Ownership
DID-bound tenancy
A DID provisions exactly one tenant, and that binding is immutable.
The owner receives the root capability at creation time.
Collaboration happens through delegation, not account transfer.
Platform features
The building blocks of an owner-controlled data platform.
TurtleShell combines strong ownership rules with flexible infrastructure so teams can ship products on top of user-controlled data instead of another central account silo.
Core model
One DID owns one tenant. Authority stays cryptographic end to end.
The platform is modular about storage and APIs, but strict about sovereignty and isolation.
Capability clusters
Everything on the platform supports the same trust boundary.
Authorization
ZCAP-LD delegation chains
Sub-capabilities can limit paths, record types, operations, lifetimes, and more.
Every invocation is signed by the invoker's verification method.
Revocation is available without abandoning the owner-first model.
Storage
Physically isolated tenant storage
Each tenant gets its own database, bucket, or filesystem partition.
Storage backends are pluggable at deployment time.
Encryption at rest is mandatory, not optional.
Data model
Flexible records with integrity and history
Support JSON, JSON-LD, RDF/Turtle, and binary payloads.
Records are content-addressable and versioned over time.
Collections and queries make the store usable in real applications.
Portability
Replication and migration readiness
CRDT-based sync supports multi-node resilience and eventual consistency.
DID service endpoints help peers discover where a tenant can be reached.
Export and import keep tenants portable across deployments.
Interfaces
Multiple APIs, one authority model
REST is primary, while GraphQL, gRPC, and JSON-RPC serve different integration needs.
SDKs for .NET, TypeScript, and Python simplify signing and transport.
Operators and builders work within the same cryptographic rules.
Application ready
TurtleShell is designed for real product integration, not just architectural purity.
Deployment flexible
Choose the storage profile and operating model that fits your environment while preserving isolation guarantees.
Future portable
Identity, data, and delegated authority are designed to move together instead of locking users in place.