menu
Spheres of Influence
Containerized Zero Trust Security
Spheres of Influence are patented security protocols that give end users full control of their content, data and experiences
XRDNA models the real-world contexts where people work into three Spheres of Influence—Private, Social, and Public—and applies SoI-specific Zero Trust guardrails to identities, devices, apps, and data.
Zero Trust by contextData-first controlsContinuous verificationHuman-in-the-loop
Overview
Three SoI, one unified policy fabric
Each SoI defines who can do what, from where, and with which data. Controls are enforced continuously and adapt to risk signals in real time.
Private SoI
Zero TrustLeast PrivilegeContinuous Verify
For confidential work—source code, strategic docs, customer PII. Strict verification, least-privilege access, and strong data loss prevention.
- Strong identity: passkeys + risk-based step-up
- Managed, healthy device posture required
- App allowlist with per-action authorization
- Confidential data tagged & exfil guarded
Social SoI
Zero TrustLeast PrivilegeContinuous Verify
For collaboration—partners, contractors, and cross-org work. Flexible access with scoped data sharing and watermarking.
- Verified guest identity & session isolation
- Partial device trust via client attestation
- Time-boxed permissions & share-scoped links
- Content labeling, watermarking, and revocation
Public SoI
Zero TrustLeast PrivilegeContinuous Verify
For public interactions—marketing sites, communities, docs. Open by default with abuse prevention and privacy-respecting analytics.
- Anonymous or pseudonymous access
- Rate-limit, bot/abuse detection, threat intel
- Data minimization & consent-based tracking
- Safe publication pipelines with approvals
Proximity‑based context layers that govern
“who can see/do what”
SoIs are dynamic zones—Public / Social / Private (and custom)—that adapt to role, location, device posture, and time. Crossing a boundary can reveal panels, elevate privileges, launch workflows, or quarantine content.
Automatic inheritance: Humans and AI agents inherit SoI policies
Zero‑Trust by default: Content travels inside containerized panels bound to SoI rules
UX that tracks reality: MoE shows only what’s appropriate for the moment, role, and place
Public
Social
Private
How It Appears in MoE (UI)
Common Operating Picture: eVa‑addressed assets and SoIs render as live layers
Tactile Panels: Entering an SoI reveals Nested Media Panels—data libraries, visual assets, 3D objects, MCP feeds—already scoped to policy
One‑tap tasks: NV executes commands and updates the registry
+
Protocol
Private SoI — Zero Trust Protocol
Default deny. Verify explicitly. Limit blast radius. Protect sensitive data by design.
Scope
Employees & high-trust service accounts handling confidential or regulated data (e.g., source code, customer PII, financials).
Trust assumptions
No implicit trust. Every request is authenticated, authorized, and inspected.
Identity
- Primary: Passkeys / WebAuthn with phishing-resistant MFA fallback.
- Adaptive policies: impossible travel, session anomaly, user risk score.
- Just-in-time elevation with approval trails.
Device posture
- Managed devices only; posture: disk encryption, EDR healthy, OS up-to-date.
- Per-action checks via device certificates & attestation.
Context & risk
- Network: TLS mutual auth; private egress with CASB inspection.
- Location & time-based risk; sandbox high-risk sessions.
Access controls
- Policy-as-code for app routes, API scopes, and dataset columns.
- DLP: redact, encrypt-in-use, prevent copy/download/print as needed.
- Per-record access via ABAC (role, project, data sensitivity).
Telemetry & monitoring
- Full audit trails; immutable logs shipped to SIEM.
- User/session risk scored continuously; auto-session lock on spikes.
Data handling
- Field-level encryption, HSM-backed keys; envelope encryption at rest.
- Confidential compute for model inference on sensitive data.
Automation & response
- SOAR playbooks: token revocation, credential reset, quarantine device.
- Approval workflows for privileged access requests.
Phishing-resistant auth
Passkeys with hardware-backed keys and attestation; fallback to TOTP only with step-up and risk gates.
Strong identity proofing
Periodic re-proofing for sensitive roles using verified identity providers.
Exfil controls
Clipboard, download, and print controls with on-demand redaction for protected artifacts.
Protocol
Public SoI — Zero Trust Protocol
Open by default, safe by design. Protect against abuse while respecting privacy.
Scope
Any user on the internet interacting with public-facing properties (marketing sites, docs, community portals).
Trust assumptions
No identity required; treat traffic as untrusted and potentially hostile.
Identity
- Anonymous or pseudonymous access; optional social login for community features.
- Progressive profiling with explicit consent.
Device posture
- Assume unknown devices; instrument only at the edge and client with privacy controls.
Context & risk
- CDN WAF, DDoS protections, bot detection, and threat intel enrichment.
- Rate limiting, content moderation, and abuse heuristics.
Access controls
- Publish pipeline with approvals, scans, and provenance (SBOM, checksums).
- Read-only by default; gated write actions with CAPTCHA/step-up.
Telemetry & monitoring
- Edge telemetry; anomaly detection for spikes, scraping, and credential stuffing.
- Privacy-respecting analytics with aggregation/retention controls.
Data handling
- Minimize collection; honor Do Not Track and regional consent signals.
- Public data provenance & integrity verification.
Automation & response
- Automated takedown for defacement; rate-limit escalations; community moderation queues.
Abuse prevention
Threat-aware edge with bot management, WAF rules, and anomaly detection.
Secure publishing
Content passes security scans and provenance checks before going live.
Privacy by default
Consent-first telemetry and data minimization built in.
Reference
Compare SoI controls at a glance
A quick reference for teams to select the right SoI for a given workload.
| Control | Private | Social | Public |
|---|---|---|---|
| Identity | Passkeys + step-up; re-proofing | Federated SSO; time-boxed | Anonymous or optional social login |
| Device | Managed & healthy required | Browser isolation / light attestation | Unknown; treat as untrusted |
| Network | mTLS, private egress, CASB | Segmentation per tenant | CDN + WAF + DDoS |
| Data | Field-level encryption, strict DLP | Mask on share; watermark | Minimize collection; consent |
| Monitoring | Full audit, SIEM, UEBA | Tenant logs, session replay | Edge telemetry & abuse heuristics |
FAQ
Common questions
Quick answers for security, IT, and product teams rolling out SoI.
How do we decide which SoI to use?
Choose based on data sensitivity, participant trust, and device posture. If any factor is high risk, default to the stricter SoI and scope down access.
Can resources move between SoI?
Yes. Content carries labels and policies; moving to a different SoI updates controls automatically via policy-as-code.
What about AI/LLM usage?
Private: use approved, confidential-compute-backed models with strict DLP. Social: mask sensitive fields before prompts. Public: remove PII and apply rate limits.
How do we onboard?
Start with the Public and Social baselines, then roll out Private for high-sensitivity workloads. Use our reference architecture and SOAR playbooks.
Get started
Implement SoI Zero Trust with XRDNA
Deploy guardrails that follow your users and data across Private, Social, and Public spheres. Start with a threat-informed baseline and tailor policy per SoI.
XRDNA, MoE, Map of Everything, eVa, Sphere of Influence, and Neural Voyager are all registered trademarks for XRDNA Inc
2025 XRDNA, Inc. All Rights Reserved.
2025 XRDNA, Inc. All Rights Reserved.
Protocol
Social SoI — Zero Trust Protocol
Trusted collaboration with clear boundaries. Verify participants, isolate sessions, and scope data sharing.
Scope
Trust assumptions
Identity
Device posture
Context & risk
Access controls
Telemetry & monitoring
Data handling
Automation & response
Session isolation
Scoped collaboration
Watermark & label