Projects
What are the Projects?
Projects are like boxes with keys.
Once created, a project is like a box that holds files secured with keys. Each file is automatically encrypted with a public key.
To access a project file, you must:
- Have the file shared with you.
- Be a member of the project.
- Satisfy all project requirements.
Projects are access-controlled by tags and security requirements.
The backend determines your frontend session's project access.
- You are a certified member of the project you are trying to access.
- You satisfy the security levels and requirements of the project you are trying to access.
You can change the tags, but this does not mean you can access the files—even as a super-admin.
The core principle of projects is that they control the keys.
You can be denied access to a project if you are:
- Not a member of the project.
- Have not fulfilled the project security requirements.
- Depending on how you log in, you may need to access specific projects from specific locations. (New feature)
The keys are stored on the backend in a box that opens with your private key, but you cannot access the box unless the project is active in your session. The project controls access to the box containing the file key.
Access to the file key box is controlled by the project.
Accessing a box depends on your session, project membership, and your private key.
- The project enforces: "You will not receive the box with the key unless you are a project member and have fulfilled all project requirements."
- The backend evaluates active projects for every session, determining which projects are active and tagging your session accordingly.
- The box is access-controlled by project requirements and membership.
- Project files are encrypted with the public key and can only be decrypted by project members with their private keys.
A similar mechanism happens with the project-tagged drives.
Here are three scenarios:
1. Same File, Same Project
John and Emma are both members of the same project. In his Vault, John tags his file with the project. This doesn't mean Emma has access to it. John must also share the file specifically with Emma for her to access it.
2. Same File, Different Project
John and Emma have shared a file between them. If John, the file owner, tags the file with a project, Emma must be a member of that project and fulfill all project requirements to access the file.
3. Same Group, Different Project
John and Emma are both part of the same group, so they can see all group-shared files. If John, the file owner, tags a group file with a project, Emma and the rest of the group must also be members of that project and fulfill all project requirements to access the file.
You can create a group for each project to manage file sharing access.
What Determines when a Project is Active in My Session?
Your project is active when it appears in the right panel Projects section of your Vault.
- If you satisfy the project security requirements, you can view the project tag's color and name.
- If you do not satisfy the project security requirements, you will only see a lock on the project tag and will be unable to access it.
- Deactivate unused projects at a broader scale for better security practices.
- All current Virtual Machines will only be accessible through the project they are tagged with.
What Happens when a Project Member Downloads Classified Project Data Locally?
Once a project-tagged file is downloaded locally into your local machine, it is out of reach and uncontrollable in tiCrypt.
Suppose you are temporary part of a project and you download a project-tagged file via File Transfer Hub. When the project changes tags later, you still own a local copy of the project-tagged files. You decide to upload the copy back to your Vault as unclassified content.
tiCrypt is not responsible for your download practice of project-tagged files, if your admin gave you the permission to perform this action.
Downloading Vault data into local machine is not a bug, since it is designed for very rare scenarios. However, it is bad practice for data security.