What are UCANs? What are their capabilities? How can we facilitate offline compute? Learn the answers to these questions and more here: https://fission.codes/blog/cod-summit-2022-recap/
@fission @expede In trying to get a grasp of the current state of the art regarding capabilities in distributed systems, I'm trying to wrap my head around how access to a resource is controlled. Does UCAN assume that a resource is freely retrievable, or does it assume that access can be controlled by an agent (e.g., an IPFS node that agrees to honour the capability)? The latter would seem to make more sense, given what I know about capabilities.
A #UCAN is a cryptographically signed bearer token that carries capabilities with it. The receiving application has to understand the capabilities.
Our #WNFS encrypted file system, for example, has capabilities around CRUD of files and file paths as a simple base case -- either encrypted or public.
@pauldaoust @fission @expede so, whether it's data, services, or any kind of custom resources or capabilities, UCAN encodes the capabilities. They don't need to be freely available, just "gated" by the capabilities of the signed token.
For example, at @fission we're going to have a set of capabilities around DNS / domain names. And endpoint will respect capabilities related to domain ownership.
@boris @fission @expede Okay, I think that I'm understanding that if "the receiving application has to understand the capabilities", that means it's responsible for enforcing them correctly. And of course it has to be able to restrict access to the resource for which the capability is granted. Is that correct?
The Protocol Labs Network micro blogging server. Stay in touch with ecosystem of organizations, people, and projects around the world. Share your news, post personal updates, and connect with everyone.