Distributed Application Development Overview
Developing applications on the STRATO Mercata Blockchain network is different than traditional development on a centralized server or even distributed servers. Developers must take into consideration two main concepts when putting their apps on Mercata:
- Application Access and Membership
- Data Privacy and Security
First, we'll discuss the basic differences between standard applications and distributed ones on an architectural level.
What is an App?
An app is simply a collection a software code or services that work together to complete a common goal. This goal may be a larger, abstract purpose that encomposes many smaller subtasks. For example a banking app might have the goal of "allowing customers to manage their finances easier", however the functional application of this goal is allowing customers to view, transfer, or withdraw funds from their account(s).
An application must primarily do two general things to accomplish any type of task - store/persist data relevant to the application, and complete specific actions and logic based on the application data.
In a traditional application's infrastructure, the logic and data of an application are separate - software is written to handle specific application logic on the data at hand, and the application stores and retrieves data from a separate database. This makes the rules for how data is managed in the application loosely coupled with the actual data itself. There is a potential scenario where a bad actor can circumvent the application logic to modify the data.
Just like a traditional app, a Distributed Application (DApp) is an app that has its data and functionality distributed across mutliple computers (servers). In STRATO Mercata, each computer is a node operating on the network. Data and the corresponding logic to manage that data is tightly coupled in the form of smart contracts posted to the blockchain. By virtue of being on the blockchain, smart contracts are distributed to every node on the network that has access to it. Smart contracts contain state (persistent data) and are encoded in a programming language, allowing highly detailed logic to be written directly into the contract, controlling how its own state is updated. In this way the application logic can only ever be modified by the logic directly written into the application. There is no way to circumvent the functionality intended for the application's data.
Since all data is distributed across the application's member's computers , there is no need for creating a whole new protocol for communicating this data between members. This automatically done through the Mercata Network. Once an Distrubuted Application is created on the blockchain, its members can immediately interact and use the app. Similarly, as data is created and modified in the app, those actions are instantly sent out across those that can access the data.
Application Access and Membership
On STRATO Mercata, you can control who can access your application by creating a Private Dapp Realm just for your app. Then add each member that you want to be a part of your application to that realm. Privacy Realms make it possible to keep your application data private just among the parties that you want to see it, but also still allow the application to be distributed and trusted across the blockchain.
Private Dapp Realms are initialized with their own smart contract known as the "Governance Contract", since this contract governs how members are managed in the realm.
Private Dapp Realms must be deployed (created) initially by some singular entity and once it is created, other members can join or be invited to it.
Data Privacy and Security
All data within a Dapp lives within its Private Dapp Realm, meaning only the members of the realm can access it. Application data access can be made even more granular by splitting each piece of into its own private shard within the Dapp Realm. Each shard represents a unique entity/smart contract on the blockchain. This concept is referred to as "Asset Shards" Then the manager of the asset can control who has access to the asset. In this way the application data is kept private only between the parties privy to it, not every member of the Dapp.
Application data is kept secure by encoding strict permissioning and verification logic directly into an Asset's smart contract. This allows us to encode strict rules on how or when asset data fields can be updated. Common security measures include methods like role-based permissioning on certain actions within the app, or ensuring status changes always coincide with a specific asset update.