Frequently Asked Questions

P3KI Core answers the question "Can X do Y to me?" in the most precise way possible.
P3KI Core is a flexible authorization and authentication solution built on web-of-trust technology.
P3KI Core is a software library to augment your own or existing software with distributed trust network functionality offering access permission delegation, graceful degradation, and offline capabilities.

Yes, if X calls for authorization and/or authentication of one device to another for a very specific access permission that can be even scenario dependent.

P3KI Core is fully storage agnostic, so you are free to store data in the Blockchain or use data read from the Blockchain. However, we do not rely on Blockchain technology in any way.

If you're asking because us saying Blockchain is the only way you're going to do the right thing and talk to us, the answer is yes, of course, it's Blockchain.

P3KI Core support can be added to many existing solutions.
We offer off-the-shelf integration for existing authentication solutions like the common Linux PAM system.
If you're interested in adding P3KI support for other authentication and/or authorization scenarios, please get in touch with us.

No.
You can use P3KI to augment many existing protocols and solutions to enable them with distributed access control features like delegation, graceful degradation, and offline capabilities.

P3KI permission delegations are rescinded by simply not trusting a given party anymore with a specific permission.

No!
This is one of the core principles behind how our permission model works.

Intermediate "Certificate Authorities" (there's really no such thing with P3KI, but bear with us here) can change the scope of permissions they delegate effectively on a minute-by-minute basis without you having to roll out new "client certificates" (another thing that doesn't really exist with P3KI's model).
This makes running a P3KI-based authentication and authorization solution significantly more cost effective than classic certificate authority approaches.

Trust in P3KI-enabled authentication and authorization scenarios is expressed using Trust Policy Languages (TPLs). TPLs are a mathematically proven construct that allows scenario specific and arbitrary precision expression of permission levels. You are no longer constrained by pre-defined permission levels as is often the case with existing solutions.

Sure, but don't forget to provide the required mathematical proofs.
If you don't want to bother with that, give us a call!

The short answer is "yes".
The longer answer is still "yes" but let us elaborate.
Our technology relies on two cryptographic primitives. Specifically one or more signature schemes and a hash function. You're also free to choose which one(s) you want to use for a given scenario.
We have a formal security reduction proving that our use of the primitives does not introduce any extra insecurities. Which really means that we're as secure as the underlying primitives.
Trust Policy Languages (TPLs), which are used to express permissions between users of P3KI technology, are mathematically proven to ensure correct evaluation of permission levels.

Sure! A hierarchy is a tree, and trees are strictly less powerful than full-featured graph networks (which P3KI's web-of-trust is).

Yes.
If it looks like a key/value store, you can.
Central database? Peer-to-peer network? Text file?
All of the above!

The short answer "no".
The longer answer is "kinda". You can easily choose to only allow delegations over at most N hops. This is a application level / local decision of the party doing the access control verification and can be different for any such party.
However, not being able to limit delegation per sé is a feature. If you would limit a delegation, permissions will still be delegated by users by simply sharing credentials. Once that happens you're back to the status quo.