Frequently Asked Questions

1. What is P3KI Core?

P3KI Core can be understood as a mandate system.
You give a precise permission to Party A, Party A can delegate some or all of this on to Party B. Which is called "delegating" a permission.
Party B can now access a device or service you control by presenting their mandate (you-to-A, A-to-B) and prove their identity (they are really B).
This works without active involvement from you or A at the time of verification.

2. Can I use P3KI on my Mobile Phone?

Yes.
We offer a mobile app for Android.
iOS and other platforms are coming soon.

3. Can I use P3KI with my embedded system?

Yes.
Please talk to us regarding platform details and space / memory requirements.

4. Can I use P3KI with my microservice architecture?

Yes.
We offer a RESTful daemon implementation that is easy to integrate.

5. Can I use P3KI for authorizing access to offline devices?

Yes!
It's one of our key features!

6. Are P3KI delegations tokens?

No!
P3KI delegations are personalized and traceable to individual identities, even if some or all are further delegated.
It's fully auditable and traceable.

7. What is a P3KI delegation?

It's a full or partial, precise granting of a permission, role, or capability to a party.

8. Can I solve X with P3KI?

Yes, if X calls for authorization and/or authentication of one device to another for a very specific access permission that can be even scenario dependent.

9. Are you using Blockchain?

No.
P3KI Core is fully storage agnostic, so you are free to store data in the Blockchain or use data read from the Blockchain. However, we do not rely on Blockchain technology in any way.

If you're asking because us saying Blockchain is the only way you're going to do the right thing and talk to us, the answer is yes, of course, it's Blockchain.

10. Can I use P3KI Core with my existing solutions?

Yes.
We offer integrations and bridges (proxies) for various industry standard interfaces.
We've so far successfully interfaced with Active Directory, Linux PAM, OAuth2, and a wide range of custom applications.

11. How do you revoke permissions with P3KI?

P3KI permission delegations are rescinded by simply no longer delegating to a given party anymore.

12. Does revoking or changing permissions invalidate client certificates?

No!
This is one of the core principles behind how our permission model works.

Intermediate "Certificate Authorities" (there's really no such thing with P3KI, but bear with us here) can change the scope of permissions they delegate effectively on a minute-by-minute basis without you having to roll out new "client certificates" (another thing that doesn't really exist with P3KI's model).
This makes running a P3KI-based authentication and authorization solution significantly more cost effective than classic certificate authority approaches.

13. How do you delegate permissions/roles/capabilities with P3KI?

Permissions, roles, and capabilities are expressed using P3KI's Trust Policy Language (TPL).
TPLs can handle complex, multi dimensional expressions made up of several individual parts (aspects).
Individual aspects can have expressions with arbitrary precision.

14. Can I write my own Trust Policy Language?

Yes.
We recommend you closely follow documentation and consult with us.

15. Can I model hierarchical permission delegation with P3KI?

Yes.
A hierarchy is a tree, and trees are strictly less powerful than full-featured graph networks (which P3KI's web-of-trust is).
This means you can fully use hierarchical models as well as web-of-trust models.

16. Can I model meshed peer-to-peer permission delegation scenarios with P3KI?

Yes.
That's one of the core concepts of P3KI.

17. Can I store permission delegation data in X?

Yes.
Any data store can be used with P3KI.

18. Can I limit permissions to prevent further delegation?

Yes.
Via the "pinning" concept delegations can be made that are tied to a specific identity.

Didn't find your questions answered? Contact us!