sync/sync_ux.txt
author Dirk Zimmermann <dz@pep.security>
Tue, 09 Apr 2019 16:02:46 +0200
branchIOS-1482
changeset 3480 689c15d6bef7
parent 2832 e03dfbbaf5ef
permissions -rw-r--r--
IOS-1482 Xcode: Change organization name.
vb@2831
     1
p≡p Sync UX
vb@2831
     2
===========
vb@2831
     3
vb@2831
     4
Sync is a protocol to form one device group. It first is driving a
vb@2831
     5
transaction named the Negotiation. There are two situations Sync can be
vb@2831
     6
in:
vb@2831
     7
vb@2831
     8
1) either there is no device group yet
vb@2831
     9
2) or there is already a device group
vb@2831
    10
vb@2831
    11
Case 1):
vb@2831
    12
--------
vb@2831
    13
vb@2831
    14
In case 1) we have two devices in the state Sole. When the user
vb@2831
    15
configures the first device, nothing happens. When the user configures
vb@2831
    16
the second device, it will detect that there is another device being in
vb@2831
    17
state Sole.
vb@2831
    18
vb@2831
    19
The two devices detect each other. Both are showing a dialog asking the
vb@2831
    20
user: “There is another device detected. Shell we form a device group?”
vb@2831
    21
vb@2831
    22
There are three possible answers:
vb@2831
    23
vb@2831
    24
a) Accept
vb@2831
    25
b) Reject
vb@2831
    26
c) Cancel
vb@2831
    27
vb@2831
    28
If one of the devices gets a Cancel, then the device group is NOT
vb@2831
    29
formed. Sync remains enabled on both devices. This is corresponding with
vb@2831
    30
a ROLLBACK of the Negotiation.
vb@2831
    31
vb@2831
    32
If one of the devices gets a Reject, then the device group is NOT
vb@2831
    33
formed. Sync then is disabled on both devices. This is corresponding
vb@2831
    34
with a COMMIT of the Negotiation with the result REJECT.
vb@2831
    35
vb@2831
    36
If both devices get an Accept, then the device group is formed. Sync is
vb@2831
    37
then enabled on both devices. This is corresponding with a two-phase
vb@2831
    38
COMMIT of the Negotiation with the result ACCEPT.
vb@2831
    39
vb@2831
    40
Case 2):
vb@2831
    41
vb@2831
    42
In case 2) we have at least two devices forming a device group already
vb@2831
    43
(named “old devices”), being in state Grouped. And we have one device,
vb@2831
    44
which is not yet in a device group (named “new device”), being in state
vb@2831
    45
Sole.
vb@2831
    46
vb@2831
    47
The new device and the old devices detect that there is a new device,
vb@2831
    48
which could join the existing device group. The new device is showing
vb@2831
    49
a dialog with “There is already a device group. Shell this device join?”
vb@2831
    50
Possible answers are Join/Accept, Reject and Cancel. The old devices are
vb@2831
    51
ALL showing a dialog with “A new device is detected. Shell we accept
vb@2831
    52
the new device as new member in our device group?” Possible answers are
vb@2831
    53
Accept, Reject and Cancel.
vb@2831
    54
vb@2831
    55
If one of the devices gets a Cancel, then the new device is NOT added to
vb@2831
    56
the device group. Sync remains enabled on all devices. This is
vb@2831
    57
corresponding with a ROLLBACK of the Negotiation.
vb@2831
    58
vb@2831
    59
If one of the devices gets a Reject, then the new device is NOT added to
vb@2831
    60
the device group. Sync remains enabled on the old devices, but gets
vb@2831
    61
disabled on the new device. This is corresponding with a COMMIT of the
vb@2831
    62
Negotiation with the result REJECT.
vb@2831
    63
vb@2831
    64
Only if the new device gets an Accept and at least one of the old
vb@2831
    65
devices gets an Accept, then the new device is added to the device group.
vb@2831
    66
Sync then remains enabled on the old devices, and gets enabled on the
vb@2831
    67
new device. This is corresponding with a COMMIT of the Negotiation with
vb@2831
    68
the result ACCEPT.
vb@2831
    69
vb@2831
    70
Key sync is starting while Sync is taking place. The Sync dialog is a
vb@2831
    71
Trustwords dialog offering Trustwords to check for the user. User's
vb@2831
    72
decision is not only based on if she/he wants to have a device group in
vb@2831
    73
case 1) – or – if she/he wants to add a new device to an existing device
vb@2831
    74
group in case 2), but also on the question, if the Trustwords on the
vb@2831
    75
two handled devices (either the two Sole ones or the new one and one of
vb@2831
    76
the old ones) are identical.
vb@2831
    77
vb@2831
    78
Because there is a Trustwords check, from then on the connection is
vb@2831
    79
becoming green, and secret keys will be sent and shared on all devices
vb@2831
    80
being member of the same device group.
vb@2831
    81
vb@2831
    82
When Sync is switched off on a device, then it leaves the device group
vb@2831
    83
it is in. A Key reset is needed then on the remaining devices, dealing
vb@2831
    84
out new group keys for all own identities.
vb@2831
    85
vb@2831
    86
Sync can be switched on in two ways:
vb@2831
    87
vb@2831
    88
1) Switched on for all (default in p≡p apps)
vb@2831
    89
2) Switched on only for a list of accounts (reached by switching it off
vb@2831
    90
   first)
vb@2831
    91
vb@2831
    92
If Sync is enabled in 1) then adding a new account will have Sync for
vb@2831
    93
this account, too, implicitely.
vb@2831
    94
vb@2831
    95
If Sync is enabled in 2) then adding a new account will have Sync
vb@2831
    96
switched off for this account by default.