Revocation is still the sore spot AFAICT. So in addition to the cap mechanism outlined here, I will need a second "caveat" mechanism that allows me to revoke a cap.
-
-
Manuel Simoni Retweeted Manuel Simoni
I think I have a solution though: I'm calling it reactive caps, and they're only valid as long as somebody is presenting them to you:https://twitter.com/msimoni/status/1202708358022737920 …
Manuel Simoni added,
Manuel Simoni @msimoni
In capability systems, caps are exchanged via messages. But what if a cap was exchanged as a *reactive value* of type Option<Cap> and the receiver can only use it (enforced by kernel) as long as they have (Some cap). A cap could be revoked by setting the reactive value to None1 reply 0 retweets 0 likes -
Replying to @msimoni
Sort of an "inline" revocation mechanism where the only way to present the capability is to go through the revoker?
1 reply 0 retweets 0 likes -
Replying to @coreload
In classical caps, you receive a cap as a one-shot message, and can use it forever. In my reactive caps model, you receive a cap as a reactive, dynamically-updating value Some(Cap), and you can only use it as long as that value is not None (enforced by the kernel).
1 reply 0 retweets 0 likes -
IOW, to be able to use a cap, somebody has to be presenting that cap to you continuously, dynamically (the kernel enforces this). As soon as they stop presenting the cap to you, it becomes unusable to you. Does that make sense?
1 reply 0 retweets 1 like -
You can't rely on a kernel if yow want to even be in same domain as w3c (that domain being an open web).
1 reply 0 retweets 0 likes -
Replying to @awelonblue @coreload
I'm pretty confident that the system could be implemented for the open web on top of a
@SolidMit-like "kernel": trusted origin servers, an identity mechanism, and pub-sub for performance.1 reply 0 retweets 1 like -
Seems very, veerry identity-based. Good luck adding caps without relying on crypto-cap URLs! Anyhow, we have discussed crypto-cap based approaches. I just distrust any centralized server. If it were up to me, I'd even trade DNS for crypto-DHT and some variant of Namecoin.
2 replies 0 retweets 1 like -
-
Replying to @Ngnghm @awelonblue and
So secure it's not even searchable on the web!
1 reply 0 retweets 2 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
Read my blog!