Synk Workspace Architecture
This page aims to provide you a better understanding of Synk Workspace, from an architectural standpoint, as well as for some technical details implementation.
Last updated
This page aims to provide you a better understanding of Synk Workspace, from an architectural standpoint, as well as for some technical details implementation.
Last updated
We are building the dApp by keeping one simple thing in mind, it must run anywhere, and client-side only. Following this guideline will enable us to make the platform even more sustainable over time, by deploying it on as many web3 CDN-based technologies as possible.
As for the backend of Synk Workspace, our guideline is to follow web3 as much as possible to benefit from the technological added value of the ecosystem. With that in mind, we are making it versatile, and compatible with multiple web2 and web3 cloud providers. We will leverage some providers to have privacy layer for app orchestration as well as confidential computing to ensure safety on remote nodes.
The minimal requirement for a node is at least to run on a trusted infrastructure provider or on privates nodes. In both cases, the nodes MUST support Secure Enclave Technology meaning Applications are running in enclaves encrypted using user wallet.To get access to the most advanced and privacy focused nodes, we will make partnerships with different actors and develop smart contracts for orchestration obfuscation.
Applications embedded in Synk Workspace relies on OCI (Open Container Initiative, a fancy acronym to say Docker containers). In addition to the application packaged and hardened according to the state of the art, and a bit of tuning to improve the UX, we are also bringing on board a video server streaming software which forward a stream to the dApp.
The streaming service is a bidirectionnal feed between you and the instanciated application. It provides you a video of the application in real time, and you interact with it via your keyboard, mouse or touchscreen as you would in a real-world device.
When using SYNK, each client creates a container to run their chosen application. All containers for a given client operate within the same namespace but are isolated from one another using strict, hardened firewall rules. This setup enhances both network security and efficiency by preventing unauthorized communication between containers while optimizing interactions.
As you may ask, how do we guarantee that an user can instanciate and use only it's own workspace. We achieve that by leveraging Oauth2 on top of Wallet providers. It means we are able to generate JWT Tokens (fully on your browser), signed by your wallet, which are then forwarded to the dApp and Apps Instances.For that, we rely on (the official ETH login provider) to ensure that you are the user. The signature mechanism returns a JWT (Json Web Token) which obfuscate your user unique identifier (you wallet address) to a specific hash, ensuring anonymity and non repudiation to your future workloads in case of a breach.