BayunCoreSDK JavaScript Programming Guide
  • 1. Introduction
  • 2. Quick Start Guide for Beginners
  • 3. Getting Started
  • 4. Integrate Bayun SDK
  • 5. Authentication
    • 5.1 Register with Password
    • 5.2 Register without Password
    • 5.3 Login with Password
    • 5.4 Login without Password
    • 5.5 Logout
    • 5.6 Change Password
  • 6. BayunCoreSDK Operations
    • 6.1 Lock/Unlock Text
    • 6.2 Lock/Unlock File Text
    • 6.3 Lock/Unlock Binary Data
    • 6.4 Get Locking Key
  • 7. Groups
    • 7.1 Create Group
    • 7.2 Get My Groups
    • 7.3 Get Unjoined Public Groups
    • 7.4 Join Public Group
    • 7.5 Get Group By Id
    • 7.6 Add Group Member
    • 7.7 Add Group Members
    • 7.8 Remove Group Member
    • 7.9 Remove Group Members
    • 7.10 Remove Group Members Except List
    • 7.11 Leave Group
    • 7.12 Delete Group
  • 8. Bayun Errors
Powered by GitBook
On this page
  • Group Types
  • Group APIs

Was this helpful?

7. Groups

Previous6.4 Get Locking KeyNext7.1 Create Group

Last updated 8 months ago

Was this helpful?

BayunSDK provides public APIs for secure group-based data-access and basic group-management. Every group has its own secret-key that is unique for the group, and is accessible only to the members of that group. This shared group-key is used to encrypt the messages that are locked with encryption-policy of group, and also authenticate members, and control access to group resources. Since nobody other than group-members have access to the group's secret-key, only those belonging to the group will be able to access data encrypted with group-policy tied to that specific groupId.

Note that the main purpose of Groups functionality in Bayun framework is to enable enforcement of arbitrary data-access policies that are cryptographically tied to the data, and without burdening the developer with the headaches of key-management for the same. The framework provides only basic group-management functions for creating, modifying, and deleting a group in such a way that the developer can optionally create stricter access-control mechanisms for group-management if so desired, depending on the use-case at hand. For example, the Bayun framework treats every existing member of the group equally for group-management privileges, including the ability to add/remove other members, or delete the group. The developer can always build, or enforce, finer-grained group-management functionality on top of this, e.g. by introducing the notion of group-owner or group-admins with privileged access-rights etc.

Group Types

Group type is defined when creating a new group. GroupType is an enum type and has following values:

PUBLIC : The group is public to the organization. Any employee of the organization can join this group, and hence get access to the shared group-key. The group's secret-key is kept encrypted in every member's own lockbox as well as kept encrypted with company's own secret-key, so that nobody outside the company can get access to it. An existing member, who already has access to the group-key, can add any other members to the group (even those outside the company).

PRIVATE : The group is private and accessible only to the existing members of the group. The group's secret-key is kept encrypted in every member's own lockbox only. An existing member can add anyone else to the member-list of the group, irrespective of whether they belong to the same company or not.

Group APIs

7.1 Create Group
7.2 Get My Groups
7.3 Get Unjoined Public Groups
7.4 Join Public Group
7.5 Get Group By Id
7.6 Add Group Member
7.7 Add Group Members
7.8 Remove Group Member
7.9 Remove Group Members
7.10 Remove Group Members Except List
7.11 Leave Group
7.12 Delete Group