What is an Account?

Hello everyone, for my dissertation I am trying to explain what an ‘account’ on the network actually is. I can’t really find a good resource that explains everything so I though I would start a discussion to fact check what I have so far…

From what I can deduce, an account is a Data Atlas, from the wiki…

the “topmost” data map which allows access to all the other data in the User’s account. It has also been called a session packet, but for all practical purposes IS the User Account (Client Account). It is encrypted with the User’s account credentials and stored on the network, to be decrypted when the User logs on to the network, giving the User access to all User Account data, such as assorted IDs, encryption keys of various types, safecoin wallet, etc., and gives access to the User’s Virtual File System (VFS).

My assumption then is that this is an MD that’s address is derivable from the Account Secret and the Account Password. Within this Data Atlas is a whole bunch of Data Maps that can then be used to retrieve all the relevant detials an account needs such as safecoin balance, decryption keys, etc. Is this on the money?

My other query is that of the Client Manager Vault Persona. My assumption is that the Client Manager is simply the vault(s) that store the Data Atlas (user account) and facilitate its interaction with the network. The particular vault will be a vault in the section that is responsible for the range the 256-Bit address of the Data Atlas falls within. Can this vault then deduce that the data is somehow special? In that its job is to, again from the wiki…

one of the group of nodes with network addresses closest to the ID of the Client which monitor and execute the Client’s interactions with the network.

I assume what happens is the Proxy Node the client is talking to liaises with the Client Manager and then as if by magic the client has access to the network. The Client Manager can tell the connection is to do with successfully reading a Data Atlas? Sorry if this all seams a bit random, just wanted to check with you all that my understanding was correct. :grinning:


Hi David,

Almost :slight_smile: The difference is mostly in technical details: I’m afraid most of the info from the Wiki is not relevant anymore, esp. regarding terminology.

The general idea is correct: the address of an account packet - which was previously called session packet - is derived from the user’s locator, which can be thought of as a kind of username. It is then encrypted with the user’s password. A user is responsible for storing both locator and password in a secure manner, the network itself doesn’t store them and doesn’t even know anything about them.

But the account itself is not a data atlas (which was the previous terminology for data maps? I’m not sure about this), but a serialised Account structure which is defined in SAFE Client Libs. It holds the account keys, path to the user’s access container (its XorName), and some extra service info.

Correct. But it doesn’t need to store the user account itself - it is stored in the very same way as a usual piece of data on the network. The Client Manager address is derived from a user’s public key which is generated randomly. You can think about this persona as a proxy through which users send all their mutation requests - so you can’t change any data on the network without going through a Client Manager first. Technically this part of Vaults is called MaidManager.

No one but you can read your user account packet. The Client Manager needs to know only about your public key: we can easily check whether it’s you who sent the request or not just by checking the validity of the signature on a request - and you can sign your request only with your private keys which are stored as a part of your user’s account packet. :slight_smile:

Hopefully all of this makes sense - please let me know if you need further help!


This is a fabulous explanation, thank you for taking the time to clear it up!

One thing I am slightly confused about though is…

Does this mean that when a user logs in, this mechanism generates a unique public key for each ‘session of activity’ so to speak. Then the vault that is closest in XOR address space (distance wise) is then the Client Manager for the account for that session?

No, this set of keys (along with your private key, signing key, etc.) is generated when you first create your account and put it on the nework. So it doesn’t change with time.

You can check the actual registration implementation to see how the magic works under the hood :slight_smile:


Ahh the code makes this all start to make sense! :grinning:

So all a Client Manager knows is this public key and then liaises all the mutation requests using it… I guess because this is a set of numerous pub-priv keys that this step increases anonymity by using different pub keys when accessing the network?

From this discussion…

And through the answer by @John_Ferguson lead me to …

I think I am piecing everything together… It insulates, I think, that a Proxy Node is actually a Client Manager, are they the same thing? Second Layer sounds like the Client Manager and Thrid/Fourth layer sounds like the Data Manager. Not sure how outdated this post is though.