I just added what I think is the coolest part to OcapPub... the "Composition" section! This especially shows off how cool ocap design is: Alyssa schedules a backup of her file to run twice a day, and yet the job scheduler which runs the backup has neither access to read the file nor write anything else to the backup service! https://gitlab.com/spritely/ocappub/blob/master/README.org
@Thib These are good criticisms and will be better addressed once I introduce the True Names and public profiles section :)
@Thib We can put *a portion of it* this way:
"What do I believe this is a proxy of?"
"Does the thing I am proxying to believe this is a secure channel for me to make communications to it?"
@Thib And maybe, adding to that:
"Does the thing I am proxying to believe this is a reliably-available channel for me to make communications to it?"
@Thib Would answering those questions help your concerns?
I appreciate this feedback, btw!
@cwebber yes, I guess so, but I can't really see how those could be answered by anything else than “no”
@Thib Well then, I guess you have to wait for my next couple of updates :)
@Thib I realize I am introducing a lot of concepts, layer by layer. It is part of the reason OcapPub is so long.
We can see that in the examples I gave, Alyssa's friends had no reason to believe these capabilities were for anything other than what she said it was, because that was their trust assumptions from the beginning. If they trust Alyssa, and they heard it from Alyssa, that's fine. Similarly, the chronjob scheduler doesn't care.
We'll need better for talking to many AP actors.
@cwebber I guess how important those assumptions depend on the exact use case behind the proxy, and I can't really think of a use case for attenuation in AP yet
@Thib I hear you; reserve judgements till after the the True Names section comes out. :)
This is a small personal instance running on a couple small ARM servers at home.