Clarification on replacement of Zones about acra HOT 2 CLOSED

We are glad to hear that you found Acra interesting and useful for you)
Your understanding is correct. Zones existed to compartmentalize data access cryptographically. They and ClientID were used to specify keys related to data. ClientID derived from the mutually authenticated connections, got from CLI flag --client_id, or specified in encryptor_config for transparent encryption. But ZoneID should have been specified as SQL value preceding encrypted data in the SQL query or statically in encryptor_config. The first option was too complicated for applications and the second works similarly for ClientID. So, we removed it to simplify usage and understanding.

As you found , AcraEnterprise supports specifying ClientID during the db session as SQL statement for all next queries until changed to another. And it allows switching between owners of users in the same db connection. It is much easier for most of applications than connect with another credentials to the acra+database on every owner change or compile the correct SQL query to specify the proper ZoneID.

So yes, open source version of Acra supports switching between data owners by specifying different ClientID from TLS certificates, static CLI option, or static option in the encryptor_config. And AcraEnteprise provides one extra option to specify ClientID by SQL query.

from acra.

We are glad to hear that you found Acra interesting and useful for you) Your understanding is correct. Zones existed to compartmentalize data access cryptographically. They and ClientID were used to specify keys related to data. ClientID derived from the mutually authenticated connections, got from CLI flag --client_id, or specified in encryptor_config for transparent encryption. But ZoneID should have been specified as SQL value preceding encrypted data in the SQL query or statically in encryptor_config. The first option was too complicated for applications and the second works similarly for ClientID. So, we removed it to simplify usage and understanding.

As you found , AcraEnterprise supports specifying ClientID during the db session as SQL statement for all next queries until changed to another. And it allows switching between owners of users in the same db connection. It is much easier for most of applications than connect with another credentials to the acra+database on every owner change or compile the correct SQL query to specify the proper ZoneID.

So yes, open source version of Acra supports switching between data owners by specifying different ClientID from TLS certificates, static CLI option, or static option in the encryptor_config. And AcraEnteprise provides one extra option to specify ClientID by SQL query.

Thanks a lot @Lagovas for your prompt reply

from acra.