Horton’s Who Done It?
description
Transcript of Horton’s Who Done It?
![Page 1: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/1.jpg)
Horton’s Who Done It?
Communicating Authority with
Responsibility Tracking
Mark S. Miller Google Research1
Jed Donnelley LBNL/NERSC
Alan H. Karp HP Labs
Usenix HotSec Workshop, August 7, 2007
1Work done while at HP Labs
![Page 2: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/2.jpg)
Alice
Alice
Doc Chapters:
Chapter 1…
Chapter 1…
Communicating Object Access with Delegation
Initial Conditions:
Alice has: 1. A capability to send to Bob and 2. A capability to a document with chapters.
Alice Bob
![Page 3: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/3.jpg)
Alice Bob
Doc Chapters:
Chapter 1…
Alice
Capability Communication of the Document Reference
Alice
here’s( )
Chapter 1…
Alice sends a message to Bob containinga reference to the document.
![Page 4: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/4.jpg)
Alice Bob
Alice
Alice
Doc Chapters:
Chapter 1…
Chapter 1…
Alice-
>Bob
Alice can’t act with Bob’s responsibilityBob can’t act with Alice’s responsibility
Horton Magic: Bob Receives a Delegated Capability
![Page 5: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/5.jpg)
Delegating Least Authority
A B
C
![Page 6: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/6.jpg)
Delegating Least Authority
A B
C
b.foo(c)
![Page 7: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/7.jpg)
Delegating Least Authority
A B
C
foo( )
![Page 8: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/8.jpg)
Delegating Least Authority
A B
C
![Page 9: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/9.jpg)
Delegating Least Authority
A B
C
• Msgs are only means to cause effects
• Refs control authority
• Leverage OO patterns
![Page 10: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/10.jpg)
Delegating Least Authority
A B
C
• Msgs are only means to cause effects
• Refs control authority
• Leverage OO patterns
• Anonymous
![Page 11: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/11.jpg)
Two styles, relative strengths
Program decisions
Fine-grained
Built for safety
Least authority
Virus resistant
Authorization-based
Object-capabilities (ocaps)
Human decisions
Large-grained
Built for damage control
Most responsibility
Spam resistant
Identity-based
ACLs
?
![Page 12: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/12.jpg)
Two styles, relative strengths
Program decisions
Fine-grained
Built for safety
Least authority
Virus resistant
Authorization-based
Object-capabilities (ocaps)
Human decisions
Large-grained
Built for damage control
Most responsibility
Spam resistant
Identity-based
ACLs
Polaris, PlashBitfrost?
![Page 13: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/13.jpg)
Two styles, relative strengths
Program decisions
Fine-grained
Built for safety
Least authority
Virus resistant
Authorization-based
Object-capabilities (ocaps)
Human decisions
Large-grained
Built for damage control
Most responsibility
Spam resistant
Identity-based
ACLs+ “Hybrid” Cap Systems (SCAP, Sys/38)
![Page 14: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/14.jpg)
Two styles, relative strengths
Program decisions
Fine-grained
Built for safety
Least authority
Virus resistant
Authorization-based
Object-capabilities (ocaps)
Human decisions
Large-grained
Built for damage control
Most responsibility
Spam resistant
Identity-based
ACLs
?
![Page 15: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/15.jpg)
Two styles, relative strengths
Program decisions
Fine-grained
Built for safety
Least authority
Virus resistant
Authorization-based
Object-capabilities (ocaps)
Human decisions
Large-grained
Built for damage control
Most responsibility
Spam resistant
Identity-based
ACLs
Horton
![Page 16: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/16.jpg)
Alice
Can’t vet code or actions of each object.
![Page 17: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/17.jpg)
Alice
Can’t vet code or actions of each object.
![Page 18: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/18.jpg)
Alice
Can’t vet code or actions of each object.
![Page 19: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/19.jpg)
Alice
Can’t vet code or actions of each object.
![Page 20: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/20.jpg)
Alice
Can’t vet code or actions of each object.
![Page 21: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/21.jpg)
Alice
Can’t vet code or actions of each object.
![Page 22: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/22.jpg)
Alice
Can’t vet code or actions of each object.
![Page 23: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/23.jpg)
Alice
Can’t vet code or actions of each object.
![Page 24: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/24.jpg)
Alice
Can’t vet code or actions of each object.
![Page 25: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/25.jpg)
Alice
A
Can’t vet code or actions of each object.
Aggregate into long-lived responsible identity.
![Page 26: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/26.jpg)
Story Needs Four Characters
Alice & Bob• Old patterns for identity-based control: identity tunnel
Alice introduces Bob & Carol• Builds new relationships from old
Carol also hears of Bob from Dave• Corroborates Bob’s independence from Alice
![Page 27: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/27.jpg)
Two-party intermediation
A message travels through anidentity tunnel
![Page 28: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/28.jpg)
A B
Bob
Alice Bob
Alice
![Page 29: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/29.jpg)
A B
Bob
Alice Bob
Aliceb.foo()
![Page 30: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/30.jpg)
A Bfoo()
Bob
Alice Bob
Alice
![Page 31: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/31.jpg)
A B
Bob
Alice Bob
Alice
foo()
Do I still use Bob’s services?
![Page 32: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/32.jpg)
A B
Bob
Alice Bob
Alice
Bob, deliver to Bfoo()
![Page 33: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/33.jpg)
A B
Bob
Alice Bob
Alice
deliver(“foo”,[])
![Page 34: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/34.jpg)
A B
Bob
Alice Bob
Alice
foo()
Do I still honorAlice’s requests?
![Page 35: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/35.jpg)
A B
Bob
Alice Bob
Alice
Deliver toB for Alice
foo()
![Page 36: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/36.jpg)
A B
Bob
Alice Bob
Alice
foo()
![Page 37: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/37.jpg)
A B
Alice Bob
![Page 38: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/38.jpg)
Three-party intermediation
Build new relationships from old
![Page 39: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/39.jpg)
A B
Alice Bob
C
Carol
![Page 40: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/40.jpg)
A B
Alice Bob
C
Carol
b.foo(c)
![Page 41: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/41.jpg)
A B
Alice Bob
C
Carol
foo( )
![Page 42: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/42.jpg)
A B
Alice Bob
C
Carol
intro( )
Bob
Carol, please provide Bob access to C
foo( )
![Page 43: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/43.jpg)
A B
Alice Bob
C
Carol
intro( )
Bob
Carol, please provide Bob access to C
Alice needs tunnel for Bob
foo( )
![Page 44: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/44.jpg)
A B
Alice Bob
C
Carol
intro( )
BobGift wrap it
for Bob
Carol, please provide Bob access to C
foo( )
![Page 45: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/45.jpg)
A B
Alice Bob
C
Carol
intro( )
BobGift wrap it
for Bob
To BobFrom Carol
Carol, please provide Bob access to C
foo( )
![Page 46: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/46.jpg)
A B
Alice Bob
C
Carol
intro( )
Bobreturn Bob’s
gift
To BobFrom Carol
Carol, please provide Bob access to C
foo( )
![Page 47: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/47.jpg)
A B
Alice Bob
C
Carol
To BobFrom Carol
Bob, deliver “fo__ to B with
Carol’s ( )foo( )
![Page 48: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/48.jpg)
A B
Alice Bob
C
Carol
To BobFrom Carol
deliver(“foo”,[[ , ]])
Carol
![Page 49: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/49.jpg)
A B
Alice Bob
C
Carol
To BobFrom Carol
deliver(“foo”,[[ , ]])
Carol
Unwrap Carol’sgift from Alice
![Page 50: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/50.jpg)
A B
Alice Bob
C
Carol
foo( )
Unwrap Carol’sgift from Alice
![Page 51: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/51.jpg)
A B
Alice Bob
C
Carol
foo( )
![Page 52: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/52.jpg)
A B
Alice Bob
C
Carol
![Page 53: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/53.jpg)
A B
Alice
Bob
C
Carol
Is Bob a pseudonymfor Alice?
![Page 54: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/54.jpg)
Four party intermediation
Only corroborating introductions let Alice shed blame
![Page 55: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/55.jpg)
A B
Alice Bob
C D
Carol Dave
Bob
![Page 56: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/56.jpg)
Better Identities than ACLs
Fully decentralized• No global administrator or name server
Track bilateral responsibility• For requests and for service• Also tracks delegation chain
Sybil resistant aggregation strategy
Corroboration-driven disaggregation
![Page 57: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/57.jpg)
Conclusions
Delegate authority, bound to responsibility for using that authority.
Fine-grain least authority for safety.Large-grain identities for damage control.
Reference implementations in Java & E: http://erights.org/download/horton/
![Page 58: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/58.jpg)
![Page 59: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/59.jpg)
Three-party intermediation
The details
![Page 60: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/60.jpg)
Rights Amplification
• Inspired by PK
• Simple oo pattern
• No explicit crypto
• Can represent responsible identity
![Page 61: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/61.jpg)
![Page 62: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/62.jpg)
b.foo(c)
![Page 63: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/63.jpg)
![Page 64: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/64.jpg)
Carol, please provide Bob access to C
![Page 65: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/65.jpg)
Carol, please provide Bob access to C
![Page 66: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/66.jpg)
Bob, please use Carol’s C
![Page 67: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/67.jpg)
![Page 68: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/68.jpg)
Make a stub for Bob’s use
![Page 69: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/69.jpg)
Make a stub for Bob’s use
![Page 70: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/70.jpg)
Gift wrap it for Bob
![Page 71: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/71.jpg)
wrap(s3, whoBob, beCarol)
![Page 72: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/72.jpg)
wrap(s3, whoBob, beCarol)
pr
![Page 73: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/73.jpg)
wrap(s3, whoBob, beCarol)
pr
seal( )
![Page 74: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/74.jpg)
wrap(s3, whoBob, beCarol)
pr
![Page 75: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/75.jpg)
return gift
pr
![Page 76: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/76.jpg)
pr
![Page 77: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/77.jpg)
unwrap( , whoCarol, beBob)
pr
![Page 78: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/78.jpg)
unwrap( , whoCarol, beBob)
pr
unseal( )
![Page 79: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/79.jpg)
unwrap( , whoCarol, beBob)
pr
![Page 80: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/80.jpg)
unwrap( , whoCarol, beBob)
pr
![Page 81: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/81.jpg)
unwrap( , whoCarol, beBob)
pr
seal
( )
![Page 82: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/82.jpg)
unwrap( , whoCarol, beBob)
pr
![Page 83: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/83.jpg)
unwrap( , whoCarol, beBob)
pr
( )
![Page 84: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/84.jpg)
unwrap( , whoCarol, beBob)
pr
![Page 85: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/85.jpg)
unwrap( , whoCarol, beBob)
pr
![Page 86: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/86.jpg)
unwrap( , whoCarol, beBob)
pr
( )
![Page 87: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/87.jpg)
unwrap( , whoCarol, beBob)
![Page 88: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/88.jpg)
makeProxy(..)
![Page 89: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/89.jpg)
makeProxy(..)
![Page 90: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/90.jpg)
E.call(..)
![Page 91: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/91.jpg)
![Page 92: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/92.jpg)
A B
Alice Bob
C D
Carol Dave
![Page 93: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/93.jpg)
B
Bob
C D
Carol Dave
![Page 94: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/94.jpg)
B
Bob
C D
Carol Dave
![Page 95: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/95.jpg)
CapWiki with attribution
![Page 96: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/96.jpg)
The Web: Good, Bad, and Ugly:
1. Good: Internet hypertext, wonderful!
2. Bad: Username/passwords for every site that has any sort of access control.
3. Ugly: Hard to share limited access to network objects. Hard to combine network objects with access restrictions.
![Page 97: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/97.jpg)
Sends:BobSendEveSendIvanSend
Alice’s Domain
![Page 98: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/98.jpg)
CapWikiFinances:InvestorMarket
Ali ce’s
Alice’s Domain
CapWiki:CapWiki Stuff:ConceptsFinancesOther
Sends:BobSendEveSendIvanSend
![Page 99: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/99.jpg)
Sends:AliceSendDaveSend
CapWikiFinances:InvestorMarket
Alice’s Domain Bob’s Domain
Ali ce’s
Receives:AliceReceive
CapWiki:CapWiki Stuff:ConceptsFinancesOther
Sends:BobSendEveSendIvanSend
![Page 100: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/100.jpg)
CapWiki:CapWiki Stuff:ConceptsFinancesOther Sends:
AliceSendDaveSend
CapWikiFinances:InvestorMarket
Alice’s Domain Bob’s Domain
Ali ce’s
Receives:*AliceReceive
Sends:BobSendEveSendIvanSend
![Page 101: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/101.jpg)
CapWiki:CapWiki Stuff:ConceptsFinancesOther
Receives:AliceReceive
Sends:AliceSendDaveSend
CapWikiFinances:InvestorMarket
Alice’s Domain Bob’s Domain
Ali ce’ s
Alice BobSends:BobSendEveSendIvanSend
![Page 102: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/102.jpg)
CapWiki:CapWiki Stuff:ConceptsFinancesOther
Receives:AliceReceive
Sends:AliceSendDaveSend
CapWikiFinances:InvestorMarket
Alice’s Domain Bob’s Domain
Ali ce’ s
Alice Bob
Alice Bob
Sends:BobSendEveSendIvanSend
![Page 103: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/103.jpg)
CapWiki:CapWiki Stuff:ConceptsFinancesOther
Receives:AliceReceive
Sends:AliceSendDaveSend
CapWikiFinances:InvestorMarket
Alice’s Domain Bob’s Domain
Ali ce’ s
Here are theCapWiki:FinancesDave
Receives:BobReceiveDaves’s Domain
Bo b’s
Sends:BobSendEveSendIvanSend
Alice Bob
Alice Bob
![Page 104: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/104.jpg)
CapWiki:CapWiki Stuff:ConceptsFinancesOther
Receives:AliceReceive
Sends:AliceSendDaveSend
CapWikiFinances:InvestorMarket
Ali ce’ s
Here are theCapWiki:FinancesDave
Receives:* BobReceiveDaves’s Domain
Bo b’s
Sends:BobSendEveSendIvanSend
Alice’s Domain Bob’s Domain
Alice Bob
Alice Bob
![Page 105: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/105.jpg)
CapWiki:CapWiki Stuff:ConceptsFinancesOther
Receives:AliceReceive
Sends:AliceSendDaveSend
CapWikiFinances:InvestorMarket
Ali ce’ s
Here are theCapWiki:FinancesDave
Receives:BobReceive
Bo b’s
Bob D
ave
Sends:BobSendEveSendIvanSend
Daves’s Domain
Alice’s Domain Bob’s Domain
Alice Bob
Alice Bob
![Page 106: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/106.jpg)
CapWiki:CapWiki Stuff:ConceptsFinancesOther
Receives:*AliceReceive
Sends:AliceSendDaveSend
CapWikiFinances:InvestorMarket
Ali ce’ s
Here are theCapWiki:FinancesDave
Receives:BobReceive
Bo b’s
Bob D
ave
Alice Bob Dave
Sends:BobSendEveSendIvanSend
Alice’s Domain Bob’s Domain
Daves’s Domain
Alice Bob
Alice Bob
![Page 107: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/107.jpg)
Better Web Access Control
• No more passwords – Send a <me>Send to a <service>Send. They know who you are, you know who they are.
• Side benefit – SPAM resistance. Don’t like a source of SPAM, cut it off to any delegation level.
• Principle Of Least Authority (POLA) sharing that can facilitate cross site services.
![Page 108: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/108.jpg)
A B
Alice Bob
C
Carol
Is Carol a pseudonymfor Alice?
![Page 109: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/109.jpg)
A B
Alice Bob
C
Carol
![Page 110: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/110.jpg)
A B
Alice Bob
C D
Carol Dave
![Page 111: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/111.jpg)
A B
Alice Bob
C D
Carol Dave
bar( )
![Page 112: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/112.jpg)
A B
Alice Bob
C D
Carol Dave
![Page 113: Horton’s Who Done It?](https://reader036.fdocuments.us/reader036/viewer/2022062519/568151f1550346895dc02a81/html5/thumbnails/113.jpg)
A B
Alice Bob
C D
Carol Dave
Bob
Carol