From SAFE Network Wiki
Jump to: navigation, search

Note: This glossary has been compiled as an aid to a general beginning to intermediate understanding of the SAFE Network. Care is being taken to make the definitions accessible to a broad range of readers, while attempting to be as technically accurate as possible within that purpose. Therefore, many of the definitions may not contain all data necessary to a detailed technical understanding of all aspects of the network. Network documentation and exhaustive treatments of all it’s aspects will be coming in due course, but much can be gained from a thorough study of the SAFE Network Wiki, and of the Whitepapers. Also, additional information is available in the MaidSafe GitHub repository. Also, SAFE Network from First Principles on Youtube is a very useful series of lecture.

This is a work in progress, so please feel free to submit suggestions for words to be added to this glossary, as well as proposed definitions, revisions, clarifications, etc., to the glossary editor at

Bold text within a definition indicates a term or phrase which is defined as a separate entry in the glossary.

A B C D E F G H  I  J K L M N O P Q R S T U V W X Y Z


1. Account (with initial capitalization) see User Account
2. account - (regarding Vault function and management) the full state of all data relevant to the responsibilities of a Vault persona at any particular moment. For instance, for a DataManager this is an accounting of all the chunks that it is responsible to see are being held securely by the nodes that are actually storing the chunks. For a ClientManager this is an account containing all data necessary to maintain and manage the End Users’ Client Accounts for which it is responsible. (see also account transfer)
account transfer
in churn events, this is the process of redistributing account data amongst affected Vault personas to accommodate their new arrangements and responsibilities. (See account, definition 2)
(mathematics and computer science) a self-contained step-by-step set of operations to be performed. Algorithms exist that perform calculation, data processing, automated reasoning, encryption, etc. --Wikipedia
ANT (Autonomous Network Technology)
network technology that is able to self manage, store and manipulate all network data and communications in a manner that requires no human intervention. Also known as "Ant Tech". This is a marketing term (as opposed to a technical one) used to invoke the concept of emergent intelligence demonstrated in natural systems such as an ant colony.
API (Application Program[ming] Interface)
a language and message format used by an application program to communicate with the operating system or some other control program such as a database management system (DBMS) or communications protocol.
app (short for application)
a small specialized program for executing specialized functions. On the SAFE Network, the term refers to such a program that runs on top of and interfaces with the network to accomplish specific tasks or features.
App Builder
a programmer who develops applications (apps) that run on top of the core functions of the SAFE Network. An App Builder is rewarded with safecoins by the SAFE Network in proportion to the amount the app is used to interface with the network. Also called an App Developer. (compare Core Developer)
App Developer
see App Builder
atomic (in reference to safecoins)
Each safecoin has a unique, unchanging network ID. The transfer of safecoins is managed at an “atomic” level in that the network transfers the ownership of each individual safecoin, rather than a block of them, though to the User the transfer of multiple safecoins at once will appear to be a single transaction.
Autonomous Network Technology
see ANT


the basic unit of information in computing and digital communications. A bit can have only one of two values, and may therefore be physically implemented with a two-state device. These values are most commonly represented as either a 0 or 1. --Wikipedia
bitwise operation
In digital computer programming, a bitwise operation operates on one or more bit patterns or binary numerals at the level of their individual bits. It is a fast, primitive action directly supported by the processor, and is used to manipulate values for comparisons and calculations. --Wikipedia
see App Builder


the shift and readjustment of relationships between Vaults, due to machines coming online and going offline frequently and without notice. On the SAFE Network, this is a situation that favours a quickly reconfiguring network, increasing data redundancy and security.
an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure. --Wikipedia
(cryptography) the result of encryption performed on plaintext using an algorithm, called a cipher.  Ciphertext is also known as encrypted or encoded information because it contains a form of the original plaintext that is unreadable by a human or computer without the proper cipher to decrypt it. --Wikipedia
  1. (capitalized) - the program that an End User uses to log into and access the SAFE Network to view data, store data, send and receive messages, send and receive safecoins, etc.
  2. (capitalized) - Since the Client program is idle except when being used by an End User, the term is also used generally to refer to the End User’s activities through the Client software, regardless of which machine the End User might be using, rather than to the software itself.
  3. (capitalized) - a network-connected device running the Client software. This is also referred to as a Client node.
  4. (lower case) - the receiving end of a service or the requestor of a service in a client/server model type of system. The client is most often located on another system or computer, which can be accessed via a network. This term was first used for devices that could not run their own programs, but were connected via a network to remote computers that could run the programs. These were called dumb terminals and they were served by time-sharing mainframe computers.
Client Account
(see User Account)
Client Manager
one of the group of nodes with network addresses closest to the ID of the Client which monitor and execute the Client’s interactions with the network.
client/server model
In the real world, businesses have clients. In the computer world, servers have clients. The "client-server" architecture is common in both local and wide area networks. For example, if an office has a server that stores the company's database on it, the other computers in the office that can access the database are "clients" of the server.
On a larger scale, when you access your e-mail from a mail server on the Internet, your computer acts as the client that connects to the mail server. The term "client software" is used to refer to the software that acts as the interface between the client computer and the server. For example, if you use Microsoft Outlook to check your e-mail, Outlook is your "e-mail client software" that allows you to send and receive messages from the server.
close group
a number of nodes closest to an addressable identity (node or other network addressable element [NAE]) on the network. In XOR space this can be only one group because, due to the nature of XOR, no two nodes can have an equal mathematical "closeness" to any specific point, so it is a very exact process to identify the close group at any moment. (see also consensus group)
consensus group
a quorum number (3 of 4, 28 of 32, etc., depending on the specific requirement) of close nodes to an identity (i.e., Vault address, Client ID, data address, safecoin address, etc.) that can deduce and request actions, based on the thing they are close to (e.g., Client Managers are close to a Client so have authority over that Client to ensure that it follows the rules and acts as expected).
Core Developer (Core Dev)
anyone who contributes tested code to the SAFE software libraries. These libraries are the core libraries that create the network, including Client-access APIs.
general name for a Rust software library. A crate may be published on a server like for ease of access.
Crust (short for Connected Rust)
a software library (crate) for establishing and maintaining reliable peer-to-peer network connections across a wide variety of network conditions and protocols. It is written in the Rust programming language. Crust replaced the CRUX connection library which was written in C++ code. (For more detailed information see


data atlas
the “topmost” data map which allows access to all the other data in the User’s account. It has also been called a session packet, but for all practical purposes IS the User Account (Client Account). It is encrypted with the User’s account credentials and stored on the network, to be decrypted when the User logs on to the network, giving the User access to all User Account data, such as assorted IDs, encryption keys of various types, safecoin wallet, etc., and gives access to the User’s Virtual File System (VFS).
1. a basic transfer unit associated with a packet-switched network. The delivery, arrival time, and order of arrival need not be guaranteed by the network. --Wikipedia
2. A datagram is a unit of transfer associated with networking. A datagram has the following characteristics:
  • Data is transmitted from source to destination without guarantee of delivery
  • Data is frequently divided into smaller pieces and transmitted without a defined route or guaranteed order of delivery
data packet
a unit of data made into a single package that travels along a given network path. Data packets are used in Internet Protocol (IP) transmissions for data that navigates the Web, and in other kinds of networks.
data structure
(computer science) a particular way of organizing data in a computer system so that it can be retrieved and used efficiently, whether in memory, on a local device (e.g., hard disk) or spread over a network.
1. a basic transfer unit associated with a packet-switched network. The delivery, arrival time, and order of arrival need not be guaranteed by the network. --Wikipedia
2. A datagram is a unit of transfer associated with networking. A datagram has the following characteristics:
  • Data is transmitted from source to destination without guarantee of delivery
  • Data is frequently divided into smaller pieces and transmitted without a defined route or guaranteed order of delivery
another name for PmidNode.
another name for PmidManager.
DataManager (persona)
a type of a NAEManager (see in this glossary) that is responsible for data which has a name (i.e., address) "close" to the DataManager’s address. It assigns which PmidNodes (DataHolders) will hold the data it is responsible for and monitors to ensure that they store it reliably. Note that the DataManager oversees data stored on different PmidNodes, and is different from the PmidManager (DataHolderManager) which monitors the overall actions of a particular PmidNode (DataHolder).
data map
the record, retained within a User Account, which contains all the data necessary to decrypt a User’s file which has been stored on the SAFE Network. It is basically a decryption key specifically for that exact file. The data map contains the network address locations of each chunk that makes up the file, and so is used when retrieving and decoding the User's data, as the encryption process is non-reversible. (see also self-encryption)
a term referring generally to elimination of duplicate or redundant information. Data deduplication is any technique which reduces the number of copies of a file or other piece of data to a minimal number, consistent with reliable retrieval of the data. On the SAFE Network, data deduplication is automatic due to the manner in which data is stored, and is predicted to save up to 95% of network storage space.
distributed hash table (DHT)
a class of decentralized distributed system that provides a lookup service similar to a hash table. Key-value pairs are stored in a DHT, and any participating node can efficiently retrieve the value associated with a given key. The network nodes hold overlapping copies of parts of the data structure, allowing them to frequently become unavailable without affecting the data structure. This allows a DHT to scale to extremely large numbers of nodes and to handle continual node arrivals, departures and failures.
distributed system
a software system in which components located on networked computers communicate and coordinate their actions by passing messages. The components interact with each other in order to achieve a common goal.


End User
a human who is using the network to store and retrieve data, send and retrieve communications, transfer safecoins, or access any other network services. This term is used to describe someone in the role of consuming the services of the network as opposed to someone (even the same person) fulfilling the role of providing network resources or services (i.e., Farmer, Core Developer or App Builder).
the process of encoding messages or information in such a way that only authorized parties can read it. --Wikipedia
exclusive "or"
see XOR


a person in the role of providing network infrastructure by running a Vault on the SAFE Network and “farming” safecoins in exchange.
farming rate
a mechanism to allow the network to balance supply and demand of the network capabilities. This includes primarily storage, but takes into account bandwidth, cpu and any other resources involved in the management of network data. To achieve this the network requires to know when there is too much, just enough or too little resources. --safecoin_farming_rate/github
A physical firewall is a wall made of brick, steel, or other inflammable material that prevents the spread of a fire in a building. In computing, a firewall serves a similar purpose. It acts as a barrier between a trusted system or network and outside connections, such as the Internet. However, a computer firewall is more of a filter than a wall, allowing trusted data to flow through it.
flow control
a method of managing data motion to a device (such as a computer or router) so that it does not overwhelm the device or channel, resulting in data loss or other failure.


at a programmatic level, the action of retrieving a piece of data which had previously been stored on the network. This is part of the API of the routing layer itself and is used by Client libraries to translate User actions to browse something on the network.
GET Response
a network-level message replying to a GET Request with the requested data. Note that there is no failure message if the data is not found. Asking for data not on network is considered a violation of the network and a node may be disconnected for doing so. This is at the core level, where every request should be for existing data (item from data map or structured [owned] data and never a guess). This prevents "range based searches" which could otherwise try determine what data or accounts, etc., exist.


a value arrived at by running digital data through a hash function. (See hash function below for more data.) A hash could be referred to as a digital fingerprint, in that a slight change in the data to which the hash function is applied will result in a very different hash value. On the SAFE Network, hashes are used in various ways, including in the self-encryption process and as network storage addresses for the data used to create the hash.
hash function
a mathematical function that can be used to map digital data of arbitrary size to digital data of fixed size. The values returned by a hash function are called hash values, hash codes, hash sums, or simply hashes
hash table
(also called hash map) one kind of data structure that can map keys to values.
hole punching
In computer networking, hole punching is a technique for establishing a direct connection between two parties in which one or both are behind restrictive firewalls, or behind routers that use network address translation (NAT). To "punch" a hole, each client connects to an unrestricted third-party server that temporarily stores external and internal address and port information for each client. The server then relays each client's information to the other one, and using that information both clients try to establish a connection between themselves; as a result of the connections using valid port numbers, restrictive firewalls or routers accept and forward the incoming packets on each side. (--Wikipedia) Hole punching is one specialization of NAT traversal, used when necessary.
a computer, a device or a program that is dedicated to managing network resources. Servers are often referred to as dedicated because they carry out hardly any other tasks apart from their server tasks. There are a number of categories of servers, including print servers, file servers, network servers and database servers. In theory, whenever computers share resources with client machines they are considered servers.


immutable data
(also referred to as non-structured data) data which is stored in an unalterable form. On the SAFE Network, most data are represented as immutable data. The integrity of the contents of an immutable data item can be verified by checking the hash of content to be the address on the network where data is stored. (compare structured data)
stands for Internet Protocol. It provides a standard set of rules for sending and receiving data through the Internet. (see also TCP/IP)
IP address
a numerical code used to identify a particular computer on the Internet. Every computer connecting directly to the Internet requires a unique IP address. IP addresses consist of four sets of numbers from 0 to 255, separated by three dots. For example "" or "".


1. (cryptography) a string of bits used by a cryptographic algorithm to transform plaintext into ciphertext or vice versa. This key remains private and ensures secure communication.
2. (in data management systems) a data element which allows one to find an associated data value by using a database index, hash table or a memory location.
key derivation function
a key derivation function (KDF) derives one or more secret keys from a secret value such as a master key, a password, or a passphrase using a pseudo-random function.
key-value pair
an item of data that is identified by an arbitrary name. The key is the name, and the value is the content.


MAID (MaidSafe Anonymous ID)
a Client identity used to manipulate non-structured (immutable) data, rather than the User’s public ID. A Client can have only one of these. (see also MaidAccount)
a reserve-storage-capacity account balance held for a Client by its close group. The balance on this account is reduced proportionally with each PUT. It has a separate ID from (and so is not linked to) the User Account and is used only to PUT data.
MaidClient (persona)
one of the group of close-node personas storing a MaidAccount on behalf of a Client. MaidClients are managed by MaidManagers. Also called StorageClient.
MaidManager (persona)
one of the group of close-node personas managing a MaidAccount on behalf of a Client. The Client must make a request to this group to allow it to PUT (store) data to the network. Also called StorageClientManager.
MPID (Maidsafe Public ID)
the Client identity to allow public ID's (public network names, such as a person’s name or nickname) to communicate securely. A Client can have many of these.
MpidManager (persona)
one of the group that looked after public name and public shares/drive for public Clients.
MSID (Maidsafe Share ID)
The Client identity to manager groups of MPID's to privately share data (structured and non-structured). A Client can have many of these. This type of identity has no NAE holder for security purposes.


abbreviation for network addressable element.
NAE Manager
a fundamental class of persona types, describing a group close to a network addressable element. A DataManager is one of this type of persona.
NAT (Network Address Translation)
a method of connecting multiple computers to the Internet (or any other IP network) using one IP address. NAT breaks the principle of end-to-end connectivity originally envisioned in the design of the Internet, but has become necessary due to the scarcity of network addresses under the original addressing system (Internet Protocol version 4 - IPV4). IPV6 is a later system with sufficient addresses, but it has not been universally adopted. NAT traversal techniques are required for certain client-to-client network applications, such as peer-to-peer file sharing and Voice over IP (or, in this case, SAFE Network traffic).
NAT traversal
a computer networking methodology with the goal to establish and maintain Internet protocol (IP) connections across gateways (e.g., routers) that implement network address translation (NAT). Though it is sometimes required for this to be done manually, the process can be automated to a great degree with things like hole punching (see).
network addressable element (NAE)
anything addressable on the network, either directly (active Vault or Client interface to the network), or indirectly as data types (file chunks, various Client ID types, etc.).
Network Addressable Node
a network node that will be part of routing and consensus, etc.
network average
the average amount of data stored by individual Vaults on the SAFE Network. Because of the random way in which network addresses for data are created, data is stored in a rather uniform way across the network address range.

NFS (Network File System)

in the SAFE Network, NFS is the network function which allows a Client to access a collection of files stored over the SAFE Network at large. (compare VFS in this glossary). Outside the SAFE Network, the term has long referred to an open standard, distributed file system protocol originally developed by Sun Microsystems in 1984, which allows a similar experience over traditional networks.
the REST API which allows Client interface with the SAFE Network File System. (see REST, API and NFS in this glossary)
a network-connected device, or specific software process on that device, which sends and receives communications on the network. If the network has accepted it as a valuable resource, contributing to the network structure, it will be rewarded. Farmers maintain nodes in this sense. A Vault is commonly referred to simply as a node. Any other node connection is a Client node, or simply a Client. (see Vault and Client in this glossary)
Node Manager
a class of persona which manage Vault functions of specific nodes. PmidManagers are examples of this class of persona. The Node Manager group will be the group closest to the address of such a single node. These Managers can disconnect the node if it behaves poorly or breaks network rules. These also are involved in safecoin farm attempts and will be consulted on such attempts by other parts of the network in the creation of a safecoin for that node.
non-predictive. Referring to the inability to objectively predict an outcome or result of a process due to lack of knowledge of a cause and effect relationship or the inability to know initial conditions.
non-structured data
(see immutable data)


opportunistic caching
when a data chunk has been requested from the network, the request is passed along through various nodes, closer and closer to the network address of the chunk. At each hop, each node checks if it holds the chunk in its cache or on its disk. If it has the chunk it passes it back through a series of nodes on the way to its requester. As the chunk makes this return journey, each node along the way adds a copy of the chunk to the “top” of its cache before passing it on. As other chunks are passed through that node, they are added to the top of the cache until the cache is full. When a new chunk is handled and added to the top of the full cache, the first chunk to be received is purged to make room for the latest chunk. By this arrangement, popular chunks exist in cache at more and more locations, allowing the network to “opportunistically” return requests more and more readily out of cached, rather than “stored,” sources. In this way, the network tends to return results faster and faster, the more popular a piece of data is.


the preferred term when referring to someone engaging the SAFE Network when it is not clear which particular roll (End User, Farmer, App Builder or Core Developer) is being referred to. It may not always be appropriate, but generally it is preferred to the term “user,” to avoid confusion.
a small amount of computer data sent over a network. Any time you receive data from the Internet, it comes to your computer in the form of many little packets. Each packet contains the address of its origin and destination, and information that connects it to the related packets being sent. The process of sending and receiving packets is known as packet-switching. Packets from many different locations can be sent on the same lines and be sorted and directed to different routes by various computers along the way. It works a lot like the post office, except billions of packets are transferred each day, and most packets take less than a few seconds to reach their destination.
packet switching
a digital network transmission process in which data is broken into suitably-sized pieces or blocks for fast and efficient transfer via different network devices. When a computer attempts to send a file to another computer, the file is broken into packets so that it can be sent across the network in the most efficient way. These packets are then routed by network devices to the destination.
(Password-Based Key Derivation Function 2) a key derivation function that is part of RSA Laboratories' Public-Key Cryptography Standards series.
persona (also Vault persona)
one of the various “personalities” exhibited by the Vault, each of which has specific responsibilities in relation to network function. Persona fall into one of four categories of types: Client Managers, NAE Managers, Node Managers or Managed Node (see all). The discovery, by David Irvine in early 2015, that persona could be classed in this fashion lead to major simplification of network function, reduction of code base and other ramifications in network function and resilience. (see this post for more data.)
(Personal Identification Number) one of the three unique values a User creates or chooses in order to Self-Authenticate onto the SAFE Network, along with keyword and password.
(cryptography) the information which the sender want to transmit to the receiver(s), and is the normal representation of the data before any action has been taken to hide it.
PMID (Proxy Maidsafe ID)
The Client identity to safely store non-structured data. A Client can have many of these.
PmidManager (persona)
one of the group closest in XOR to the PmidNode, which oversee and can punish (downrank or disconnect) a PmidNode if it misbehaves. (see also DataHolderManager)
PmidNode (persona)
a node that holds data and is monitored and managed by a group of PmidManagers. This allows large data to be directed to nodes the network detects can handle them. Otherwise data would go only to closest nodes, which may not have been on long enough, have enough storage space available, etc., to adequately manage the data. The data a PmidNode holds is monitored separately by relevant DataManagers. If the PmidNode mishandles (loses or corrupts) its data, the DataManagers instruct the PmidManagers to punish (lower the ranking of or disconnect) the PmidNode. (see also PmidManager DataHolder, DataHolderManager and DataManager)
(computer networking) the term port can refer to either physical or virtual connection points.
1. Physical network ports allow connecting cables to computers, routers, modems and other peripheral devices. Several different types of physical ports available on computer network hardware include: ethernet ports, USB ports, serial ports.
2. Virtual ports are part of TCP/IP networking. These ports allow software applications to share hardware resources without interfering with each other. Computers and routers automatically manage network traffic traveling via their virtual ports. Network firewalls additionally provide some control over the flow of traffic on each virtual port for security purposes.
port number
part of the addressing information used to identify the senders and receivers of messages. Port numbers are most commonly used with TCP/IP connections. Home network routers and computer software work with ports and sometimes allow you to configure port number settings. These port numbers allow different applications on the same computer to share network resources simultaneously.
an acronym for Portable Operating System Interface. It is a family of specific standards for maintaining compatibility between operating systems.
Proof of Resource
the value proposition underlying the creation of safecoin. It refers to the process of rewarding resources which have been contributed to the network once they have proven to be useful. For instance, when a data chunk, which has been being stored and tended by a Farmer’s Vault, is requested and promptly provided by the Vault, the network rewards the Vault with the opportunity to earn safecoin. Thus safecoins are only created and rewarded in response for resources which have not only been provided, but have been proven valuable to the network.
When computers communicate with each other, there needs to be a common set of rules and instructions that each computer follows. A specific set of communication rules is called a protocol. Because of the many ways computers can communicate with each other, there are many different protocols -- too many for the average person to remember.
pseudo-random function
(cryptography) one of a family of efficiently-computable functions which are computationally indistinguishable from truly random functions in most applications.
on a programmatic level, the action of storing a piece of data to the network.
PUT Request
a Client originated message requesting to store data on the SAFE Network. Vaults process this function and may return an error, along with the original request, if the action cannot be completed.


the minimum number of votes that a distributed transaction has to obtain in order to be allowed to perform an operation in a distributed system. A quorum-based technique is implemented to enforce consistent operation in a distributed system. --Wikipedia


acronym for REpresentational State Transfer, a software architectural style for building scalable web services. In the SAFE Network, the REST API (see also API in this glossary) allows for lightweight, scalable interface with network functionality
a hardware device that routes data (hence the name) from a local area network (LAN) to another network connection. A router acts like a coin sorting machine, allowing only authorized machines to connect to other computer systems. Most routers also keep log files about the local network activity. --from
routing node
a Vault node which participates in carrying out and managing SAFE Network traffic in XOR space, as differentiated from a Client node, which connects to the network in order to send and receive messages, files, etc., on behalf of the End User but does not participate in routing traffic for the network at large.
the set of network functions (of the SAFE Network Routing Library) which handles the routing of data between XOR-space addresses (nodes and other addressable elements), as opposed to the physical (IP) connections between network hardware (which is handled by the Crust Library).
routing table
a file containing addresses of other routing nodes on the network, of which the node holding the routing table has knowledge. This list ranges from the nodes which are the actual closest nodes in the network, in terms of XOR address distance, to a sampling of more distant nodes.. The closest ones have been verified as the actual closest nodes. (Many calculations depend on this close group in the routing table being accurate.) The rest of the nodes in the table are spread evenly throughout the address space. Communications to nodes outside of the close group are sent to the node in the routing table which has the closest ID to the node to be reached. That node in turn passes the communication on to the node in its own routing table which is closest to the address of the node to be reached. In this manner, the communication can be passed very quickly to its final destination.
(RSA Security LLC, doing business as RSA) an American computer and network security company responsible for much of the encryption technology and standards in use broadly today.
an early version of the connection library which has been replaced by Crust.
system programming language used in all core programming for the SAFE Network. Amongst other features, it is designed so as to disallow many programming errors, especially in the areas related to handling computations across multiple computer cores. It replaced the programming language C++, in which the SAFE Network programming was originally developed.


SAFE Network
a decentralized network of users, communicating through the distributed self-encryption technology created by MaidSafe. SAFE is an acronym for Secure Access For Everyone. A core concept upon which the network technology is built is to provide Privacy, Security and Freedom for all users.
a currency unit created by the network, enabling the transfer of value between End Users, Farmers, App Builders, Core Developers and potentially other actors as the network evolves (i.e., artists, content producers etc.). It will also likely be used by Users to exchange value amongst themselves in exchange for other things, as they see fit.
(cryptography) random bits used as one of the inputs to a key derivation function.
a mechanism that enables users to create accounts on the SAFE Network and log in from any computer without the need or knowledge of third parties.
an automatic and instantaneous process where a file data is split into chunks, encrypted using the data of the file itself, prior to being stored on the SAFE Network. This process takes place within the SAFE Client. A data map of the information necessary to recall and decrypt the file is retained in the User Account. (For a more thorough technical treatment see Security - Self encryption)
a software library which helps ensure security of the network by requiring that all actions taken by a node are done in consensus with groups of other nodes, all of which are monitoring each others’ actions. Because of the shifting nature of relationships between vaults, and thus consensus groups, it is considered infeasible to surround any specific node with a consensus group which would allow the Sentinel to permit Vault actions which violate predicted/honest behaviour. The Sentinel functions are no longer being maintained as a separate library, but have integrated into the Routing library.
a computer that provides data to other computers. It may serve data to systems on a local area network (LAN) or a wide area network (WAN) over the Internet.
Many types of servers exist, including web servers, mail servers, and file servers. Each type runs software specific to the purpose of the server. While server software is specific to the type of server, the hardware is not as important. In fact, a regular desktop computers can be turned into a server by adding the appropriate software. For example, a computer connected to a home network can be designated as a file server, print server, or both.
StorageClient (persona)
see MaidClient.
StorageClientManager (persona)
see MaidManager.
structured data
a data storage and retrieval form which can hold a limited history of data updates. If data needs to be mutated (i.e., altered, as in storing a revised version of a document, etc.), it is represented as structured data. (compare immutable data)

(Session Traversal Utilities for NAT) a lightweight client–server network protocol. Its purpose is to allow an application running on a host to determine whether or not it is located behind a network device that is performing address translation. Because it relies on a server to perform its function, the function is not suitable for the SAFE Network. (see NAT, NAT traversal and hole punching in this glossary)


(Transmission Control Protocol) - a network communication protocol designed to send data packets over the Internet. TCP is a transport layer protocol and is used to create a connection between remote computers by transporting and ensuring the delivery of messages over supporting networks and the Internet.
stands for Transmission Control Protocol/Internet Protocol. These two protocols were developed in the early days of the Internet by the U.S. military. The purpose was to allow computers to communicate over long distance networks. The TCP part has to do with the verifying delivery of the packets. The IP part refers to the moving of data packets between nodes. TCP/IP has since then become the foundation of the Internet. Therefore, TCP/IP software is built into all major operating systems, such as Unix, Windows, and the Mac OS.
Transmission Control Protocol/Internet Protocol (TCP/IP) is the language a computer uses to access the Internet. It consists of a suite of protocols designed to establish a network of networks to provide a host with access to the Internet.
TCP/IP is responsible for full-fledged data connectivity and transmitting the data end-to-end by providing other functions, including addressing, mapping and acknowledgment. TCP/IP contains four layers, which differ slightly from the OSI model.
The technology is so common that you would rarely refer to somebody use the full name. In other words, in common usage the acronym is now the term itself.


(User Datagram Protocol) part of the TCP/IP suite of protocols used for data transferring. UDP is a known as a "stateless" protocol, meaning it doesn't acknowledge that the packets being sent have been received. For this reason, the UDP protocol is typically used for streaming media. While you might see skips in video or hear some fuzz in audio clips, UDP transmission prevents the playback from stopping completely.
(Universal Plug and Play) a set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other's presence on the network and establish functional network services for data sharing, communications, and entertainment. UPnP is intended primarily for residential networks without enterprise-class devices. --Wikipedia
Because it is intended to dynamically connect devices within a local network only, UPnP presents significant challenges for peer-to-peer connections with devices outside the local network where it is operating.
(see End User)
User Account
(also called Client Account or simply Account) the 'state' held by the SAFE Network for a particular human and network entity, containing usage info, messaging post box, login information, safecoin wallet, file decryption data, etc. A typical User will have many associated accounts, but will probably think they have a single account, the one they log into. (see also data atlas)


the data which is stored under a specific key in a hash table or similar data structure.
  1. the software program that connects to the SAFE Network and shares part of the Farmer's disk space (and other resources) with the network. This is like a farmer’s tractor and data being the crops. The Vault software and Client software, together, make up the full software package for the SAFE Network. In this sense the term is used to refer to all of the software libraries on the network side, i.e., Crust, Routing and Vault libraries.
  2. the software library which establishes and controls the various network personas.
VFS (Virtual File System)
the display of files and folders stored by and available to the End User, as viewed in the Client software. It is “virtual” because it has the appearance of a directory for files stored on a local drive, but actually contains only the keys to retrieve and decrypt the files from the SAFE Network. (see also data atlas and data map)


short for exclusive “or”, a mathematical or logic function that acts on binary data. “XORing” one binary number against another, bit-for-bit (see bitwise operation), if the bits are the same (both 1 or both 0) the output is 0. If the bits are different (one or the other contains a 1) the output is 1 (see Figure A below, wherein "^" is used to invoke the XOR function). In the SAFE Network, the properties of the XOR function are used to establish certain relationships between binary network addresses (see XOR space). It is also used in the self-encryption process to further obfuscate encrypted data.
Figure A
XOR distance
(see XOR space)
XOR space
the complete range of all possible SAFE Network addresses, viewed using the XOR function. The XOR function gives this “space” a number of interesting and useful mathematical properties, especially that regarding the mathematical "closeness" relationship between addresses. Because of this property, from the viewpoint of any specific address, no two other addresses can have the same mathematical "closeness," even though they may have the same numerical distance. This property allows a node on the network to always be able to calculate which node or nodes (also data or ID addresses) are "closest" to it in comparison to others. This ability to compute relative closeness is vital in order for nodes to unambiguously form close groups which interact to effect oversight and establish consensus. Bear in mind that XOR space is a mathematical relationship amongst nodes and data with randomly assigned addresses, and therefore has no correlation to physical space or distance. (see also XOR)


zero knowledge proof
(cryptography) a method by which one party (the prover) can prove to another party (the verifier) that a given statement is true, without conveying any information apart from the fact that the statement is indeed true. --Wikipedia