mirror of
https://gitlab.com/spritely/ocappub.git
synced 2024-11-23 05:33:02 +00:00
A way forward
This commit is contained in:
parent
dfa268200c
commit
be27c3e64f
57
README.org
57
README.org
@ -625,11 +625,62 @@ standing up for human rights; if the choice is between doing
|
|||||||
business in a country or not violating its citizens' rights,
|
business in a country or not violating its citizens' rights,
|
||||||
most companies will seek to maximize value for their shareholders.
|
most companies will seek to maximize value for their shareholders.
|
||||||
|
|
||||||
But don't give up hope!
|
|
||||||
There is a way out of this mess, after all.
|
|
||||||
|
|
||||||
** A way forward: networks of consent
|
** A way forward: networks of consent
|
||||||
|
|
||||||
|
Don't give up hope!
|
||||||
|
There is a way out of this mess, after all.
|
||||||
|
It lies with the particular use of a security paradigm called "object
|
||||||
|
capabilities" (or "ocaps").
|
||||||
|
We will get into the technicality of how to implement ocaps in
|
||||||
|
[[*How to build it][How to build it]] but for now, let's think about our high-level goals.
|
||||||
|
|
||||||
|
The foundation of our system will rely on establishing trust between
|
||||||
|
two parties.
|
||||||
|
If Alice trusts Carol to be able to perform an action, she might
|
||||||
|
"give consent" to Carol.
|
||||||
|
However, giving consent to Carol is not necessarily permanent; Alice
|
||||||
|
has the tools to track abuse of her resources, and if she sees that
|
||||||
|
Carol is responsible, she can revoke her consent to Carol.
|
||||||
|
(While Carol could have handed this authority to someone else, Alice
|
||||||
|
would still see the abuse coming from the access she handed Carol,
|
||||||
|
and could still hold Carol responsible.)
|
||||||
|
|
||||||
|
What about users that do not yet trust each other?
|
||||||
|
If Alice does not yet know or trust Bob, it is up to Alice's default
|
||||||
|
settings as to whether or not Bob has any opportunity to message Alice.
|
||||||
|
Maybe Alice only gets messages from entities she has existing
|
||||||
|
relationships with.
|
||||||
|
|
||||||
|
However, it is possible that Alice could have a "default profile"
|
||||||
|
that anyone can see, but which bears a cost to send a message through.
|
||||||
|
Perhaps Bob can try to send a message, but it ends up in a moderator
|
||||||
|
queue.
|
||||||
|
Or, perhaps Bob can send Alice a message, but he must attach "two
|
||||||
|
stamps" to the message.
|
||||||
|
In this case, if the message was nice, Alice might refund Bob one
|
||||||
|
or both stamps.
|
||||||
|
She might even decide to hand him the authority to send messages to
|
||||||
|
her in the future, for free.
|
||||||
|
But say Bob is a spammer and is sending a viagra ad; Alice can keep
|
||||||
|
the stamps.
|
||||||
|
Now Bob has to "pay" Alice to be spammed (and depending on how we
|
||||||
|
decide to implement it, Alice might be paid to be spammed).
|
||||||
|
There is always a cost to unwanted messages, but in our current
|
||||||
|
systems the costs lie on the side of the receiver, not the sender.
|
||||||
|
We can shift that dynamic for unestablished relationships.
|
||||||
|
And critically, it is up to Alice to decide her threshold: if she
|
||||||
|
is receiving critically abusive messages, she can up the number of
|
||||||
|
stamps required, disable her public inbox entirely, or hand over
|
||||||
|
moderation to a trusted party during a particularly difficult period.
|
||||||
|
But even if she disables her inbox, the parties which have existing
|
||||||
|
trust relationships with Alice can still message her at no cost.
|
||||||
|
|
||||||
|
This document does not specify mechanisms but opens up several
|
||||||
|
opportunities.
|
||||||
|
It is up to the community to decide which routes are considered
|
||||||
|
acceptable.
|
||||||
|
But the framework for all of this is object capabilities.
|
||||||
|
|
||||||
** Must we boil the ocean?
|
** Must we boil the ocean?
|
||||||
|
|
||||||
* How to build it
|
* How to build it
|
||||||
|
Loading…
Reference in New Issue
Block a user