diff --git a/docs/core-features/sharing-private.md b/docs/core-features/sharing-private.md index 0373d9d1..e97dffa8 100644 --- a/docs/core-features/sharing-private.md +++ b/docs/core-features/sharing-private.md @@ -6,7 +6,7 @@ sidebar_position: 0 `zrok` was built to share and access digital resources. A `private` share allows a resource to be shared through a __privately__ available endpoint. Privately shared resources can only be accessed by another `zrok` user who has the details of your unique share. -Sharing a resource with privately is one of the things that makes `zrok` unique. +Peer-to-peer private resource sharing is one of the things that makes `zrok` unique. `zrok` also provides `public` sharing of resources with non-`zrok` users. Public resource sharing is limited to only resources that can be accessed over `HTTP` or `HTTPS`. @@ -18,14 +18,14 @@ Here's how private sharing works: `private` shares are accessed using the `zrok access` command, and require the accessing user to have a working (and `enable`-d) `zrok` account on the same service instance where the share was created. -The `private` share is identified by a _share token_, which uniquely identifies your share. The accessing user will use the share token, along with the `zrok access` command to create a local endpoint on their system, which let's them use the shared resource as if it were local to their system. +The `private` share is identified by a _share token_, which uniquely identifies your share. The accessing user will use the share token, along with the `zrok access` command to create a local endpoint on their system, which lets them use the shared resource as if it were local to their system. -`private` sharing does not require you to open any firewall ports or otherwise compromise the security of your local system; there is never an attack surface open to the public internet. +`private` sharing does not require you to open any firewall ports or otherwise compromise the security of your local system; there is never an attack surface open to the public internet. As soon as you terminate the `zrok share` process, you immediately terminate any possible access to your shared resource. The shared resource can be a development web server to share with friends and colleagues or perhaps, it could be a webhook from a server running in the cloud which has `zrok` running and has been instructed -to `access` the private resource. What matters is that the access to the shared resource __should not__ -be done in a public way, for more secure access. +to `access` the private resource. `zrok` can also share files, websites, and low-level TCP and UDP network connections using the `tunnel` backend. What matters is that the access to the shared resource is not +done in a public way, and can only be accessed by other `zrok` users that have access to your share token. The peer-to-peer capabilities of `zrok` are an important property of the underlying [OpenZiti](https://docs.openziti.io/docs/learn/introduction/) network that `zrok` uses to provide connectivity between users and resources.