The atProtocol fundamentals

What is the atProtocol?

Developed by Atsign, the atProtocol is an open-source, P2P Internet protocol that enables developers and enterprises to handle personal data based on trust and permissions.

atRoot & secondary servers

The atProtocol has only two tiers of servers: the atRoot and atSecondary servers.

Schema

The atProtocol actually defines a secure URI (Universal Resource Identifier) for any data stored across the atProtocol (i.e. phone@alice) with one important difference — the value returned for an identifier is polymorphic, which means that it depends on who is accessing the resource or asking for the information. Besides, the addition of the atScheme, <atsign://>, creates a URL (Universal Resource Locator) that can be securely shared and interpreted.

atProtocol server verbs

A verb is a command used to communicate with an atServer through a secure socket.

from verb

Purpose: The from verb is used to tell the atServer what atSign you claim to be. The atServer will respond with a challenge in the form of a full at address and a cookie to place at that address.

@from:@alice // request to @alice server from @alice
data:_948da07a-01da-457f-a23b-aa851738e898@alice:29741692–6c08–408c-b93b-24d2758cc0f9
@from:@bob // request to @alice server from @bob
data:proof:_64a27907-f555–44f8-bd86-b97838303805@bob:dfc6aedf-4618–4446–84bb-9d15838a7b10 //response from @alice server

pol verb

Purpose: The pol verb, which stands for proof of life, verifies whether the correct cookie was placed in the requesting atServer.

@from:@bob // request to @alice server from @bob
data:proof:_64a27907-f555–44f8-bd86-b97838303805@bob:dfc6aedf-4618–4446–84bb-9d15838a7b10 //response from @alice server
@pol
@bob@

pkam verb

Purpose: The pkam verb, short for public key authentication mechanism, is used to authenticate a client to an atServer. The challenge returned by the from verb is cryptographically signed with a private key by the client. The cryptographic signature is validated by the atServer using a public key.

@from:@alice // request to @alice server from @alice
data:_948da07a-01da-457f-a23b-aa851738e898@alice:29741692–6c08–408c-b93b-24d2758cc0f9
// snippet to sign challenge with private key
var key = RSAPrivateKey.fromString(privateKey);
var challenge = ‘_948da07a-01da-457f-a23b-aa851738e898@alice:29741692–6c08–408c-b93b-24d2758cc0f9’;
var signature = base64Encode
(key.createSHA256Signature(utf8.encode(challenge)));
// send pkam request to server
@pkam:<signature>
//prompt is returned if authentication is successful on @alice server
@alice@

update verb

Purpose: The update verb updates a key with a value in the atSign’s namespace. This value can be a user’s public, private, or shared data.

  1. Sharing data publicly
update:public:phone@alice +1–111–111
update:@alice:creditcard@alice 123–456–789
update:@bob:email@alice alice@atsign.com

llookup verb

Purpose: An authenticated atSign can look up local keys using the llookup verb.

  1. Local lookup public key
llookup:public:phone@alice 
data:+1–111–111
llookup:@alice:creditcard@alice 
data:123–456–789
llookup:@bob:email@alice 
data:alice@atsign.com

plookup verb

Purpose: An authenticated atSign can look up public keys using the plookup verb.

@bob@pllookup:phone@alice 
data:+1–111–111

lookup verb

Purpose: The lookup verb is polymorphic in nature. If an atSign is authenticated, the lookup verb is used to retrieve data shared with authenticated atSign. If an atSign is unauthenticated, the lookup verb returns the public value of the key.

  1. @bob is authenticated
@bob@lookup:email@alice 
data:
alice@atsign.com
lookup:phone@alice 
data:+1–111–111 //value of public:phone@alice

scan verb

Purpose: The scan verb lists all the keys stored in an atSign’s server. Like the lookup verb, the scan verb is polymorphic in nature. When executed without authentication, the verb returns all public keys. Upon authentication, the scan verb returns all keys (public, private and shared)

  1. @alice is unauthenticated
@scan 
data
:phone@alice //returns only the key shared publicly
@alice@scan 
data:[public:phone@alice,@alice:creditcard@alice,@bob:email@alice] //returns all the keys in atSign’s server

delete verb

Purpose: The delete verb removes a key from the user’s server.

delete:@bob:email@alice

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store