cape-js VS aws-nitro-enclaves-cli

Once you have your access token, you can invoke the OCR service. Here is a code snippet showing you how to do it with cape-js.

A running example of this code can be seen here on github. This example is run using the Cape-JS and the function is deployed using Cape CLI.

Cape provides a command line interface (CLI) and also a Python and JavaScript software development kits (SDKs) called pycape and cape-js that allow developers to deploy their apps and allow users to interact with them in a secure manner.

In addition to the platform itself, Cape also provides a CLI that enables its users to easily encrypt their input data, and deploy and run serverless functions with easy commands: cape encrypt, cape deploy, and cape run. Additionally, Cape also provides two SDKs: pycape and cape-js, which allow for using cape within Python and JavaScript programs respectively.

Ok, I'll bite. I'm happy to be wrong if I am wrong...

This document [1] defines a Nitro Enclave as an application image that runs in a secure runtime with no external networking.

This document [2] shows how you build a secure image. You basically take an image (like [3]) and run `nitro-cli build-enclave ...`.

Ok... so explain to me:

- Given that the image you build has to contain 1) private data (mine) and 2) private models (yours).

If I build the model, how do you protect your models? (because I did, to access the base image)

If you build the model, how do I know you didn't access my data? (because you did, to build the image)

What am I not getting?

[1] - https://docs.aws.amazon.com/enclaves/latest/user/nitro-encla...

[2] - https://docs.aws.amazon.com/enclaves/latest/user/getting-sta...

[3] - https://github.com/aws/aws-nitro-enclaves-cli/blob/main/exam...