This last month I have been working on WideWord and WideSheet, which are part of my new family of small business web 2.0 apps.
I just realized that I have completely forgotten to write about them here as I do most of my business related blogging nowadays over on StakeVentures.
So what I thought I’d do is try to write about some of the more tech related innovations that I have been doing with the above two apps.
When you create a WideWord document, the server generates two random keys. One is the document key and the other is the access key (or capability). The document key is shared between users of a document and the access key encrypts the document key for a particular user. The access key is sent to the user in an email and presented as part of the url.
What this means is that I as the service provider do not have access to the keys to the document. It also means that a user does not have to enter a password to view or edit a document.
This whole process might instinctively seem scary for people as there is no password anywhere in sight. However as the sight uses SSL as standard and doesn’t log the URL’s I believe it to be much more secure than traditional password protected systems.
If you’re interested I’ve written more about this at: 5 steps to Privacy in WideWord.
I designed my EzCrypto library as an easy to use abstraction on top of OpenSSL for Ruby. Now I would like to create a Java version of it. I think it would be very quick todo, however I would be breaking one of DHH’s rules that he talked about last night. Which is writing a library that I don’t need myself. I do know I will be needing it in the future as I am planning som crypto related applets. Is there any interest in an easy to use Java crypto api on top of JCE?