Re: Capability Authorization-enabled Decentralized Object Model [was RE: The "Verifiable" Economy [was RE: a few thoughts about zcaps]] from Christopher Allen on 2021-04-07 (public-credentials@w3.org from April 2021)

From: Christopher Allen <ChristopherA@lifewithalacrity.com>
Date: Wed, 7 Apr 2021 11:03:03 -0700
To: Alan Karp <alanhkarp@gmail.com>
Cc: Christopher Lemmer Webber <cwebber@dustycloud.org>, Manu Sporny <msporny@digitalbazaar.com>, "Michael Herman (Trusted Digital Web)" <mwherman@parallelspace.net>, "public-credentials@w3.org" <public-credentials@w3.org>
Message-ID: <CACrqygCwKQqRRCt-46+ZiFNsXOhjp_UqgHov4zaAJ0SY3zh_-A@mail.gmail.com>

On Wed, Apr 7, 2021 at 10:55 AM Alan Karp <alanhkarp@gmail.com> wrote:

> I believe that any system that can handle the example in
> https://www.hpl.hp.com/techreports/2008/HPL-2008-204R1.pdf is general
> enough.  (It won Best Paper at ARES 2010, so you don't think I'm blowing
> smoke.)
>
> In that scenario, Alice wishes to use Bob's backup service, which relies
> on Carol's copy service.  We show that authentication-based schemes can
> lead to bad results.  For example, Alice specifies a file she is not
> allowed to read, and Bob specifies a file he does not have permission to
> write. Nevertheless, Carol reads the input and writes it to the
> output, potentially destroying one of her files.  These problems cannot
> arise with capabilities.
>

I’d love to see just that narrow scenario, as a series of narrated slides
saved as a video. I really don’t like the car keys example, and this one is
practical example of the problem with an example of failure & an example of
success leveraging ocap.

— Christopher Allen [via iPhone]

>

Received on Wednesday, 7 April 2021 18:03:30 UTC