Time of page creation
Time of the last page update

Kueea Network

Kueea Networks are virtual peer-to-peer mesh networks. That said, a network may be composed of only one node.


Each Kueea Network is defined by its policy. It is a data object for a node, not meant to be read by humans.

A node becomes part of a network by following the rules in its policy. Part of the policy is its trust anchor. It is a set of entities whose statements all nodes must treat as true. This policy and trust is what defines a Kueea Network.

Policies are enforced by system software automatically. For example, if the policy says that trolls are not allowed, whenever a user is labelled a troll by others in the network, they will automatically be banned from the network by all of its nodes.

One node may be a peer in multiple Kueea Networks at the same time. Which networks are to be considered is based on who sent a message.

The goal of Kueea System is a state where every node on the Internet agrees to some universal policy, i.e. every node on the Internet is part of one big Kueea Network. This is very difficult, but the authors believe that it is doable.

Broadcast channel

Each network, besides the policy, defines its broadcast channel, which is monitored by every node in the network for incoming messages.

Majority of communication is done via direct communication between nodes, but sometimes there is a need to send a network-wide message to all nodes, for example when advertizing a role intent to the network.


Kueea Nodes may serve a particular role in the network.

A node broadcasts to the network its intent to serve a role. Other nodes, upon receiving the intent, may accept it or not. Incoming connections to a node mean that the role has been accepted, i.e. the service is being accessed by other nodes.

Examples of roles are: value registry, file archive, public cache, etc. Basically, these are nodes that are frequently accessed by others. Most of them are expected to have fast connections and high availability.

A healthy network is one where multiple nodes take the same role, so that if one of them becomes unavailable, there are others remaining; the availability of a service is preserved.

An important part here is that roles are established dynamically and may not require any intervention from a user. Role assignment can be made fully automatic.


Resources in Kueea System are all vertices of a global graph. They are always referenced directly by their identifiers. An identifier is an opaque data object to the system.

Resources are either device-independent, in which case their identifiers are node-agnostic and do not take device or node identifiers into account; or they are device-specific, in which case the node needs to be specified.

Device-specific resources are generally limited to physical devices only.


Kueea System stores files in a graph structure natively.

Files are generally not referenced by name or path. In fact, a file may have no name at all. Files are referenced by describing them with parameters. The system then searches the network for files that match the criteria.

There is a data duplication and management system. It monitors availabily of files and tries to preserve them by maintaining a state where a file is available on more than one node.

Files are assigned a preservation value. More valueable files have a higher priority and are duplicated more often. Networks decide how to assess the value of files.

Access control

Access control in Kueea System is consensus-based. Rights are determined by the policy of a network.

Files always have a public metadata document. This metadata contains access control information among other things. It is always transferred before the data proper, which might be protected.

If data of a file is unavailable locally, the node will look for it on the network. In order to successfully fetch it, the other peer must also agree on the assessment that the requesting entity may access the file.

Peers that requests files without the necessary credentials to said files are mailicious and are to be banned by every node in a network. Malicious peers are eliminated by denying them access to other peers.

The punishment is in that the peer becomes alone, without access to any of the resources offered by the network. If it wishes to regain access to the resources, it must follow the policy. The policy is publicly available for review and inspection. Every banned node must be informed of the rules that it broke.

If a peer does not agree with the rules in the policy, the options left are to establish a new network or look for another. Discussing a policy can only be done while within a network or out-of-band.

A node that does not follow the policy in its network effectively creates another, hidden network with some other policy. In order to become part of this hidden network, one would need to somehow obtain addresses of its hidden nodes. In other words, life is very difficult for such networks. All nodes would also have to put trust in each other for staying hidden. Discovering these nodes exposes the ones that break the rules.