idx/townId_all.json -> data:{townId:{tribes:[list of tribeId inside a town]}}

Am I authenticated to api

xhash is a detached signature done with public and private key of message: 'alias_xdays' where xdays is a time stamp a xhash has an elapse of 24hours after it has to be recreate.
create

Am i authenticated to api?

GET 'api/pagans/isauth' -> status 200 : Well authenticated with alias, status 400: not authenticated

Logout


I prove that i own this alias


Create a decentralized Identity

apXtrib allow you to create keys to identify yourself with a universal alias

Download your keys at least PrivateKey this have to save in a secret place