iExecBlockchainComputing · PierreJeanjacquot · Jun 6, 2023 · Jun 5, 2023 · Jun 5, 2023 · Jun 5, 2023
diff --git a/README.md b/README.md
@@ -4,33 +4,30 @@
 
 <h1 align="center">DataProtector</h1>
 
-**DataProtector** offers developers methods to create apps that provide users with unparalleled ownership over their data.
+**DataProtector** offers developers methods to create apps that give users unparalleled ownership and privacy over their data.
 
-Through DataProtector, users may allow apps to use their data without ever revealing the data itself. This revolutionary approach to data management relies on:
+Through DataProtector, users may allow apps to use their data–without ever revealing the data itself. This revolutionary approach to data management relies on:
 
-- end-to-end encryption backed by a secure hardware environment that prevents apps from accessing users’ unencrypted data
-- smart contracts that manage apps’ rights to use users’ encrypted data.
+- end-to-end encryption backed by a confidential computing technology that prevents apps from accessing users’ unencrypted data
+- smart contracts that manage apps’ rights to use users’ encrypted data
 
-DataProtector bundles 5 methods:
+DataProtector bundles 6 methods:
 
-- protectData — that safeguards any type of data via end-to-end encryption and hardware security while recording data ownership on a smart contract to ensure verifiability and traceability
-- grantUsage — that enables an app to use users’ data without ever revealing the data itself
-- revokeUsage — that disables an app to use users’ data without ever disclosing it
-- fetchProtectedData — that retrieves the data that has already been protected by DataProtector
-- fetchGrantedUsage — that provides the list of the apps that are allowed to use existing protected data.
+- **protectData** — that safeguards any data. It takes responsibility for encrypting the data and recording ownership on a smart contract
+- **grantAccess** — that authorizes an app to use users’ data without ever revealing the data itself
+- **revokeAllAccess** — that revokes all apps' access to users’ data
+- **revokeOneAccess** — that revokes an app's access to users’ data
+- **fetchProtectedData** — that retrieves data protected by DataProtector
+- **fetchGrantedAccess** — that provides the list of authorization with associated apps and users to use existing protected data
 
 <div align="center">
 
-**[Stable channel v1](https://iex.ec/)**
-
 [![npm](https://img.shields.io/npm/v/@iexec/dataprotector)](https://www.npmjs.com/package/@iexec/dataprotector) [![license](https://img.shields.io/badge/license-Apache%202-blue)](/LICENSE)
 
 </div>
 
 ## Installation
 
-### DataProtector
-
 DataProtector is available as an [npm package](https://www.npmjs.com/package/@iexec/dataprotector).
 
 **npm:**
@@ -47,13 +44,31 @@ yarn add @iexec/dataprotector
 
 ## Get started
 
-[//]: # 'Add initialize code for getting started to use SDK'
+### Browser
 
-## Documentation
+```ts
+import { IExecDataProtector } from '@iexec/dataprotector';
+
+const web3Provider = window.ethereum;
+const dataProtector = new IExecDataProtector(web3Provider);
+```
+
+### NodeJS
 
-[//]: # 'Add link to documentation gitbook when published'
+```ts
+import { IExecDataProtector, getWeb3Provider } from '@iexec/dataprotector';
+
+const { PRIVATE_KEY } = process.env;
+
+const web3Provider = getWeb3Provider(PRIVATE_KEY);
+const dataProtector = new IExecDataProtector(web3Provider);
+```
+
+## Documentation
 
-- [DataProtector](#documentation)
+- [DataProtector documentation](https://tools.docs.iex.ec/tools/dataprotector)
+- [DataProtector technical design](./technical-design/index.md)
+- [iExec Protocol documentation](https://protocol.docs.iex.ec)
 
 ## License
 

diff --git a/technical-design/index.md b/technical-design/index.md
@@ -0,0 +1,12 @@
+# DataProtector technical design
+
+## Sequence diagrams
+
+- [protectData](./uml/sequence-protectData.md)
+- [grantAccess](./uml/sequence-grantAccess.md)
+- [revokeAllAccess](./uml/sequence-revokeAllAccess.md)
+- [revokeOneAccess](./uml/sequence-revokeOneAccess.md)
+- [fetchProtectedData](./uml/sequence-fetchProtectedData.md)
+- [fetchGrantedAccess](./uml/sequence-fetchGrantedAccess.md)
+
+[<-- back home](../README.md)
diff --git a/technical-design/uml/sequence-fetchGrantedAccess.md b/technical-design/uml/sequence-fetchGrantedAccess.md
@@ -0,0 +1,32 @@
+# fetchGrantedAccess
+
+```mermaid
+
+sequenceDiagram
+    title fetchGrantedAccess
+
+    box Client environment
+        actor User
+        participant SDK as @iexec/dataprotector
+    end
+    box iExec Protocol
+        participant POCO as PoCo SC
+        participant Market as Marketplace API
+    end
+
+    Market --) POCO : observe and clear revoked orders
+
+    User -) SDK: fetchGrantedAccess<br>(protectedData,<br>authorizedApp optional filter,<br>authorizedUser optional filter)
+
+    SDK ->> Market: query datasetorders matching filters
+
+    SDK ->> User: array of GrantedAccess
+```
+
+## resources
+
+- **dataset**: iExec's protocol NFT (Non-Fungible Token) providing governance over a confidential data, the dataset is the backbone of a protected data
+- **datasetorder**: iExec's protocol document expressing a subset of governance rules signed by the owner of a dataset, datasetorders are referred as GrantedAccess by DataProtector
+- [iExec protocol documentation](https://protocol.docs.iex.ec)
+
+[<-- back](../index.md)
diff --git a/technical-design/uml/sequence-fetchProtectedData.md b/technical-design/uml/sequence-fetchProtectedData.md
@@ -0,0 +1,24 @@
+# fetchProtectedData
+
+```mermaid
+sequenceDiagram
+    title fetchProtectedData
+
+    box Client environment
+        actor User
+        participant SDK as @iexec/dataprotector
+    end
+
+    participant DPSC as DataProtector SC
+    participant DPSG as DataProtector Subgraph
+
+    DPSG --) DPSC: observe and index new Protected Data
+
+    User -) SDK: fetchProtectedData<br>(owner optional filter,<br>dataSchema optional filter)
+
+    SDK ->> DPSG: query protected data matching filters
+
+    SDK ->> User: array of ProtectedData
+```
+
+[<-- back](../index.md)
diff --git a/technical-design/uml/sequence-grantAccess.md b/technical-design/uml/sequence-grantAccess.md
@@ -0,0 +1,30 @@
+# grantAccess
+
+```mermaid
+sequenceDiagram
+    title grantAccess
+
+    box Client environment
+        actor User
+        participant SDK as @iexec/dataprotector
+    end
+    box iExec Protocol
+        participant Market as Marketplace API
+    end
+
+    User -) SDK: grantAccess<br>(protectedData,<br>authorizedApp,<br>authorizedUser)
+
+    SDK ->> SDK: create a datasetorder
+
+    SDK ->> Market: publish datasetorder
+
+    SDK ->> User: GrantedAccess
+```
+
+## resources
+
+- **dataset**: iExec's protocol NFT (Non-Fungible Token) providing governance over a confidential data, the dataset is the backbone of a protected data
+- **datasetorder**: iExec's protocol document expressing a subset of governance rules signed by the owner of a dataset, datasetorders are referred as GrantedAccess by DataProtector
+- [iExec protocol documentation](https://protocol.docs.iex.ec)
+
+[<-- back](../index.md)
diff --git a/technical-design/uml/sequence-protectData.md b/technical-design/uml/sequence-protectData.md
@@ -0,0 +1,48 @@
+# protectData
+
+```mermaid
+sequenceDiagram
+    title protectData
+
+    box Client environment
+        actor User
+        participant SDK as @iexec/dataprotector
+    end
+    participant IPFS
+    participant DPSC as DataProtector SC
+    participant DPSG as DataProtector Subgraph
+    box iExec Protocol
+        participant DRSC as DatasetRegistry SC
+        participant SMS as Secret Management Service
+    end
+
+    DPSG --) DPSC: observe and index<br>protected data
+
+    User -) SDK: protectData<br>(data, name optional)
+
+    SDK ->> SDK: extract data schema
+
+    SDK ->> SDK: generate encryption key
+
+    SDK ->> SDK: encrypt data
+
+    SDK ->> IPFS: upload encrypted data
+
+    SDK ->> DPSC: createDatasetWithSchema<br>(encrypted data uri, data schema)
+
+    DPSC ->> DRSC: createDataset()
+
+    DPSC -->> DPSG: index protected data
+
+    SDK ->> SMS: push encryption key
+
+    SDK ->> User: ProtectedData and metadata
+```
+
+## resources
+
+- **dataset**: iExec's protocol NFT (Non-Fungible Token) providing governance over a confidential data, the dataset is the backbone of a protected data
+- **datasetorder**: iExec's protocol document expressing a subset of governance rules signed by the owner of a dataset, datasetorders are referred as GrantedAccess by DataProtector
+- [iExec protocol documentation](https://protocol.docs.iex.ec)
+
+[<-- back](../index.md)
diff --git a/technical-design/uml/sequence-revokeAllAccess.md b/technical-design/uml/sequence-revokeAllAccess.md
@@ -0,0 +1,37 @@
+# revokeAllAccess
+
+```mermaid
+sequenceDiagram
+    title revokeAllAccess
+
+    box Client environment
+        actor User
+        participant SDK as @iexec/dataprotector
+    end
+
+    box iExec Protocol
+        participant POCO as PoCo SC
+        participant Market as Marketplace API
+    end
+
+    Market --) POCO : observe and clear revoked orders
+
+    User -) SDK: revokeAllAccess<br>(protectedData,<br>authorizedApp optional filter,<br>authorizedUser optional filter)
+
+    SDK ->> Market: query datasetorders matching filters
+
+    loop For each datasetorder
+        SDK ->> POCO: revoke datasetorder
+        POCO -->> Market: clear order
+    end
+
+    SDK ->> User: array of revoked GrantedAccess
+```
+
+## resources
+
+- **dataset**: iExec's protocol NFT (Non-Fungible Token) providing governance over a confidential data, the dataset is the backbone of a protected data
+- **datasetorder**: iExec's protocol document expressing a subset of governance rules signed by the owner of a dataset, datasetorders are referred as GrantedAccess by DataProtector
+- [iExec protocol documentation](https://protocol.docs.iex.ec)
+
+[<-- back](../index.md)
diff --git a/technical-design/uml/sequence-revokeOneAccess.md b/technical-design/uml/sequence-revokeOneAccess.md
@@ -0,0 +1,34 @@
+# revokeOneAccess
+
+```mermaid
+sequenceDiagram
+    title revokeOneAccess
+
+    box Client environment
+        actor User
+        participant SDK as @iexec/dataprotector
+    end
+
+    box iExec Protocol
+        participant POCO as PoCo SC
+        participant Market as Marketplace API
+    end
+
+    Market --) POCO : observe and clear revoked orders
+
+    User -) SDK: revokeOneAccess(grantedAccess)
+
+    SDK ->> POCO: revoke datasetorder
+
+    POCO -->> Market: clear order
+
+    SDK ->> User: revoked GrantedAccess
+```
+
+## resources
+
+- **dataset**: iExec's protocol NFT (Non-Fungible Token) providing governance over a confidential data, the dataset is the backbone of a protected data
+- **datasetorder**: iExec's protocol document expressing a subset of governance rules signed by the owner of a dataset, datasetorders are referred as GrantedAccess by DataProtector
+- [iExec protocol documentation](https://protocol.docs.iex.ec)
+
+[<-- back](../index.md)