Conversation

Notices

1. Christine Lemmer-Webber (cwebber@octodon.social)'s status on Friday, 19-Jul-2019 15:21:39 UTC Christine Lemmer-Webber

   • nated

   @doesntgolf I haven't covered that, but the answer is... no! You don't need an ACL for revocation (or for tracking abuse)! And here's how we can do it.

   An ocap is an unforgeable reference right? (As in, if you don't know it, you don't have a way of faking it.)

   So, what if we have the "real" object, and then what we actually hand the person is a "proxy" object that forwards messages? This proxy could attach information so we know "who's capability" is being used when they use it.

   (1/2)

   • Christine Lemmer-Webber repeated this.
   • Christine Lemmer-Webber (cwebber@octodon.social)'s status on Friday, 19-Jul-2019 15:23:12 UTC Christine Lemmer-Webber

     in reply to

     • nated

     @doesntgolf Now, let's say we see that they're abusing our resource through that proxy. Here's the second part! Our proxy contains a flag that we can set, and then it *stops forwarding messages*! But we hold onto the capability to flip that bit... a "self-destruct button" if you will... and since they don't have that, we can disable it if necessary, that's our power.

     So as you can see, we can get both accountability and revokeability!

     (2/2)

     Christine Lemmer-Webber repeated this.
   • Caleb James DeLisle (cjd@mastodon.social)'s status on Friday, 19-Jul-2019 15:30:21 UTC Caleb James DeLisle

     in reply to

     • nated

     @cwebber @doesntgolf
     BTW this is a great primer on object capabilities: https://www.youtube.com/watch?v=eL5o4PFuxTY

     Christine Lemmer-Webber repeated this.