Skip to main content

Applications

If you're a health service, a Desci Dao or any client that wants to interact with Welshare profiles or build on Questionnaires, your first step is to sign up with an EVM key (this can be a custodial wallet or an MPC wallet): https://wallet.welshare.app/application

Signing App Message

Creating application ids

Creating several application instances with one control key allows you to e.g. run several websites that request user data, which could be potentially separated. If you're running various projects as a company - e.g. like CerebrumDAO's Transfidelity and Percepta spinouts - you can create separate application ids for them to separate their data submissions.

Unique applications are identified by a custom string of your choice and callback URLs that certain protocol components can use go gate incoming traffic, e.g. using CORS headers on wallet frontends. Signing the registration message derives an application specific keypair that your application will use to authenticate server side requests or sign off requests by your users.

Signing App Message

Application Registration and Data Access

Using application keys to request questionnaire data

This makes use of self signed JWTs under the hood. They are created when an application interacts with welshare APIs from the frontend, e.g. to request their questionnaire submissions.

How's that different from a cloud infra and where's the HPMP?

Besides the key derivation and JWT signing, you might ask, what's the benefit here for application providers and why are we using rather complex logic to run this?

At the moment of writing (Sep 25), this is due to the preliminary state of the Nillion network. Applications actually will become the instances to interact with Nillion nodes directly - they must be fully authenticated against Nillion nodes, which right now requires them to subscribe individually to Nillion and keep those control keys secret.

In the flow depicted above the welshare API can intercept the actual user data. Provided that Nillion once will allow users to grant acl-access for unsubscribed "builders" (= apps), the welshare "middleman" will become obsolete.

Users Implicitly Grant Read Access to HPMP

The bolder goal that welshare as a company is following here is to ask users to share their data with a trusted blind computation subsystem that runs inside a decentralized trusted execution environment. This allows applications and fourth party research agents to profit from the shared data storage infrastructure.