This section contains an overview of a user session.
Resources called kueea (uncountable) are special resources, in that these resources have the ability to make changes in the system. Other resources are inanimatable objects, which do not act on their own. For example, an author of a document would be a kueea.
Kueea do not necessarily represent living beings. They may be abstract concepts (like nature) or fictional characters. Organizations also have kueea – their public image. Think of them as masks a human puts on when interacting with others. One may also think of a communication channel.
The term user refers to a physical being (usually a human) which interacts with a system node via its terminal devices, by which the user issues commands to its kueea to do things within the system.
A given user is always the same user. A kueea may represent a user, but it is not the user. The current user of a kueea is a property that may change.
From the point of view of the system, users are out of its scope, they are external to the whole system.
A user resource is a collection of private kueea data. The user resource should be stored on a device one carries with oneself. It could be a pendrive or some other removable storage device. The data should never be stored on a publicly accessible storage medium. It contains information necessary to control a set of kueea.
Kueea are globally unique resources, which must have its public crpytographic data available for all nodes in a given network. In order to be able to control a kueea, the user must provide a node access to the private part of the cryptographic data. The node must be able to cryptographically sign data as the kueea.
When a user wants to use the system, the user interacts with a node’s session manager and points the manager to a user resource. The manager then asks the user to provide information required to access private kueea credentials of kueea mentioned in the user resource. The manager verifies that the public cryptographic data of a chosen kueea matches with the private part provided by the user.
When the data is successfully verified, the manager creates a session. It selects a shell (potentially with user assistance) and asks the user to select the default kueea for the session.
Shells are designed so that users may utilize all of their kueea simultaneously within the same, currently active user session.