Info on DigitalBazaar's use of capabilities in production
7 views
Skip to first unread message
Alan Karp
Oct 31, 2025, 4:51:57 PM10/31/25
to <friam@googlegroups.com>, cap-...@googlegroups.com
which is a convenience wrapper on top of
We also have a middleware library for Express.js (if you're using that):
I haven't read the READMEs for those pages yet, but it's on my list.
--------------
Alan Karp
Dan Connolly
Apr 1, 2026, 7:34:44 PM (2 days ago) Apr 1
to fr...@googlegroups.com
At a glance, I'm struggling to figure out which end is up.
How would I do makeCounter()?
or makeMint?
--
You received this message because you are subscribed to the Google Groups "friam" group.
To unsubscribe from this group and stop receiving emails from it, send an email to friam+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/friam/CANpA1Z1jsmupe4P-UzO%3DrQ-eZ71fDjzZ1J4GAVaZsOequK5Nsw%40mail.gmail.com.
--
Dan Connolly
Dan Connolly
Alan Karp
Apr 1, 2026, 7:36:15 PM (2 days ago) Apr 1
to fr...@googlegroups.com
I don't know, but I know who to ask.
--------------
Alan Karp
Alan Karp
To view this discussion visit https://groups.google.com/d/msgid/friam/CAD2YivYs67p-9mLb2dTESbpXP7LFksq7oARn3kJ3P_CsO8HSsg%40mail.gmail.com.
Alan Karp
Apr 1, 2026, 7:49:14 PM (2 days ago) Apr 1
to fr...@googlegroups.com
On Wed, Apr 1, 2026 at 4:34 PM Dan Connolly <dc...@madmode.com> wrote:
To view this discussion visit https://groups.google.com/d/msgid/friam/CAD2YivYs67p-9mLb2dTESbpXP7LFksq7oARn3kJ3P_CsO8HSsg%40mail.gmail.com.
Dan Connolly
Apr 2, 2026, 1:35:35 AM (yesterday) Apr 2
to fr...@googlegroups.com
On Wed, Apr 1, 2026 at 6:49 PM Alan Karp <alan...@gmail.com> wrote:
Not at a glance.
It's odd that the 1st property in a zcap is who. That seems like the opposite of capabilities.
To view this discussion visit https://groups.google.com/d/msgid/friam/CANpA1Z1m4yJvnR9vpBFPD7HCfe_PMC8ZycAm4OCUna%2BHz_0hAg%40mail.gmail.com.
Alan Karp
Apr 2, 2026, 12:55:26 PM (22 hours ago) Apr 2
to fr...@googlegroups.com
On Wed, Apr 1, 2026 at 10:35 PM Dan Connolly <dc...@madmode.com> wrote:
It's odd that the 1st property in a zcap is who. That seems like the opposite of capabilities.
It's just a poor choice of words. "Who" is really the public key the certificate is issued to. I'll be working on the next version of the spec. What word should we use?
As to your original question, makeCounter() and makeMint() are examples from object-references-as-capabilities, which are integrated into the application logic in a way that certificates-as-capabilities are not. So, instead of returning a reference to an object with a counter() method, you would create a "count" resource with a counter() (and perhaps another) method and create a root certificate for it. You would then delegate to a "who" (really a public key) permission to the counter() method of the "count" resource.
--------------
Alan Karp
Alan Karp
To view this discussion visit https://groups.google.com/d/msgid/friam/CAD2Yivb%2BnSRPhY-TM5C-eFYEwKe7DQDv1i4eN8G_7J%3DL0%2BoL1A%40mail.gmail.com.
Matt Rice
Apr 2, 2026, 7:15:21 PM (15 hours ago) Apr 2
to fr...@googlegroups.com
On Thu, Apr 2, 2026 at 4:55 PM Alan Karp <alan...@gmail.com> wrote:
>
> On Wed, Apr 1, 2026 at 10:35 PM Dan Connolly <dc...@madmode.com> wrote:
>>
>>
>> It's odd that the 1st property in a zcap is who. That seems like the opposite of capabilities.
>>
> It's just a poor choice of words. "Who" is really the public key the certificate is issued to. I'll be working on the next version of the spec. What word should we use?
I wonder whether the word origin might work, as it really doesn't
>
> On Wed, Apr 1, 2026 at 10:35 PM Dan Connolly <dc...@madmode.com> wrote:
>>
>>
>> It's odd that the 1st property in a zcap is who. That seems like the opposite of capabilities.
>>
> It's just a poor choice of words. "Who" is really the public key the certificate is issued to. I'll be working on the next version of the spec. What word should we use?
imply that the origin is a person or anything.
but perhaps it could be confused with the web's usage of origin? If
so, I wonder about something such as originator,
though that seems to imply that the origin is a single entity.
Alan Karp
Apr 2, 2026, 7:20:43 PM (15 hours ago) Apr 2
to fr...@googlegroups.com
On Thu, Apr 2, 2026 at 4:15 PM Matt Rice <rat...@gmail.com> wrote:
I wonder whether the word origin might work, as it really doesn't
imply that the origin is a person or anything.
but perhaps it could be confused with the web's usage of origin? If
so, I wonder about something such as originator,
though that seems to imply that the origin is a single entity.
"Origin" implies first, but "who" appears at each delegation.
I was thinking of delegate or delegatee. That carries a bit of an identity flavor but less than "who." Another option is "parent," as in the parent of a node in a graph.
--------------
Alan Karp
Alan Karp
To view this discussion visit https://groups.google.com/d/msgid/friam/CACTLOFrU%2BjttB-vgLq%3D%3DG%3DR3KzH5zJ_61Fvkh5vAF8HDoCSkhQ%40mail.gmail.com.
Matt Rice
Apr 2, 2026, 8:11:01 PM (14 hours ago) Apr 2
to fr...@googlegroups.com
On Thu, Apr 2, 2026 at 11:20 PM Alan Karp <alan...@gmail.com> wrote:
>
> On Thu, Apr 2, 2026 at 4:15 PM Matt Rice <rat...@gmail.com> wrote:
>>
>>
>> I wonder whether the word origin might work, as it really doesn't
>> imply that the origin is a person or anything.
>> but perhaps it could be confused with the web's usage of origin? If
>> so, I wonder about something such as originator,
>> though that seems to imply that the origin is a single entity.
>
>
> "Origin" implies first, but "who" appears at each delegation.
>
Ahh, I didn't consider it an issue in the sense that e.g. having a
>
> On Thu, Apr 2, 2026 at 4:15 PM Matt Rice <rat...@gmail.com> wrote:
>>
>>
>> I wonder whether the word origin might work, as it really doesn't
>> imply that the origin is a person or anything.
>> but perhaps it could be confused with the web's usage of origin? If
>> so, I wonder about something such as originator,
>> though that seems to imply that the origin is a single entity.
>
>
> "Origin" implies first, but "who" appears at each delegation.
>
flight layover might mean that the origin of a flight's airplane
diverges from its passengers origin. I considered it relative to the
last delegation. But I do understand that could put you off using it.
Rob Meijer
3:58 AM (7 hours ago) 3:58 AM
to fr...@googlegroups.com
On Thu, Apr 2, 2026 at 6:55 PM Alan Karp <alan...@gmail.com> wrote:
On Wed, Apr 1, 2026 at 10:35 PM Dan Connolly <dc...@madmode.com> wrote:It's odd that the 1st property in a zcap is who. That seems like the opposite of capabilities.It's just a poor choice of words. "Who" is really the public key the certificate is issued to. I'll be working on the next version of the spec. What word should we use?
Maybe it's not serious enough, but in in discussions I've been having about VaultFS (where the equivalent is an instance of an executable running under a uid, so something like /usr/bin/myapp@rob in my case), and instead of "Who" I use "Woa" as "who"-like short for "Wielder Of Authority". Think it might suit the cryptographic scenario too.
To view this discussion visit https://groups.google.com/d/msgid/friam/CANpA1Z0o1ZJddSTVO6DM0PgWQ63Zc_WZ7FHYzOJThKYpz9-t5A%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages