Re: Capability Authorization-enabled Decentralized Object Model [was RE: The "Verifiable" Economy [was RE: a few thoughts about zcaps]]

On Wed, Apr 7, 2021 at 10:55 AM Alan Karp <> wrote:

> I believe that any system that can handle the example in
> is general
> enough.  (It won Best Paper at ARES 2010, so you don't think I'm blowing
> smoke.)
> In that scenario, Alice wishes to use Bob's backup service, which relies
> on Carol's copy service.  We show that authentication-based schemes can
> lead to bad results.  For example, Alice specifies a file she is not
> allowed to read, and Bob specifies a file he does not have permission to
> write. Nevertheless, Carol reads the input and writes it to the
> output, potentially destroying one of her files.  These problems cannot
> arise with capabilities.

I’d love to see just that narrow scenario, as a series of narrated slides
saved as a video. I really don’t like the car keys example, and this one is
practical example of the problem with an example of failure & an example of
success leveraging ocap.

— Christopher Allen [via iPhone]


Received on Wednesday, 7 April 2021 18:03:30 UTC