Overview

In Vanadium, all communication channels are encrypted and authenticated, and all communication must satisfy an authorization policy.

The following tutorials build from the Client/Server Basics tutorial to demonstrate code and pre-built tools that implement and benefit from Vanadium security.

• Principals and Blessings
  Wherein Alice and her friend Bob take the stage to demonstrate inter-principal communication.

• Permissions
  Wherein you meet a built-in authorizer that that lets Alice grant fine-grained access to Bob and Carol with simple lists of names.

• Caveats
  Wherein Carol delegates the access that Alice gave her to Diane. Carol does so without bothering Alice and without leaking secrets. Carol constrains Diane's power with caveats.

• Third-Party Caveats
  Wherein you arrange for your lawyer to get access to your "documents", then revoke that access.

• The Agent
  Wherein you use a security agent to maintain your secrets and facilitate your secure use of Vanadium.

• Custom Authorizer
  Wherein you craft a custom authorizer for Alice that grants family access any time of day, but constrains friends to a time window.

That introduces the generalities. Aspects of security that are focused on particular subjects will be covered in related subject tutorials, e.g. the [JavaScript tutorial] and the Mount table tutorial.

The Security Concepts document provides a general discussion of Vanadium security that complements these security tutorials.