FollowTheMoney
Last updated on 2023-06-12.
Edit this page on GitHub.

Namespacing

Entity ID namespaces are a security mechanism related to the Aleph search index.

Aleph allows the user (via mappings or the API) to create arbitrary entity IDs. Entity IDs that are controlled by the user and not the system are unusual. However, this makes it possible to generate bulk data outside Aleph, and then load entities into the system as a continuous streams.

The problem is that having user controlled entity IDs increases the chance of conflict in the search index. Namespacing works around this by making each entity ID consist of two parts: one controlled by the client, the other controlled by the system. The second part of the ID is called its signature:

entity_id.a40a29300ac6bb79dd2f911e77bbda7a3b502126

The signature is generated as hmac(entity_id, dataset_id). This guarantees that the combined ID is specific to a dataset, without needing an (expensive) index look up of each ID first. It can also be generated on the client or the server without compromising isolation.