i am trying to see if there is a way consent can be obtained from two parties before viewing a resource from GAIA storage. The scenario is like this… a user has uploaded a document and a validator has attested the document. Now when another user is trying to access the document, the validator should provide the consent along with the user to grant access. Is this possible to achieve with blockstack?

Hi @luckshas —

This is an example of something I think should be ensured through end-to-end encryption.

You have three parties here:

1. Author
2. Validator
3. Reader

You could have the author upload a document, encrypted with a symmetric key, and signed by the author’s public key. That symmetric key is then encrypted to the validator’s public key.

The validator uses that key to read the document. The validator signs a validation statement with their private key (and encrypt that validation statement).

If a user wishes to read the document and the validation statement, the user needs to obtain (1) a symmetric key to read the document and (2) a symmetric key to read the validation. The author controls (1), and the validator controls (2). A user could make this request to each party, and then the parties (if approved), would encrypt those symmetric keys to the requester.

This scheme would lead to the following files:

${author gaia storage}/document.json
${author gaia storage}/validator-read-key-for-document.json
${author gaia storage}/requester-read-key-for-document.json
${validator gaia storage}/validation-of-document.json
${validator gaia storage}/requester-read-key-for-validation-of-document.json

Now, if the author wanted to ensure that the validator didn’t simply publish the original symmetric key, the author could re-encrypt the document.json file after the validation was written.