From 2db83217939ff0ef36553f22c6db8dab7a58a2c8 Mon Sep 17 00:00:00 2001 From: Christopher Lemmer Webber Date: Fri, 26 Jul 2019 15:59:45 -0400 Subject: [PATCH] Add the rest of ocaps meet activtypub objects/actors and start of proxying --- README.org | 53 ++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 48 insertions(+), 5 deletions(-) diff --git a/README.org b/README.org index cf753da..b3dd563 100644 --- a/README.org +++ b/README.org @@ -1127,7 +1127,11 @@ In the latter message, Alyssa sent her message, which also provided a path to Ben's, amongst her friends, encouraging people she knows to establish a social connection with Ben. Alyssa and Ben were able to coordinate to spread this communication -amongst people they trust, but it is not spread further. +amongst people they trust, but it is not spread further than to +anyone who is explicitly handed access. +(It's possible that someone can share the information when Ben or Alyssa +asked them not to; + This is mildly interesting, but things get much more interesting when we realize that inboxes can also themselves be capabilities. @@ -1157,15 +1161,54 @@ moment, but for the moment we can say that Alyssa posting to the group is as simple as referencing its =@id=: #+BEGIN_SRC javascript - + {"@type": "Create", + // this is the @id of the above referenced Group object + "to": ["bear:?u=https://groupchats.example/group&t=eQshu8RiJ-9ozh2GKRATXN5-J6dcBVf_AYSMrJ6UEzE"], + "actor": "https://social.example/alyssa/", + "object": { + "@id": "https://social.example/obj/cdWg7wv1mjrNf0C3vcxCjzPy3Z9tturSBv9_Ew8qe7E", + "@type": "Note", + "attributedTo": "https://social.example/alyssa/", + "content": "Anyone tried out libresprite? I hear it's a fork of the old FOSS branch of aesprite."}} #+END_SRC +Now the group can forward this message to its subscribers. + +Here's the interesting aspects of this: + + - Alyssa's access to write to the group can be unique to her. We'll + see how this can happen in the next section. This means that it's + also easy for the list administrator to unsubscribe her: they can + just revoke the capability. + - As said before, the capability Alyssa has here only allows her to + post messages, not do moderation. + - Each subscriber on the group has given the group a specific + capability for their subscription. That means that the messages + should go through to them "for free" unless the user explicitly + chose to revoke the capability (but they probably would have + manually unsubscribed instead). + +** Adding attenuation, revocation, accountability, and composition + +That's all good and well, but even reading the above might hint that +we are missing some things. *How* is Alyssa's capability limited to +posting but not administrating? *How* can both the susbscribers and +the servers both know where messages are "coming from" / hold them +accountable, and also have the power of revocation? + +We are, in effect, now back to [[*Extending the car key metaphor][Extending the car key metaphor]] but +without having explained how it works... but we know what we have +claimed, that it is possible to have *delegation*, *attenuation*, +*revocation*, *accountability*, and *composition*. +Thus far we have only shown how delegation works: it is easy enough +to copy around a capability url / bearcap. +How about the rest? + +*** The power of proxying -** The power of proxying - -** True names, public profiles, private profiles +*** True names, public profiles, private profiles ** Rights amplification and group-style permissions