Awesome-Mirrors
/
decentralized-id.github.io
mirror of https://github.com/Decentralized-ID/decentralized-id.github.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
decentralized-id.github.io/development/object-capabilities/index.html

11190 lines
83 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html>
<!--
Minimal Mistakes Jekyll Theme 4.24.0 by Michael Rose
Copyright 2013-2020 Michael Rose - mademistakes.com | @mmistakes
Free for personal and commercial use under the MIT license
https://github.com/mmistakes/minimal-mistakes/blob/master/LICENSE
-->
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<!-- begin _includes/seo.html --><title>Object Capability Model | Decentralized Identity Web Directory</title>
<meta name="description" content="in which a capability describes a transferable right to perform one (or more) operations on a given object.">
<meta name="author" content="DIDecentral">
<meta property="article:author" content="DIDecentral">
<meta property="og:type" content="article">
<meta property="og:locale" content="en_US">
<meta property="og:site_name" content="Decentralized Identity Web Directory">
<meta property="og:title" content="Object Capability Model">
<meta property="og:url" content="https://decentralized-id.com/development/object-capabilities/">
<meta property="og:description" content="in which a capability describes a transferable right to perform one (or more) operations on a given object.">
<meta property="og:image" content="https://decentralized-id.com/images/DID_og.webp">
<meta name="twitter:site" content="@infominer33">
<meta name="twitter:title" content="Object Capability Model">
<meta name="twitter:description" content="in which a capability describes a transferable right to perform one (or more) operations on a given object.">
<meta name="twitter:url" content="https://decentralized-id.com/development/object-capabilities/">
<meta name="twitter:card" content="summary_large_image">
<meta name="twitter:image" content="https://decentralized-id.com/images/DID_og.webp">
<meta property="article:published_time" content="2021-04-18T00:00:00+13:00">
<meta property="article:modified_time" content="2023-05-22T00:00:00+13:00">
<link rel="canonical" href="https://decentralized-id.com/development/object-capabilities/">
<script type="application/ld+json">
{
"@context": "https://schema.org",
"@type": "Person",
"name": "Infominer",
"url": "https://decentralized-id.com/"
}
</script>
<!-- end _includes/seo.html -->
<link href="/feed.xml" type="application/atom+xml" rel="alternate" title="Decentralized Identity Web Directory Feed">
<!-- https://t.co/dKP3o1e -->
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<script>
document.documentElement.className = document.documentElement.className.replace(/\bno-js\b/g, '') + ' js ';
</script>
<!-- For all browsers -->
<link rel="stylesheet" href="/assets/css/main.css">
<link rel="preload" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/css/all.min.css" as="style" onload="this.onload=null;this.rel='stylesheet'">
<noscript><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/css/all.min.css"></noscript>
<meta name="yandex-verification" content="876ea269be433d62" />
<!-- Favicons -->
<link rel="apple-touch-icon" sizes="180x180" href="https://decentralized-id.com/assets/icons/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="https://decentralized-id.com/assets/icons/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="https://decentralized-id.com/assets/icons/favicon-16x16.png">
<link rel="manifest" href="https://decentralized-id.com/assets/icons/site.webmanifest">
<link rel="mask-icon" href="https://decentralized-id.com/assets/icons/safari-pinned-tab.svg" color="#eeeeef">
<link rel="shortcut icon" href="https://decentralized-id.com/assets/icons/favicon.ico">
<meta name="msapplication-TileColor" content="#eeeeef">
<meta name="msapplication-config" content="https://decentralized-id.com/assets/icons/browserconfig.xml">
<meta name="theme-color" content="#eeeeef">
<!-- start custom head snippets -->
<!-- insert favicons. use https://realfavicongenerator.net/ -->
<!-- end custom head snippets -->
</head>
<body class="layout--standards wide">
<nav class="skip-links">
<ul>
<li><a href="#site-nav" class="screen-reader-shortcut">Skip to primary navigation</a></li>
<li><a href="#main" class="screen-reader-shortcut">Skip to content</a></li>
<li><a href="#footer" class="screen-reader-shortcut">Skip to footer</a></li>
</ul>
</nav>
<div class="masthead">
<div class="masthead__inner-wrap">
<div class="masthead__menu">
<nav id="site-nav" class="greedy-nav">
<a class="site-logo" href="/"><img src="/images/DID.webp" alt="Decentralized Identity"></a>
<a class="site-title" href="/">
Decentralized Identity
</a>
<ul class="visible-links"><li class="masthead__menu-item">
<a href="/about/">Welcome</a>
</li><li class="masthead__menu-item">
<a href="/introduction/">Introduction</a>
</li><li class="masthead__menu-item">
<a href="/posts/">New</a>
</li><li class="masthead__menu-item">
<a href="/recent/">Updated</a>
</li><li class="masthead__menu-item">
<a href="/categories/">Categories</a>
</li><li class="masthead__menu-item">
<a href="/aim/">Aim</a>
</li></ul>
<button class="greedy-nav__toggle hidden" type="button">
<span class="visually-hidden">Toggle menu</span>
<div class="navicon"></div>
</button>
<ul class="hidden-links hidden"></ul>
</nav>
</div>
</div>
</div>
<div class="initial-content">
<div id="main" role="main">
<div class="sidebar sticky">
<img src="/images/the-world-map-from-a-binary-code.webp"
alt="Binary Globe by GDj">
<h3>Identity Decentralized</h3>
<nav class="nav__list">
<input id="ac-toc" name="accordion-toc" type="checkbox" />
<label for="ac-toc">Toggle menu</label>
<ul class="nav__items">
<li>
<a href="/"><span class="nav__sub-title">Home</span></a>
<ul>
<li><a href="/history/">• Resources & Pre-History</a></li>
<li><a href="/history/2000-2009/">• 2000-2009</a></li>
<li><a href="/history/2010-2014/">• 2010-2014</a></li>
<li><a href="/history/2015-2019/">• 2015-2019</a></li>
</ul>
</li>
<li>
<a href="/categories/#companies"><span class="nav__sub-title">New Pages New Structure</span></a>
<ul>
<li><a href="/companies/ValidatedID/">• ValidatedID</a></li>
<li><a href="/companies/ValidatedID/">• SpruceID</a></li>
<li><a href="/companies/Spherity/">• Spherity</a></li>
<li><a href="/companies/MyDEX/">• MyDEX</a></li>
<li><a href="/companies/Mattereum/">• Mattereum</a></li>
<li><a href="/companies/MagicLabs/">• Magic Labs</a></li>
<li><a href="/companies/Lissi/">• Lissi</a></li>
<li><a href="/companies/Indicio/">• Indicio</a></li>
<li><a href="/companies/IDramp/">• IDRamp</a></li>
<li><a href="/companies/GlobalID/">• GlobalID</a></li>
<li><a href="/companies/Gataca/">• Gataca</a></li>
</ul>
</li>
<li>
<span class="nav__sub-title">Literature</span>
<ul>
<li><a href="https://identosphere.net/">• Identosphere Blog Catcher</a></li>
<li><a href="https://newsletter.identosphere.net/">• Identosphere Newsletter</a></li>
<li><a href="/literature/self-sovereign-identity/">• SSI Literature</a></li>
<li><a href="/workshops/internet-identity-workshop/">• IIW Session Topics</a></li>
<li><a href="/workshops/rebooting-web-of-trust/">• RWoT Papers Index</a></li>
</ul>
</li>
<li>
<a href="/web-standards/"><span class="nav__sub-title">Web Standards</span></a>
<ul>
<li><a href="/web-standards/w3c/">• W3C</a></li>
<li><a href="/web-standards/w3c/wg/vc/verifiable-credentials/">• Verifiable Credentials</a></li>
<li><a href="/web-standards/linked-data/JSON-LD/">• JSON-LD</a></li>
<li><a href="/web-standards/gs1/">• GS1</a></li>
</ul>
</li>
<li>
<span class="nav__sub-title">Regulation</span>
<ul>
<li><a href="/government/europe/regulation/eidas/">• eIDAS</a></li>
<li><a href="/government/europe/regulation/gdpr/">• GDPR</a></li>
</ul>
</li>
<li>
<a href="/organizations/"><span class="nav__sub-title">Organizations</span></a>
<ul>
<li><a href="/organizations/decentralized-identity-foundation/">• Identity Foundation</a></li>
<li><a href="/organizations/mydata/">• My Data</a></li>
<li><a href="/blockchain/hyperledger/">• Hyperledger Foundation</a></li>
<li><a href="/organizations/sovrin-foundation/">• Sovrin Foundation</a></li>
<li><a href="/organizations/ssi-meetup/">• SSI Meetup</a></li>
<li><a href="/organizations/women-in-identity/">• Women in Identity</a></li>
</ul>
</li>
<li>
<span class="nav__sub-title">⧉InfoMine⧉</span>
<ul>
<li><a href="https://infominer.xyz/">• InfoHub</a></li>
<li><a href="https://identosphere.net/">• Identosphere Newsletter</a></li>
<li><a href="https://identosphere.net/">• Identosphere BlogCatcher</a></li>
<li><a href="https://bitcoinfo.xyz/history/">• Bitcoin Histories</a></li>
<li><a href="https://sourcecrypto.github.io/decentralized-web/">• Decentralized Web Histories</a></li>
<li><a href="https://sourcecrypto.github.io">• Source⧉Crypto</a></li>
</ul>
</li>
</ul>
</nav>
</div>
<article class="page h-entry" itemscope itemtype="https://schema.org/CreativeWork">
<meta itemprop="headline" content="Object Capability Model">
<meta itemprop="description" content="Computer scientist E. Dean Tribble stated that in smart contracts, identity-based access control did not support well dynamically changing permissions, compared to the object-capability model. He analogized the ocap model with giving a valet the key to ones car, without handing over the right to car ownership.">
<meta itemprop="datePublished" content="2021-04-18T00:00:00+13:00">
<meta itemprop="dateModified" content="2023-05-22T00:00:00+13:00">
<div class="page__inner-wrap">
<header>
<h1 id="page-title" class="page__title p-name" itemprop="headline">
<a href="https://decentralized-id.com/development/object-capabilities/" class="u-url" itemprop="url">Object Capability Model
</a>
</h1>
<p class="page__meta">
<span class="page__meta-readtime">
<i class="far fa-clock" aria-hidden="true"></i>
less than 1 minute read
</span>
</p>
</header>
<section class="page__content e-content" itemprop="text">
<aside class="sidebar__right ">
<nav class="toc">
<header><h4 class="nav__title"><i class="fas fa-link"></i> Contents</h4></header>
<ul class="toc__menu"><li><a href="#Main">Main</a></li><li><a href="#Literature">Literature</a></li></ul>
</nav>
</aside>
<h2 id="Main">Main</h2><ul>
<li><a href="https://fossandcrafts.org/episodes/20-hygiene-for-a-computing-pandemic.html">Hygiene for a computing pandemic</a>
<strong>From</strong>: fossandcrafts
<strong>Type: </strong>Post
<strong>Date:</strong> 2021-01-03
<strong>Tech:</strong> Object Capabilities
</li>
<blockquote><p>This episode of FOSS and Crafts features Christopher Lemmer Webber discussing the object capability security approach. Its a generalization not specific to VCs, continuing from the conversation on the CCG mailinglist, <a href="https://lists.w3.org/Archives/Public/public-credentials/2020Dec/0028.html">Hygiene for a computing pandemic: separation of VCs and ocaps/zcaps</a>, we shared last month.<br /></p>
</blockquote>
<li><a href="https://kyledenhartog.com/comparing-VCs-with-zcaps/">Comparing VCs to ZCAP-LD</a>
<strong>By</strong>:
Kyle Den Hartog
<strong>Type: </strong>Post
<strong>Date:</strong> 2021-09-25
<strong>Tech:</strong> Object Capabilities
</li>
<blockquote><p>Why make the investment then to put the time and effort into ZCAPs when weve already got VCs? Simply put because security is hard and trying to push square pegs into round holes often times leads to bugs which are elevated to mission critical authentication/authorization bypass vulnerabilities. By designing around a fit for purpose data model with a well defined problem being solved it allows for us to be much more precise about where we believe extensibility is important versus where normative statements should be made to simplify the processing of the data models. By extension this leads to a simpler security model and likely a much more robust design with fewer vulnerabilities.</p>
</blockquote>
<li><a href="https://lists.w3.org/Archives/Public/public-credentials/2020Dec/0027.html">Re: VCs - zCaps / OCap a Discussion</a>
<strong>From</strong>: CCG Mailing List
<strong>By</strong>:
Dave Longley
<strong>Type: </strong>Discussion
<strong>Date:</strong> 2020-12-05
<strong>Tech:</strong> Object Capabilities
</li>
<blockquote><p>TL; DR: My current view is that the main confusion here may be over the difference between VCs and LD Proofs, not VCs and ZCAPs. VCs are not a generalized container for attaching a cryptographic proof to a document. Thats what LD proofs (or JOSE style proofs) are for. VCs <em>use</em> LD proofs (or JOSE style proofs) to attach an assertion proof to a document that specifically models statements made by an issuer about some subject, which is therefore inherently about the identity of that subject</p>
</blockquote>
<li><a href="https://w3c-ccg.github.io/zcap-spec/">Authorization Capabilities for Linked Data v0.3</a>
<strong>From</strong>: CCG
<strong>Type: </strong>Specification
<strong>Date:</strong> 2023-01-22
</li>
<blockquote><p>Authorization Capabilities for Linked Data (ZCAP-LD for short) provides a secure way for linked data systems to grant and express authority utilizing the object capability model. Capabilities are represented as linked data objects which are signed with Linked Data Proofs. ZCAP-LD supports delegating authority to other entities on the network by chaining together capability documents. “Caveats” may be attached to capability documents which may be used to restrict the scope of their use, for example to restrict the actions which may be used or providing a mechanism by which the capability may be later revoked.<br /><br />[…] Relationship to Verifiable Credentials […]<br /><br />We seem to be in a conundrum. Claims and credentials are forms of correlation that allow us to reason about an entity in our squishy human world, but are unsafe when used as mechanisms to authorize some event to occur within a system. Capabilities are a safe mechanism to model the flow of authority through a system, but there are times when capabilities have not been granted and we need to make a “judgement call” by correlating information about that entity. What should we do?<br /><br />To pose the question is to see the answer: the right approach is to use each system for what it does best. Use correlation (Verifiable Credentials) in a reasoning system (most commonly human reasoning) as a path to make judgements about whether to hand an entity a specific set of initial capabilities. Use capabilities (ZCAP-LD) as the mechanism to grant and exercise authority through computing systems. To return to our system administrator example, when Alice applies for the job, she submits a series of credentials about her prior work history and degree, and Eva is able to verify that it is Alices former employers and university which have made these claims. Deciding that Alice is fit for the job, Eva hands Alice her initial capability which grants her authority to administrate the systems in question (with a caveat that allows Eva to revoke that authority at a future date, if appropriate). Alice uses that capability as the initial entry point into administrating the system.</p>
</blockquote>
<li><a href="https://github.com/dckc/awesome-ocap">Awesome Object Capabilities and Capability-based Security</a>
<strong>By</strong>:
Dan Connolly
<strong>Type: </strong>List
<strong>Date:</strong> 2023-03-03
</li>
<blockquote><p>Capability-based security enables the concise composition of powerful <a href="https://github.com/dckc/awesome-ocap/wiki">patterns</a> of cooperation without vulnerability. <a href="http://habitatchronicles.com/2017/05/what-are-capabilities/">What Are Capabilities?</a> explains in detail.</p>
</blockquote>
<li><a href="https://en.wikipedia.org/wiki/Object-capability_model">Object Capability Model</a>
<strong>From</strong>: Wikipedia
<strong>Type: </strong>Entry
<strong>Date:</strong> 2023-04-12
</li>
<blockquote><p>Computer scientist E. Dean Tribble stated that in smart contracts, identity-based access control did not support well dynamically changing permissions, compared to the object-capability model. He analogized the ocap model with giving a valet the key to ones car, without handing over the right to car ownership.<br /><br />The structural properties of object capability systems favor modularity in code design and ensure reliable encapsulation in code implementation.<br /><br />These structural properties facilitate the analysis of some security properties of an object-capability program or operating system. Some of these in particular, information flow properties can be analyzed at the level of object references and connectivity, independent of any knowledge or analysis of the code that determines the behavior of the objects. As a consequence, these security properties can be established and maintained in the presence of new objects that contain unknown and possibly malicious code.</p>
</blockquote>
<li><a href="http://erights.org/elib/capability/ode/ode-capabilities.html">Object Capabilities</a>
<strong>From</strong>: eRights
<strong>By</strong>:
Mark S. Miller
<strong>Type: </strong>Page
<strong>Date:</strong> 1998-10-03
</li>
<blockquote><p>The capability model is, in a sense, the object model taken to its logical extreme. Where object programmers seek modularity a decrease in the dependencies between separately thought-out units capability programmers seek security, recognizing that required trust is a form of dependency. Object programmers wish to guard against bugs: a bug in module A should not propagate to module B. Capability programmers wish to guard against malice. However, if B is designed to be invulnerable to As malice, it is likely also invulnerable to As bugs.</p>
</blockquote>
<ul><li><img src="http://erights.org/elib/capability/ode/images/money.png"/></li></ul>
</ul>
<h2 id="Literature">Literature</h2><ul>
<li><a href="https://w3c-ccg.github.io/zcap-spec/">Authorization Capabilities for Linked Data v0.3</a>
<strong>From</strong>: CCG
<strong>Type: </strong>Specification
<strong>Date:</strong> 2023-01-22
</li>
<blockquote><p>Authorization Capabilities for Linked Data (ZCAP-LD for short) provides a secure way for linked data systems to grant and express authority utilizing the object capability model. Capabilities are represented as linked data objects which are signed with Linked Data Proofs. ZCAP-LD supports delegating authority to other entities on the network by chaining together capability documents. “Caveats” may be attached to capability documents which may be used to restrict the scope of their use, for example to restrict the actions which may be used or providing a mechanism by which the capability may be later revoked.<br /><br />[…] Relationship to Verifiable Credentials […]<br /><br />We seem to be in a conundrum. Claims and credentials are forms of correlation that allow us to reason about an entity in our squishy human world, but are unsafe when used as mechanisms to authorize some event to occur within a system. Capabilities are a safe mechanism to model the flow of authority through a system, but there are times when capabilities have not been granted and we need to make a “judgement call” by correlating information about that entity. What should we do?<br /><br />To pose the question is to see the answer: the right approach is to use each system for what it does best. Use correlation (Verifiable Credentials) in a reasoning system (most commonly human reasoning) as a path to make judgements about whether to hand an entity a specific set of initial capabilities. Use capabilities (ZCAP-LD) as the mechanism to grant and exercise authority through computing systems. To return to our system administrator example, when Alice applies for the job, she submits a series of credentials about her prior work history and degree, and Eva is able to verify that it is Alices former employers and university which have made these claims. Deciding that Alice is fit for the job, Eva hands Alice her initial capability which grants her authority to administrate the systems in question (with a caveat that allows Eva to revoke that authority at a future date, if appropriate). Alice uses that capability as the initial entry point into administrating the system.</p>
</blockquote>
<li><a href="https://iiw.idcommons.net/DIDAuth_%2B_Obj._Cap.">DIDAuth + Obj. Cap. - IIW</a>
<strong>From</strong>: IDCommons
<strong>Type: </strong>Session notes
<strong>Date:</strong> 2018-10-31
<strong>Event:</strong> IIW
</li>
<blockquote><p>What is DIDAuth and how is it compatible with Object Capabilities?<br />We started by defining and describing object capabilities:<br />- A Capability is a Transferable Unforgeable Permission. It can be implemented with unguessable URLS or signed objects.<br />- A Java Program object reference is a capability, it allows for actions on the subject (the object instance).<br />- A stronger implementation of object capabilities involves a digital certificate issued by a public key, for a resource with a set of supported methods:<br /><code class="language-plaintext highlighter-rouge">Issuer: AlicePubKey</code><br /><code class="language-plaintext highlighter-rouge">Resource: did:dad:0x123</code><br /><code class="language-plaintext highlighter-rouge">Actions: Read,Write</code><br /><code class="language-plaintext highlighter-rouge">Signature: 0x456</code></p>
</blockquote>
<ul><li><img src="https://iiw.idcommons.net/images/c/cb/TH1G.jpg"/></li></ul>
<li><a href="https://github.com/WebOfTrustInfo/rwot8-barcelona/blob/master/topics-and-advance-readings/Applying_POLA_to_User_Interaction.md">Applying the Principle of Least Authority to User Interaction</a>
<strong>From</strong>: WebofTrustInfo
<strong>By</strong>:
Bill Tulloh
<strong>Type: </strong>Paper
<strong>Date:</strong> 2019-02-25
<strong>Event:</strong> rwot8-barcelona
</li>
<blockquote><p>Object capabilities (ocaps) are increasingly recognized as an important tool for achieving the goals of self-sovereign identity. Many of the principles of self-sovereign identity, such as minimization and protection, can best be achieved through the disciplined pursuit of the principle of least authority that ocaps enable. This paper examines how POLA can be extended to better protect users when exercising their self-sovereign identity.</p>
</blockquote>
<li><a href="https://github.com/WebOfTrustInfo/rwot8-barcelona/blob/master/topics-and-advance-readings/introductory-capability-dht-concept.md">Introductory Capability DHT</a>
<strong>From</strong>: WebofTrustInfo
<strong>By</strong>:
James Foley
<strong>Type: </strong>Paper
<strong>Date:</strong> 2019-02-08
<strong>Event:</strong> rwot7-toronto
</li>
<blockquote><p>The Object Capability software design paradigm is a powerful philosophy for the programming of decentralized applications particularly in the realms of security and rights management.</p>
</blockquote>
<li><a href="https://github.com/WebOfTrustInfo/rwot7-toronto/blob/master/final-documents/mental-models.md">Models of Identity</a>
<strong>From</strong>: WebofTrustInfo
<strong>By</strong>:
Joe Andrieu, Nathan George, Christophe Macintosh, Ouri Poupko, Antoine Rondelet, Andrew Hughes
<strong>Type: </strong>Paper
<strong>Date:</strong> 2020-05-17
<strong>Event:</strong> rwot7-toronto
</li>
<blockquote><p><strong>Security</strong><strong>Liberty</strong><strong>Data</strong><strong>Relationship</strong><strong>Capability</strong> <br /><br />Considering different models for handling identity information allows reconciliation, and creates opportunities to address primary use cases across paradigms, increasing overall strength and security of a solution.<br />[…]<br />In the Object Capabilities model, authorization is managed by creating, sharing, attenuating, and using “capabilities” instead of, for example, access control lists. If you have a valid “capability”, you have the authorization. Like a car key, Object Capabilities may be used no matter who you are. This model shifts the burden of identification from error-prone correlations to directly work with individuals actual capabilities.</p>
</blockquote>
<li><a href="https://github.com/WebOfTrustInfo/rwot7-toronto/blob/master/topics-and-advance-readings/crypto-data-model-requirements.md">Cryptographic and Data Modeling Requirements from RWoT</a>
<strong>From</strong>: WebofTrustInfo
<strong>By</strong>:
Manu Sporny, Dave Longley, Christopher Lemmer Webber
<strong>Type: </strong>Paper
<strong>Date:</strong> 2018-08-23
<strong>Event:</strong> rwot7-toronto
</li>
<blockquote><p>This paper introduces the uninitiated to the requirements that have been identified over the years that are driving the community toward certain technological solutions.<br /><br />Rebooting the Web of Trust is a community that is attempting to create a decentralized ecosystem that enables people to be in control of various aspects of their data and identity information. The group often talks about Decentralized Identifiers, Verifiable Credentials, Object Capabilities, ed25519 keys, cryptographic identifiers, and other technologies but rarely spends time documenting how we got here.</p>
</blockquote>
<li><a href="https://github.com/WebOfTrustInfo/rwot6-santabarbara/blob/master/topics-and-advance-readings/ld-ocap-recent-happenings.md">Recent happenings with Linked Data Capabilities</a>
<strong>From</strong>: WebofTrustInfo
<strong>By</strong>:
Christopher Lemmer Webber
<strong>Type: </strong>Paper
<strong>Date:</strong> 2018-03-02
<strong>Event:</strong> rwot6-santabarbera
</li>
<blockquote><p>One of the outputs from Rebooting Web of Trust Fall 2017 was a writeup on Linked Data Capabilities based on discussions from the workshop (and particularly thanks to the guide of Mark S. Millers longstanding work on object capabilities). While the writeup speaks for itself, in short Linked Data Capabilities provide a way to encode object capability security to linked data systems. Much has happened since then.<br /><br />After the workshop ideas from the paper were reified into specification form and the W3C Credentials Community Group has taken on the specification as an official work item of the group. Some changes have happened in the design of Linked Data Capabilities from the initial Rebooting Web of Trust paper</p>
</blockquote>
<li><a href="https://github.com/WebOfTrustInfo/rwot5-boston/blob/master/draft-documents/smarm.md">Smarm: Requirements for a smart-signatures Scheme</a>
<strong>From</strong>: WebofTrustInfo
<strong>By</strong>:
Christopher Lemmer Webber and Christopher Allen
<strong>Type: </strong>Paper
<strong>Date:</strong> 2017-10-05
<strong>Event:</strong> rwot5-boston
</li>
<blockquote><p><a href="https://github.com/WebOfTrustInfo/rwot5-boston/blob/master/draft-documents/smarm.md">Smart signatures</a> are desirable, but how to implement them? We need a language that is powerful and flexible enough to meet our needs while safe and bounded to run while remaining simple enough to feasibly implement.<br /><br /><a href="https://en.wikipedia.org/wiki/Scheme_programming_language">Scheme</a> is a turing-complete language with a (at least stated) fondness for minimalism. Unfortunately Scheme on its own is neither “safe” nor (necessarily) deterministic. Thankfully we can get the properties we want through:<br /><br />- Making object capabilities a core part of the language. Specifically, <a href="http://mumble.net/~jar/pubs/secureos/secureos.html">Jonathan Rees “W7 security kernel”</a> demonstrates that a pure lexically scoped environment is itself an appropritate substrate for object capabilities.<br />- Restricting space and time precisely in a way that is deterministic and reproducible.<br />- Removing sources of external side effects.</p>
</blockquote>
<li><a href="https://github.com/WebOfTrustInfo/rwot5-boston/blob/master/final-documents/identity-hubs-capabilities-perspective.md">Identity Hubs Capabilities Perspective</a>
<strong>From</strong>: WebofTrustInfo
<strong>By</strong>:
Adrian Gropper, Drummond Reed, Mark S. Miller
<strong>Type: </strong>Paper
<strong>Date:</strong> 2017-10-14
<strong>Event:</strong> rwot5-boston
</li>
<blockquote><p>Identity Hubs as currently proposed in the Decentralized Identity Foundation (DIF) are a subset of a general Decentralized Identifier (DID) based user-controlled agent, based on ACLs rather than an object-capabilities (ocap) architecture. The current approach has both security and scalability issues. Transitioning the Hubs design to an ocap model can be achieved by introducing an UMA authorization server as the control endpoint. This avoids creating confused-deputy security issues and expands scale by enabling the hub to delegate access to resources not stored in the hub itself.</p>
</blockquote>
<li><a href="https://github.com/WebOfTrustInfo/rwot5-boston/blob/master/final-documents/lds-ocap.md">Linked Data Capabilities</a>
<strong>From</strong>: WebofTrustInfo
<strong>By</strong>:
Christopher Lemmer Webber, Mark S. Miller
<strong>Type: </strong>Paper
<strong>Date:</strong> 2022-11-28
<strong>Event:</strong> rwot5-boston
</li>
<blockquote><p>Linked Data Signatures enable a method of asserting the integrity of linked data documents that are passed throughout the web. The object capability model is a powerful system for ensuring the security of computing systems. In this paper, we explore layering an object capability model on top of Linked Data Signatures via chains of signed proclamations. fn:1 We call this system “Linked Data Capabilities”, or “ld-ocap” for short.</p>
</blockquote>
</ul>
</section>
<footer class="page__meta">
<h4 class="page__meta-title">Meta</h4>
<p class="page__taxonomy">
<strong><i class="fas fa-fw fa-tags" aria-hidden="true"></i> Tags </strong>
<span itemprop="keywords">
<a href="/tags/#cosmos" class="page__taxonomy-item p-category" rel="tag">Cosmos</a><span class="sep">, </span>
<a href="/tags/#json-ld" class="page__taxonomy-item p-category" rel="tag">JSON-LD</a><span class="sep">, </span>
<a href="/tags/#ocap" class="page__taxonomy-item p-category" rel="tag">oCap</a><span class="sep">, </span>
<a href="/tags/#zcap" class="page__taxonomy-item p-category" rel="tag">zCap</a>
</span>
</p>
<p class="page__taxonomy">
<strong><i class="fas fa-fw fa-folder-open" aria-hidden="true"></i> Categories: </strong>
<span itemprop="keywords">
<a href="/categories/#technology" class="page__taxonomy-item p-category" rel="tag">Technology</a>
</span>
</p>
<p class="page__date"><strong><i class="fas fa-fw fa-calendar-alt" aria-hidden="true"></i> Updated:</strong> <time class="dt-published" datetime="2023-05-22">May 22, 2023</time></p>
</footer>
<section class="page__share">
<h3 class="page__share-title">Share on</h3>
<a href="https://twitter.com/intent/tweet?via=infominer33&text=Object+Capability+Model%20https%3A%2F%2Fdecentralized-id.com%2Fdevelopment%2Fobject-capabilities%2F" class="btn btn--twitter" onclick="window.open(this.href, 'window', 'left=20,top=20,width=500,height=500,toolbar=1,resizable=0'); return false;" title="Share on Twitter"><i class="fab fa-fw fa-twitter" aria-hidden="true"></i><span> Twitter</span></a>
<a href="https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fdecentralized-id.com%2Fdevelopment%2Fobject-capabilities%2F" class="btn btn--facebook" onclick="window.open(this.href, 'window', 'left=20,top=20,width=500,height=500,toolbar=1,resizable=0'); return false;" title="Share on Facebook"><i class="fab fa-fw fa-facebook" aria-hidden="true"></i><span> Facebook</span></a>
<a href="https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fdecentralized-id.com%2Fdevelopment%2Fobject-capabilities%2F" class="btn btn--linkedin" onclick="window.open(this.href, 'window', 'left=20,top=20,width=500,height=500,toolbar=1,resizable=0'); return false;" title="Share on LinkedIn"><i class="fab fa-fw fa-linkedin" aria-hidden="true"></i><span> LinkedIn</span></a>
<a href="https://www.reddit.com/submit?url=https%3A%2F%2Fdecentralized-id.com%2Fdevelopment%2Fobject-capabilities%2F&title=Object+Capability+Model" class="btn btn--reddit" title="Share on Reddit"><i class="fab fa-fw fa-reddit" aria-hidden="true"></i><span> Reddit</span></a>
</section>
<nav class="pagination">
<a href="/resources/" class="pagination--pager" title="SSI Resources: Directories, Courses, Curated Lists, Blogs, Podcasts and more.
">Previous</a>
<a href="/companies/Gataca/" class="pagination--pager" title="Gataca
">Next</a>
</nav>
</div>
<div class="page__comments">
<section id="static-comments">
</section>
</div>
</article>
<div class="page__related">
<h2 class="page__related-title">See Also</h2>
<div class="grid__wrapper">
<div class="grid__item">
<article class="archive__item" itemscope itemtype="https://schema.org/CreativeWork">
<div class="archive__item-teaser">
<img src="/images/did-square.webp" alt="">
</div>
<br><strong><a href="/web-standards/w3c/verifiable-credentials/standards-and-development/" rel="permalink">Verifiable Credentials - Working Groups, Standards and Development
</a></strong>
<p class="archive__item-excerpt" itemprop="description">Verifiable credentials (VCs) are the electronic equivalent of the physical credentials that we all possess today, such as: plastic cards, passports, driving licenses, qualifications and awards, etc. The data model for verifiable credentials is a World Wide Web Consortium Recommendation, “Verifiab...</p>
<p class="page__meta"><strong>Updated:</strong> 2023-08-29 <i class="far fa-clock" aria-hidden="true"></i>
less than 1 minute read
</p>
<small><strong>Tags:</strong></small>
<div class="tags">Claims and Credentials WG</div>
<div class="tags">Credentials Community Group</div>
<div class="tags">FIDO</div>
<div class="tags">JSON-LD</div>
<div class="tags">OAuth</div>
<div class="tags">VC-WG</div>
<div class="tags">Verifiable Credentials</div>
<div class="tags">W3C</div>
</article>
</div>
<div class="grid__item">
<article class="archive__item" itemscope itemtype="https://schema.org/CreativeWork">
<div class="archive__item-teaser">
<img src="/images/did-square.webp" alt="">
</div>
<br><strong><a href="/web-standards/w3c/decentralized-identifier/did-methods/" rel="permalink">DID Methods - Various
</a></strong>
<p class="archive__item-excerpt" itemprop="description">DID methods are the magic ingredient that gives DIDs their flexibility. Before creating any specific DID, you first choose a DID method, which determines how you perform the create, read, update, and deactivate operations on a DID of that method.
Once created, each DID includes the name of its me...</p>
<p class="page__meta"><strong>Updated:</strong> 2023-08-18 <i class="far fa-clock" aria-hidden="true"></i>
less than 1 minute read
</p>
<small><strong>Tags:</strong></small>
<div class="tags">51nodes</div>
<div class="tags">ABT Network</div>
<div class="tags">Aergo</div>
<div class="tags">Alastria</div>
<div class="tags">ArcBlock</div>
<div class="tags">Ardor</div>
<div class="tags">BCGov</div>
<div class="tags">BIF</div>
<div class="tags">BOTLabs</div>
<div class="tags">BSC</div>
<div class="tags">Baidu</div>
<div class="tags">Besu</div>
<div class="tags">BiiLabs</div>
<div class="tags">Binance</div>
<div class="tags">Bitcoin</div>
<div class="tags">BlockchainCommons</div>
<div class="tags">Blockcore</div>
<div class="tags">Blocko</div>
<div class="tags">Blockstack</div>
<div class="tags">Celo</div>
<div class="tags">Ceramic Network</div>
<div class="tags">Chainyard</div>
<div class="tags">Cloudchain</div>
<div class="tags">Commercio</div>
<div class="tags">Consensys</div>
<div class="tags">Consent</div>
<div class="tags">Corda</div>
<div class="tags">Cosmos</div>
<div class="tags">Credentials Community Group</div>
<div class="tags">DID:AERGO</div>
<div class="tags">DID:ALA</div>
<div class="tags">DID:AVVCYBER</div>
<div class="tags">DID:BBA</div>
<div class="tags">DID:BID</div>
<div class="tags">DID:BNB</div>
<div class="tags">DID:BRYK</div>
<div class="tags">DID:BTCR</div>
<div class="tags">DID:CCP</div>
<div class="tags">DID:CELO</div>
<div class="tags">DID:COM</div>
<div class="tags">DID:CORDA</div>
<div class="tags">DID:DID</div>
<div class="tags">DID:DOCK</div>
<div class="tags">DID:DOGE</div>
<div class="tags">DID:ECHO</div>
<div class="tags">DID:ELASTOS</div>
<div class="tags">DID:ELEM</div>
<div class="tags">DID:EMTRUST</div>
<div class="tags">DID:EOS</div>
<div class="tags">DID:ERC725</div>
<div class="tags">DID:ETHO</div>
<div class="tags">DID:ETHR</div>
<div class="tags">DID:EVAN</div>
<div class="tags">DID:FACTOM</div>
<div class="tags">DID:GATC</div>
<div class="tags">DID:GIT</div>
<div class="tags">DID:GITHUB</div>
<div class="tags">DID:GRG</div>
<div class="tags">DID:HEDERA</div>
<div class="tags">DID:HOLO</div>
<div class="tags">DID:ICON</div>
<div class="tags">DID:INDY</div>
<div class="tags">DID:IO</div>
<div class="tags">DID:ION</div>
<div class="tags">DID:IPID</div>
<div class="tags">DID:IS</div>
<div class="tags">DID:IWT</div>
<div class="tags">DID:JLINC</div>
<div class="tags">DID:JNCTN</div>
<div class="tags">DID:JOLO</div>
<div class="tags">DID:JWK</div>
<div class="tags">DID:KEY</div>
<div class="tags">DID:KILT</div>
<div class="tags">DID:KLAY</div>
<div class="tags">DID:LIFE</div>
<div class="tags">DID:META</div>
<div class="tags">DID:MOAC</div>
<div class="tags">DID:MORPHEUS</div>
<div class="tags">DID:NEAR</div>
<div class="tags">DID:NFT</div>
<div class="tags">DID:OBJECT</div>
<div class="tags">DID:OCKAM</div>
<div class="tags">DID:OMN</div>
<div class="tags">DID:ONION</div>
<div class="tags">DID:ONT</div>
<div class="tags">DID:OP</div>
<div class="tags">DID:ORB</div>
<div class="tags">DID:PANACEA</div>
<div class="tags">DID:PEER</div>
<div class="tags">DID:PISTIS</div>
<div class="tags">DID:PKH</div>
<div class="tags">DID:PTN</div>
<div class="tags">DID:SAN</div>
<div class="tags">DID:SCHEMA</div>
<div class="tags">DID:SELFKEY</div>
<div class="tags">DID:SIGNOR</div>
<div class="tags">DID:SIRIUS</div>
<div class="tags">DID:SOV</div>
<div class="tags">DID:STACK</div>
<div class="tags">DID:TAG</div>
<div class="tags">DID:TANGLE</div>
<div class="tags">DID:TRUSTBLOC</div>
<div class="tags">DID:TRX</div>
<div class="tags">DID:TTM</div>
<div class="tags">DID:TWIT</div>
<div class="tags">DID:TYRON</div>
<div class="tags">DID:TYS</div>
<div class="tags">DID:TZ</div>
<div class="tags">DID:UNDID</div>
<div class="tags">DID:UNISOT</div>
<div class="tags">DID:UNS</div>
<div class="tags">DID:V1</div>
<div class="tags">DID:VAA</div>
<div class="tags">DID:VAULTIE</div>
<div class="tags">DID:VID</div>
<div class="tags">DID:VVO</div>
<div class="tags">DID:WEB</div>
<div class="tags">DID:WLK</div>
<div class="tags">DID:WORK</div>
<div class="tags">Decentralized Identifiers</div>
<div class="tags">Digital Bazaar</div>
<div class="tags">Dock</div>
<div class="tags">EOS</div>
<div class="tags">ERC725</div>
<div class="tags">Echo</div>
<div class="tags">Elastos</div>
<div class="tags">Element</div>
<div class="tags">Email</div>
<div class="tags">Ethereum</div>
<div class="tags">Evan Network</div>
<div class="tags">Evernym</div>
<div class="tags">Fabric</div>
<div class="tags">Factom</div>
<div class="tags">GRGBanking</div>
<div class="tags">Gatica</div>
<div class="tags">Github</div>
<div class="tags">GrgChain</div>
<div class="tags">Halialabs</div>
<div class="tags">Hashgraph</div>
<div class="tags">Holochain</div>
<div class="tags">Hydra</div>
<div class="tags">Hyland Credentials</div>
<div class="tags">IBM</div>
<div class="tags">ICONLOOP</div>
<div class="tags">IIW</div>
<div class="tags">ION</div>
<div class="tags">IOP</div>
<div class="tags">IOTA</div>
<div class="tags">IPFS</div>
<div class="tags">Indy</div>
<div class="tags">InfoWallet</div>
<div class="tags">IoTeX</div>
<div class="tags">JLinc</div>
<div class="tags">JWK</div>
<div class="tags">Jnctn</div>
<div class="tags">Jolocom</div>
<div class="tags">KILT</div>
<div class="tags">Klaytn</div>
<div class="tags">MOAC</div>
<div class="tags">MediBloc</div>
<div class="tags">Metadium</div>
<div class="tags">Microsoft</div>
<div class="tags">NEAR</div>
<div class="tags">Ocean Protocol</div>
<div class="tags">Ockam</div>
<div class="tags">OmniOne</div>
<div class="tags">Ontology</div>
<div class="tags">Panacea</div>
<div class="tags">ProximaX</div>
<div class="tags">Quorum</div>
<div class="tags">RChain</div>
<div class="tags">RWoT</div>
<div class="tags">Raonsecure</div>
<div class="tags">SecureKey</div>
<div class="tags">SelfKey</div>
<div class="tags">SelfKey Identity</div>
<div class="tags">Sovrin</div>
<div class="tags">Sovrin Foundation</div>
<div class="tags">SpaceElephant</div>
<div class="tags">Sphereon</div>
<div class="tags">SpruceID</div>
<div class="tags">Swisscom</div>
<div class="tags">TIFAC-CORE</div>
<div class="tags">TMChain</div>
<div class="tags">TOR</div>
<div class="tags">TRON</div>
<div class="tags">Teleinfo CAICT</div>
<div class="tags">Token.TM</div>
<div class="tags">TranSendX</div>
<div class="tags">Transmute</div>
<div class="tags">Twitter</div>
<div class="tags">UNISOT</div>
<div class="tags">UNS</div>
<div class="tags">VP</div>
<div class="tags">Vaultie</div>
<div class="tags">VeramoLabs</div>
<div class="tags">Veres One</div>
<div class="tags">Vivvo</div>
<div class="tags">W3C</div>
<div class="tags">Weelink</div>
<div class="tags">Workday</div>
<div class="tags">YLZ Inc</div>
<div class="tags">Zilliqa</div>
<div class="tags">bryk</div>
<div class="tags">cryptonics</div>
<div class="tags">hyperledger foundation</div>
<div class="tags">lifeID</div>
<div class="tags">uPort</div>
</article>
</div>
<div class="grid__item">
<article class="archive__item" itemscope itemtype="https://schema.org/CreativeWork">
<div class="archive__item-teaser">
<img src="/images/did-square.webp" alt="">
</div>
<br><strong><a href="/organizations/we-are-open/" rel="permalink">We Are Open Cooperative
</a></strong>
<p class="archive__item-excerpt" itemprop="description">Were a collective of independent thinkers and makers helping charities, ethical companies, government departments and educational institutions with sensemaking and digital transformation.
</p>
<p class="page__meta"><strong>Updated:</strong> 2023-08-13 <i class="far fa-clock" aria-hidden="true"></i>
7 minute read
</p>
<small><strong>Tags:</strong></small>
<div class="tags">Accredible</div>
<div class="tags">BCdiploma</div>
<div class="tags">Badge List</div>
<div class="tags">BadgeCollect</div>
<div class="tags">BadgeFactor</div>
<div class="tags">BadgeOS</div>
<div class="tags">Badgecraft</div>
<div class="tags">Badgetree™</div>
<div class="tags">Bestr</div>
<div class="tags">CanCred.ca</div>
<div class="tags">Canvas Credentials</div>
<div class="tags">Credly</div>
<div class="tags">ForAllRubrics</div>
<div class="tags">HPass</div>
<div class="tags">Hyland Credentials</div>
<div class="tags">Keep Badges Weird</div>
<div class="tags">Milestone</div>
<div class="tags">NOCTI</div>
<div class="tags">Open Badge Factory</div>
<div class="tags">Open Badges</div>
<div class="tags">Open Recognition</div>
<div class="tags">Openbadges.me</div>
<div class="tags">Participate</div>
<div class="tags">RedCritter</div>
<div class="tags">Sertifier</div>
<div class="tags">VerifyEd</div>
<div class="tags">We are Open</div>
</article>
</div>
<div class="grid__item">
<article class="archive__item" itemscope itemtype="https://schema.org/CreativeWork">
<div class="archive__item-teaser">
<img src="/images/did-square.webp" alt="">
</div>
<br><strong><a href="/organizations/openid/" rel="permalink">OpenID Foundation
</a></strong>
<p class="archive__item-excerpt" itemprop="description">Founded in 2007, the OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. We are global vibrant community where identity peers and thought leaders convene to craft the identity ecosystems of tomorrow.
</p>
<p class="page__meta"><strong>Updated:</strong> 2023-08-12 <i class="far fa-clock" aria-hidden="true"></i>
7 minute read
</p>
<small><strong>Tags:</strong></small>
<div class="tags">GAIN</div>
<div class="tags">Open Banking</div>
<div class="tags">OpenID</div>
<div class="tags">SSE</div>
<div class="tags">Standards Development Org</div>
</article>
</div>
</div>
</div>
</div>
</div>
<div id="footer" class="page__footer">
<footer>
<!-- start custom footer snippets -->
<!-- end custom footer snippets -->
<div class="page__footer-follow">
<ul class="social-icons">
<li><strong>Follow:</strong></li>
<li><a href="mailto:nfo@infominer.xyz" rel="nofollow noopener noreferrer"><i class="fas fa-fw fa-envelope-square" aria-hidden="true"></i> Email</a></li>
<li><a href="https://decentralized-id.com" rel="nofollow noopener noreferrer"><i class="fas fa-fw fa-link" aria-hidden="true"></i> Website</a></li>
<li><a href="https://twitter.com/DecentralizeID" rel="nofollow noopener noreferrer"><i class="fab fa-fw fa-twitter-square" aria-hidden="true"></i> Twitter</a></li>
<li><a href="https://github.com/Decentralized-ID" rel="nofollow noopener noreferrer"><i class="fab fa-fw fa-github" aria-hidden="true"></i> GitHub</a></li>
<li><a href="/feed.xml"><i class="fas fa-fw fa-rss-square" aria-hidden="true"></i> Feed</a></li>
</ul>
</div>
<script data-goatcounter="https://didecentral.goatcounter.com/count" async src="//gc.zgo.at/count.js"></script>
<div class="page__footer-copyright"><a href="https://infominer.xyz">infominer</a><a href="https://creativecommons.org/publicdomain/zero/1.0/">Creative Commons (CC0 1.0) Public Domain</a> ⧉ Powered by <a href="https://mademistakes.com/work/minimal-mistakes-jekyll-theme/" rel="nofollow">Minimal Mistakes</a> via <a href="https://web-work.tools/jamstack/github-pages-starter-pack/">Github Pages</a>. ⧉</div>
</footer>
</div>
<script src="/assets/js/main.min.js"></script>
<script src="https://kit.fontawesome.com/4eee35f757.js"></script>
<!-- start custom analytics snippet -->
<!-- end custom analytics snippet -->
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink