diff --git a/README.org b/README.org index dd82b4c..ce66be0 100644 --- a/README.org +++ b/README.org @@ -892,7 +892,59 @@ in fact, very similar to how we program every day. than they are ocaps), so the name "object capability" was chosen to distinguish between the two. -** Ocaps meet human relationships +** Ocaps meet social relationships (or: just in time authority) + +Some systems that try to confine authority today are called "sandboxes". +If you have had experience with present-day sandboxes, you might be +skeptical, based on those experiences, that an ocap type system will work. +That would be understandable; in many such systems a user has to +pre-configure all the authority that a sandboxed process will need before +the process even starts up. +Almost inevitably, this authority doesn't end up being enough. +Time and time again, the user opens the sandboxed process only to find that +they have to "poke another hole" in the system. +Eventually they let too much authority through; out of frustration, the +user might simply pass through nearly everything. + +Thankfully, ocaps don't have this problem. +Unlike many traditional sandbox systems, we can pass around references +whenever we need them... authority can be handed over "just in time". + +This is less surprising if we consider the way passing around ocap +references resembles the way people develop social relationships. +If Alice knows Bob and Alice knows Carol, Alice might decide it is +useful to introduce Bob to Carol. +We see this all the time with the way people exchange phone numbers +today. +"Oh, you really ought to meet Carol! Hold on, let me give you her +number!" + +#+BEGIN_CENTER +[[file:./static/granovetter.png]] + +/One of the Granovetter Diagrams shown in [[http://erights.org/elib/capability/ode/index.html][Ode to the Granovetter Diagram]]./ +/Pardon the geocities-era aesthetic./ +#+END_CENTER + +In fact, thinking about such social relationships have long been at +the heart of ocap systems. +One of the most famous (and informative) ocap papers is one called +[[http://erights.org/elib/capability/ode/index.html][Ode to the Granovetter Diagram]] (a truly remarkable paper which shows +how many complicated systems, including basic money and financial +transaction infrastructure, can be modeled on ocaps). +In this paper "Granovetter Diagrams" such as the above are introduced, +showing how ocaps flow through a system by social introductions. +In fact the above diagram is pretty much exactly the same as our phone +number exchange... "Alice is sending Bob the message =foo=, which +contains a reference to Carol, and now Bob has been introduced to / +has access to Carol." + +It turns out that Granovetter Diagrams have their origin in sociology, +from a famous paper by Mark S. Granovetter named +[[https://www.sciencedirect.com/science/article/pii/B9780124424500500250][The Strength of Weak Ties]]. +It's good news that much of thinking about ocaps has been based on +how human relationships develop in sociology, since we are now about +to use them to build a robust social network. * How to build it ** Ocaps we can use in our protocols