concept
How Onli Works
How digital ownership moves in the Onli system — authorization, atomic transfers, and why no copies ever exist.
Onli makes digital ownership possible by ensuring that when something moves from one person to another, the original is destroyed. At no point do two valid copies exist. Here's how.
The Core Mechanic: Atomic Ownership Transfer
Every ownership change in Onli follows a three-step atomic process:
- The source Vault marks the asset as "in motion," changing its state to signal an authorized transfer is underway
- The destination Vault verifies the cryptographic proof and confirms everything is legitimate
- The source Vault permanently destroys its instance of the asset
All three steps succeed together or none of them happen. There is never a moment where two valid copies of the asset exist.
Think of it like handing someone a physical object. When you hand over a book, you no longer have the book. That's exactly what Onli does, digitally.
The Full Flow: What Happens When Something Moves
Here's what actually happens when an ownership change occurs:
- An Appliance (an app built on Onli) sends an AskToMove request
- You receive a notification in Onli You — your personal vault app
- You see the details: what's being requested, by whom, and where it would go
- You explicitly approve or deny the request
- If approved, the Onli One network creates a temporary, direct connection between the two Vaults
- The atomic ownership transfer executes: the source Vault marks the asset in motion, the destination Vault verifies and takes possession, then the source destroys its instance
- The Oracle records that the change happened (without revealing details)
- The connection is destroyed
The entire process takes moments. The network connection exists only for the duration of the move, then vanishes.
You Always Have the Final Say
Nothing moves without your explicit approval. This is a structural rule, not a policy — it's built into the architecture.
When an app wants to move one of your assets, it can only ask. The request comes to you in Onli You, and you decide. If you say no, nothing happens. If you say yes, the move executes.
No app, no administrator, no one in the system can move your assets without your authorization.
Privacy by Default
The Oracle records that ownership changes happened, but not the details. Think of it like a notary who stamps that a transaction occurred without reading the document.
Even the Vault itself is private. The hardware-level security means that not even system administrators can see what's inside your Vault. Your assets, your business.
Ephemeral Connections
Unlike traditional networks where servers are always connected, the Onli One network is ephemeral. Connections only exist when something needs to move. Once the move is complete, the connection disappears.
Think of it like a private tunnel that appears just long enough to hand something through, then vanishes. No persistent network to attack. No central server holding everyone's assets.
What Makes This Different
| Traditional systems | Onli |
|---|---|
| Moving = copying data to a new location | Moving = the object actually moves; source is destroyed |
| A database says who owns what | Possession IS ownership |
| Admins can see and modify everything | Even admins can't see inside Vaults |
| You trust the system to be honest | Trust is architectural, not social |
Learn More
- What Is Onli? — the big picture
- Vault — how possession is enforced
- Onli One — the network where ownership moves