What is Cozy?

Cozy is a personal server hosting applications that allow collect and manipulate all your personal data.

Depending on your point of view, Cozy can be seen as :

  1. A place to keep your personal data
  2. A core API to handle the data
  3. Your web apps, and also the mobile & desktop clients
  4. A coherent User Experience.

The whole platform is designed around 3 key values : Simple, Versatile, Yours.

These values have a lot of meaning for Cozy in all aspects. From an architectural point of view, they are declined like this:

Architecture overview

Several layers can be distinguished. From inside to outside:

Architecture

The server (Cozy-stack)

The server consist of a single process. We call it the Cozy stack. It provides services through a REST API that allow to:

The server also allow to access the database replication API, allowing to sync documents between the server and local databases, for example in mobile clients.

Two authentication methods are available:

The server is in charge of serving the Web applications users have installed from the application store.

The database

CouchDB is a document database. Everything, from user data to server settings, is stored inside typed documents, identified by an unique id.

Two request methods are allowed: map-reduce or Mango, a specific query language.

Every document has a doctype, and we keep an index of the definition of every doctype.

Binary data are stored outside the database. Depending on the server configuration, they may be stored on a file system or a dedicated object storage like swift.

The datasystem layer inside the Cozy stack is in charge of controlling access rights on documents and binaries. It allows fine gained access control, on a whole doctype or on a set of documents.

The applications

There are two kind of applications:

The server provides services to applications:

Application store

An application registry lists every available applications, and their characteristics. Each application can:

Application isolation

Each application uses its own sub-domain, so it gets sandboxed inside the browser: other application are not able to steal its access token or access its data.

We use Content Security Policy to control what the application is allowed to do. For example, Web applications running inside Cozy are not allowed to send requests to other websites. This allows a strict control over applications, preventing them to leak your data.

Further reading