Sequrity
Security and data protection
In the architecture and implementation of the MetaKraftwerk application, various security measures have been taken to protect all data managed by the application. In order to understand these protective measures, the basic architecture of the application must first be understood. There is a single page web application (SPA) that is used by the user through a web browser. This SPA connects in the background via the HTTPS protocol with an API on the application server. This API maintains an encrypted connection to the database where application data is stored. So there are the three connected layers SPA <-> API <-> DB. Every layer and every connection has been secured.
Security measures
First, any communication between SPA and API takes place via HTTPS (wikipedia.org), i.e the HTTP (wikipedia.org) protocol is used over a TLS 1.3 (wikipedia.org) encrypted connection, which is the current industry standard. The SPA then makes requests to the API via the encrypted connection. For this, the SPA must first authenticate. This is done by the user of the application when entering the application for the first time specifies his user data, as described in this section. The passwords are stored server-side not in plain text, but only as a hash, so that the password is known only by the user. After the password has been verified by the API, the API issues to the SPA a JSON Web token (jwt.io) that authorizes further requests. This token is only valid for a period of 20 hours and must be renewed after this deadline. Without the specification of a valid token, the API does not respond to requests from a client. The process of logging in and using a JSON Web Token is illustrated in the adjacent diagram.
The protection of customer data also implies that no customer can access data of another customer in read or write mode. To do this, MetaKraftwerk used a strictly partitioned data model. All data stored by MetaKraftwerk is assigned to exactly one customer. Since this also includes the user data, it is possible for a user to access exactly the data of his assigned customer. He is unable to access the data of another customer. Also, sharing data as it is possible in other cloud applications (e.g. Dropbox), is hereby prevented. Partitioning is initially implemented at the database level. But also at the level of the API and the SPA the partitioning is enforced. The partitioning over the three application levels is shown in the adjacent diagram. Within a customer there are several users and projects. A comprehensive rights system for users is implemented, which is explained in this section. In addition, users must be explicitly added to a project and rights to this project must be defined for each user, as described in this section. After completing a project, it is possible to delete all instance metadata from the project. The deletion of the entire customer data is possible after agreement between the respective customer and MetaKraftwerk.
Protection of personal data
When developing the application, the principles of data avoidance and data economy (wikipedia.org) have been taken into consideration. For the operation of the application and the secure provision for customers, only one valid email address was identified as necessary for each user. Other personal data such as addresses, age and clear name of a user, profile pictures and behavioral profiles were not considered necessary and are therefore neither collected nor stored in any form.