Revert "Merge pull request #65 from cryptomator/feature/hub-1.4.0-features"

This reverts commit 8b4f752, reversing
changes made to 2c3d36e.

Author: SailReal

source/hub/user-group-management.rst

@@ -40,36 +40,3 @@ A good step-by-step guide for connecting Microsoft Entra with OpenID Connect can
 
 .. warning::
     Regardless of your choice, your Keycloak instance always contains two local users: ``admin`` and ``syncer``. **Do not edit or delete them!** The first one is for administration tasks and the second one is used to synchronize users and groups between Keycloak and Hub.
-
-
-.. _hub/user-group-management/roles:
-
-Roles
--------------
-
-There are four different roles in Cryptomator Hub:
-
-* **user**: A user can open vaults and manage their own account.
-* **admin**: An admin manages the Keycloak realm, can see the audit log, and can create vaults.
-* **create-vault**: Only users with this role can create vaults. The role is inherited by the `admin` role.
-
-The ``user``, ``admin``, and ``create-vault`` roles are assigned to users or groups via the Keycloak admin console by an existing user with the ``admin`` role.
-
-.. _hub/user-group-management/roles/create-vault:
-
-Create Vault Role
-^^^^^^^^^^^^^^^^^
-
-By default, this role is only assigned to the ``admin`` role. This means that only users with the ``admin`` role can create vaults. If you want to allow other users to create vaults, you can assign the ``create-vault`` role to them directly or via a group.
-
-If you want that all users can create vaults, assigning the ``create-vault`` role as transient role to the ``user`` role. This way, every user will have the ``create-vault`` role as well.
-
-To allow all users vault creation, assign ``create-vault`` as a transient role to the ``user`` role:
-
-1. Open the Keycloak admin console.
-2. Select ``Realm roles``.
-3. Select the ``user`` role.
-4. Select ``Assign role``.
-5. Select the ``create-vault`` role.
-6. Apply with ``Assign``.
-

source/hub/vault-management.rst

@@ -34,9 +34,6 @@ Alternatively, you can also access the list by clicking on the ``Vaults`` tab in
 Create a Vault
 --------------
 
-.. note::
-    Creating vaults require the ``create-vault`` role. :ref:`Here <hub/user-group-management/roles>` you can read more about roles.
-
 To create a vault in Hub, navigate to the vault list and click on the ``Create Vault`` button in the top right corner.
 Every vault has a name and optionally a description.
 Fill out the form and continue the process by clicking the ``Next`` button in the right corner.
@@ -168,46 +165,6 @@ To archive the vault, click on the ``Archive Vault`` button in the :ref:`vault d
 
 You can unarchive it by clicking on the ``Owned by me`` tab in the navigation bar, select the vault and clicking on the ``Reactive Vault`` button.
 
-.. _hub/vault-management/wot:
-
-Web of Trust
-^^^^^^^^^^^^
-
-Cryptomator Hub uses a Web of Trust (WoT) to verify the identity of users during vault sharing.
-
-The WoT state of a user is displayed in the vault details page. The state can be one of the following:
-
-* **Unverified**: There is no turst chain between you and the specific user. Indicated with a red shield. You can change this by verifying the user.
-* **Verified**: There is a trust chain between you and the specific user. Indicated with a green shield. You or a user you trust has verified the user.
-
-To verify ``alice``, click on the red shield icon and select ``Check Idenditiy...``
-
-.. image:: ../img/hub/wot-carol-unverified.png
-    :alt: Carol is unverified regarding its Web of Trust state
-    :width: 920px
-
-While verifiying a user, you need to enter the first characters of the user's public key fingerprint. This fingerprint is displayed in user coresponding user profile page.
-
-.. image:: ../img/hub/wot-carol-verify.png
-    :alt: Verify Alice regarding its Web of Trust state
-    :width: 920px
-
-``alice`` is now verified
-
-.. image:: ../img/hub/wot-carol-verified.png
-    :alt: Alice is verified regarding its Web of Trust state
-    :width: 920px
-
-The verification process is logged in the audit log with event type ``Signed Identity``
-
-.. image:: ../img/hub/wot-audit-log.png
-    :alt: WAudit log
-    :width: 920px
-
-``signature still valid`` means that the ``identiy`` has still the same key. If the user account gets reset after verification, this message changes to ``was valid; signed key changed by now`` and the user needs to get verified again.
-
-You can read more details about Web of Trust in the :ref:`Security section of Hub <security/hub/wot>`.
-
 .. _hub/vault-management/import-vault:
 
 Import a Vault
@@ -219,4 +176,4 @@ For a successful import, the :ref:`recovery key<desktop/password-and-recovery-ke
 The import is done via the Hub vault recovery feature.
 Follow the :ref:`vault online recovery guide <hub/vault-recovery/online-recovery>` and use the recovery key of the password-based vault in the process.
 Don't forget to replace the vault config file ``vault.cryptomator`` at the vault storage location at the end.
-Finally, to ensure that the vault cannot be unlocked with its old password anymore, remove the file ``masterkey.cryptomator`` and all backup files (ending with ``.bkup``).
+Finally, to ensure that the vault cannot be unlocked with its old password anymore, remove the file ``masterkey.cryptomator`` and all backup files ( ending with ``.bkup``).

source/img/hub/update-permission.png

@@ -58,30 +58,3 @@ the :ref:`User Key <security/hub/keys/user-keys>`. The Account Key acts as a pas
     The Account Key itself is stored as an `ECDH-ES-encrypted JWE <https://datatracker.ietf.org/doc/html/rfc7518.html#section-4.6>`_, allowing its owner to
     view it from any authorized device. Regardless it should be securely stored independently.
 
-
-.. _security/hub/wot:
-
-Web of Trust
-------------
-
-The Web of Trust (WoT) feature in Cryptomator Hub helps users verify each other's identity by signing the :ref:`User Key Pair <security/hub/keys/user-keys>` with their private keys using ECDSA.
-First the trusting user needs to verify the trustee by entering the first characters of the trustee's public key fingerprint. Once signed, the proof is uploaded to Hub, where others can check its authenticity e.g. during vault sharing.
-
-WoT also supports transitive trust, meaning if alice trusts bob, and bob trusts charlie, then alice implicitly trusts charlie. This forms a trust chain, allowing users to establish indirect trust relationships.
-
-The maximum depth of such chains can be configured using the ``wot_max_depth`` property, which limits how far trust can extend within Hub:
-
-* The default value is 3 ("Great-Grandchild")
-* The maximum value is 9
-* The minimum value, 0, means no trust chain is allowed, only direct trust relationships are considered
-
-With the ``wot_id_verify_len`` property, the minimum length of to be entered public key fingerprint can be configured:
-
-* The default value is 2
-* The minimum value, 0, means the fingerprint of the trustee is fully shown wihtout any input needed
-
-.. note::
-
-    If a user resets their account, their User Key Pair is regenerated, invalidating all previously established trust relationships regarding this user. As a result, the user must be re-verified by everyone who previously trusted them.
-    Additionally, any existing trust chains that included the user will be broken, requiring re-verification to restore trust and re-establish transitive trust relationships.
-