W3C home > Mailing lists > Public > public-credentials@w3.org > November 2018

Re: STRONG -1 to "authorized capabilities", and let's consider renaming costs

From: Mark Miller <erights@gmail.com>
Date: Thu, 8 Nov 2018 20:05:10 -0800
Message-ID: <CAK5yZYjkXO680JHrr4WJvA7WQE=_AQWFjGw98GFf7+GXRRzQJA@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Hi Manu!

No, I don't mind a different name if the name is trying to draw attention
to a distinction. I don't think "decentralized-capabilities" works for the
distinction you have in mind, but I understand it is just an example. I
don't see anything about them that is specific to decentralized systems. To
figure out what category you're trying to name, consider some similar
systems and try to determine whether they are or are not in the same
category:
* CapCert
http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates
* The signed c-list messages of
https://www.youtube.com/watch?v=YXUqfgdDbr8&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2
* SPKI/SDSI
* Macaroons

Note that I consider the first two to be cert encodings of ocap messages,
whereas the last two are not.

I like "reference-capabilities", but they are an example of a different
principle. Reference-capabilities are *not* object-capabilities, but they
are closely related; close enough to consider them a distinct kind of
capability. Pony and Kappa have both reference-capabilities and
object-capabilities. The most elegant statement of the difference comes
from Elias Castegren of Kappa. Paraphrasing:

By holding an object-capability, you can do certain things.
By holding a reference-capability, you know that others cannot do certain
things.

In both cases, what is held is a reference to an object, where the
reference has both natures. It's reference-capability nature is in its
static type of the reference; similar to the reference types of Rust. Its
object-capability nature is the static type of the objects it can point at,
and especially in what actual object it dynamically points at,



On Thu, Nov 8, 2018 at 2:38 PM Manu Sporny <msporny@digitalbazaar.com>
wrote:

> On 11/8/18 11:42 AM, Mark Miller wrote:
> > If you mean something other than what we mean by
> > "object-capabilities", by all means, *please* use a different name
> > rather than dilute the meaning of "object-capabilities".
>
> Would you be opposed to naming a specific subset of "object-capabilities"?
>
> For example, the currently named OCAP-LD specification is a
> certificate-based system that kinda sorta separates designation from
> authority and is used almost purely in decentralized systems. It's still
> part of the "object-capabilities" ecosystem.
>
> So, would you be opposed to something like "Decentralized Capabilities",
> which are a sub set of the broader "object-capabilities" space like what
> was done for "Reference Capabilities"?
>
> -- manu
>
> --
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: Veres One Decentralized Identifier Blockchain Launches
> https://tinyurl.com/veres-one-launches
>


-- 
  Cheers,
  --MarkM
Received on Friday, 9 November 2018 04:05:46 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:24:50 UTC