Decentralized Authorization: Plumbing for Permissionless Interoperation

A presentation at Protocol Labs Network LabWeek22 in November 2022 in Lisbon, Portugal by Brooklyn Zelenka

Slide 1

Slide 1

Decentralized Authorization Plumbing for Permissionless Interoperation

Slide 2

Slide 2

Slide 3

Slide 3

The limitation of local knowledge is the fundamental fact about the setting in which we work, and it is a very powerful limitation – Nancy Lynch, A Hundred Impossibility Proofs for Distributed Computing

Slide 4

Slide 4

Brooklyn Zelenka @expede

Slide 5

Slide 5

Brooklyn Zelenka @expede • Cofounder & CTO at Fission • @FissionCodes • https://fission.codes • Tools & protocols for edge & web3 • IPVM, WNFS, Dialog, UCAN, etc • Knows a thing or two about the UCAN spec

Slide 6

Slide 6

Slide 7

Slide 7

Nothing less than connecting all of the world’s users & services. The “HTTP” storage and compute equivalent: open, interoperable, & everywhere. Must be substantially better than Web 2.0

Slide 8

Slide 8

How to Power a New Internet ⚡

Slide 9

Slide 9

How to Power a New Internet ⚡

Slide 10

Slide 10

How to Power a New Internet ⚡ Causal Islands 🏖🏝

Slide 11

Slide 11

How to Power a New Internet ⚡ Causal Islands 🏖🏝

Slide 12

Slide 12

How to Power a New Internet ⚡ Causal Islands 🏖🏝

Slide 13

Slide 13

How to Power a New Internet ⚡ Causal Islands 🏖🏝

Slide 14

Slide 14

How to Power a New Internet ⚡ High Level Dependencies

Slide 15

Slide 15

How to Power a New Internet ⚡ High Level Dependencies Compute ⚙

Slide 16

Slide 16

How to Power a New Internet ⚡ High Level Dependencies Compute ⚙ Data 💾

Slide 17

Slide 17

How to Power a New Internet ⚡ High Level Dependencies Compute ⚙ Data 💾 Auth 🎟

Slide 18

Slide 18

How to Power a New Internet ⚡ Too Much & Not Enough

Slide 19

Slide 19

How to Power a New Internet ⚡ Too Much & Not Enough 💁

Slide 20

Slide 20

How to Power a New Internet ⚡ Too Much & Not Enough ⚙ 🛠 💁 🚀

Slide 21

Slide 21

How to Power a New Internet ⚡ Too Much & Not Enough 💾 ⚙ 🛠 💁 🚀

Slide 22

Slide 22

How to Power a New Internet ⚡ Too Much & Not Enough 💾 ⚙ 🛠 💁 🚀

Slide 23

Slide 23

How to Power a New Internet ⚡ Too Much & Not Enough 💾 ⚙ 🛠 💁 🚀

Slide 24

Slide 24

How to Power a New Internet ⚡ Too Much & Not Enough 💾 ⚙ 🛠 💁 🚀

Slide 25

Slide 25

How to Power a New Internet ⚡ Too Much & Not Enough 💾 ⚙ 🛠 💁 🚀

Slide 26

Slide 26

How to Power a New Internet ⚡ Too Much & Not Enough 💾 ⚙ 🛠 💁 🚀

Slide 27

Slide 27

How to Power a New Internet ⚡ What We Want 💾 ⚙ 🛠 💁 🚀

Slide 28

Slide 28

How to Power a New Internet ⚡ OAuth Sequence

Slide 29

Slide 29

How to Power a New Internet ⚡ OAuth Sequence Latency & Locality Problems!

Slide 30

Slide 30

How to Power a New Internet ⚡ UCAN Sequence 🕙 🕙

Slide 31

Slide 31

How to Power a New Internet ⚡ Auth Should Be Boring

Slide 32

Slide 32

How to Power a New Internet ⚡ Auth Should Be Boring

Slide 33

Slide 33

User Controlled, Local-First, Universal Auth Yes, UCAN! 📐

Slide 34

Slide 34

Yes, UCAN! Wherefore Art Thou UCAN?

Slide 35

Slide 35

Yes, UCAN! Wherefore Art Thou UCAN? DIDs say who you are

Slide 36

Slide 36

Yes, UCAN! Wherefore Art Thou UCAN? DIDs say who you are UCANs show what you can do

Slide 37

Slide 37

Yes, UCAN! Wherefore Art Thou UCAN? AuthN DIDs say who you are UCANs show what you can do AuthZ

Slide 38

Slide 38

Yes, UCAN! Teaser Token eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCIsInVjdiI6IjAuNy4wIn0.eyJhdWQiOiJkaWQ6a2V5Ono2TWtzWFFCZkw4b3d6dFRDSlRt N2hOUmY2YjE4WXhYUHAzaTY2b0pIbThMM1lHSiIsImF0dCI6W3sid25mcyI6ImRlbW91c2VyLmZpc3Npb24ubmFtZS9wdWJsaWMvbm90 ZXMvIiwiY2FwIjoiT1ZFUldSSVRFIn1dLCJleHAiOjkyNTY5Mzk1MDUsImlzcyI6ImRpZDprZXk6ejZNa3A1RXN6OXMyTUhzcVl2TG9j Y3lId1g1U2V5WktwcTc5R3Q0NWZGR0VaUjk5IiwibmJmIjoxNjM5NjA4MjkzLCJwcmYiOltdfQ.MgYarLqy7RmQ1AIrqYL6cFy9z7a5W IAU—TYARPSgirOSszvar3_DNr25rbPretHbnT0mMVKyoaQXruR7KbrBg { } “iss”: “did:key:z6Mkp5Esz9s2MHsqYvLoccyHwX5SeyZKpq79Gt45fFGEZR99”, “aud”: “did:key:z6MksXQBfL8owztTCJTm7hNRf6b18YxXPp3i66oJHm8L3YGJ”, “exp”: 9256939505, “nbf”: 1639608293, “att”: [ { “with”: “wnfs://demouser.fission.name/public/notes/”, “can”: “OVERWRITE” } ]

Slide 39

Slide 39

Yes, UCAN! AuthZ Models

Slide 40

Slide 40

Yes, UCAN! AuthZ Models ACLs 📑 👩🎤 👮 ✋ ⚙ Caps 👩🎤 🎟 ⚙

Slide 41

Slide 41

Yes, UCAN! ACL Read & Write

Slide 42

Slide 42

Yes, UCAN! ACL Read & Write 🧑🌾

Slide 43

Slide 43

Yes, UCAN! ACL Read & Write 🧑🌾 ⚙

Slide 44

Slide 44

Yes, UCAN! ACL Read & Write 🧑🌾 💂 ✋ ⚙

Slide 45

Slide 45

Yes, UCAN! ACL Read & Write 🧑🌾 📑 💂 ✋ ⚙

Slide 46

Slide 46

Yes, UCAN! ACL Read & Write 🧑🌾 📑 💂 ✋ ⚙

Slide 47

Slide 47

Yes, UCAN! ACL Read & Write 🧑🌾 📑 💂 ✋ ⚙

Slide 48

Slide 48

Yes, UCAN! ACL Read & Write 🧑🌾 📑 💂 ✋ Not in control ⚙

Slide 49

Slide 49

Yes, UCAN! ACL Read & Write 📑 In control 🧑🌾 💂 ✋ Not in control ⚙

Slide 50

Slide 50

Yes, UCAN! ACL Read & Write 📑 💂 ✋ In control 🧑🌾 💂 ✋ Not in control ⚙

Slide 51

Slide 51

Yes, UCAN! ACL Read & Write 📑 💂 ✋ In control 🧑🌾 💂 ✋ Not in control ⚙

Slide 52

Slide 52

Yes, UCAN! Capabilities-as-Tickets

Slide 53

Slide 53

Yes, UCAN! Capabilities-as-Tickets 🕵

Slide 54

Slide 54

Yes, UCAN! Capabilities-as-Tickets 🕵 ⚙

Slide 55

Slide 55

Yes, UCAN! Capabilities-as-Tickets 🕵 🗺 Addr ⚙

Slide 56

Slide 56

Yes, UCAN! Capabilities-as-Tickets 🕵 🗺 Addr 🎟 ⚙

Slide 57

Slide 57

Yes, UCAN! Capabilities-as-Tickets 🕵 🗺 Addr In control 🎟 ⚙

Slide 58

Slide 58

Yes, UCAN! Capabilities-as-Tickets 🕵 🗺 Addr In control 🎟 ⚙ All req info

Slide 59

Slide 59

Yes, UCAN! Capabilities-as-Tickets 🕵 🗺 Addr 🎟 ⚙

Slide 60

Slide 60

Yes, UCAN! Capabilities-as-Tickets 🕵 🎟 🗺 🎟 🎟 Addr ⚙

Slide 61

Slide 61

Yes, UCAN! Capabilities-as-Tickets 🕵 🗺 Addr 🎟 ⚙

Slide 62

Slide 62

Yes, UCAN! Capabilities-as-Tickets 🕵 🗺 Addr 🎟 👨🎨 ⚙

Slide 63

Slide 63

Yes, UCAN! Capabilities-as-Tickets 🕵 🗺 Addr 🎟 🎟 👨🎨 ⚙

Slide 64

Slide 64

Yes, UCAN! Capabilities-as-Tickets 🕵 🗺 Addr 🎟 🎟 👨🎨 ⚙ 🎟

Slide 65

Slide 65

Yes, UCAN! Capabilities-as-Tickets ) h t u a r 🕵 🗺 Addr e t a t s e k i (L o f s l e n n a h c 🎟 🎟 ⚙ 👨🎨 🎟

Slide 66

Slide 66

Yes, UCAN! Rights Amplification

Slide 67

Slide 67

Yes, UCAN! Rights Amplification 🥫 ✂

Slide 68

Slide 68

Yes, UCAN! Rights Amplification 🥫 ✨ ✂

Slide 69

Slide 69

Yes, UCAN! Rights Amplification 🥫 ✨ 🥘 ✂

Slide 70

Slide 70

Yes, UCAN! JWT → UCAN

Slide 71

Slide 71

Yes, UCAN! JWT → UCAN Header { } “alg”: “EdDSA”, “typ”: “JWT”, “ucv”: “0.9.0”

Slide 72

Slide 72

Yes, UCAN! JWT → UCAN Payload { Header { } “alg”: “EdDSA”, “typ”: “JWT”, “ucv”: “0.9.0” } “iss”: “did:key:z6MksXQBfL8owztTCJTm7hNRf6b18YxXPp3i66oJHm8L3YGJ”, “aud”: “did:key:z6MkvXfPUv8bxtsVQiGo7Ntk4qKJNcgK2it52pc73teUpRLT”, “nbf”: 1639608293, “exp”: 9256939505, “fct” {“hello”: “world}, “att”: [ { “with”: “wnfs://demouser.fission.name/public/photos/”, “can”: “wnfs/overwrite” }, { “with”: “wnfs://demouser.fission.name/public/notes/”, “can”: “wnfs/append” } ]

Slide 73

Slide 73

Yes, UCAN! JWT → UCAN Payload { Header { } “alg”: “EdDSA”, “typ”: “JWT”, “ucv”: “0.9.0” } “iss”: “did:key:z6MksXQBfL8owztTCJTm7hNRf6b18YxXPp3i66oJHm8L3YGJ”, “aud”: “did:key:z6MkvXfPUv8bxtsVQiGo7Ntk4qKJNcgK2it52pc73teUpRLT”, “nbf”: 1639608293, “exp”: 9256939505, “fct” {“hello”: “world}, “att”: [ { “with”: “wnfs://demouser.fission.name/public/photos/”, “can”: “wnfs/overwrite” }, { “with”: “wnfs://demouser.fission.name/public/notes/”, “can”: “wnfs/append” } ] Signature kwRdqPN74pkcpXGgdk7Z7FW3M1mRR YaDE5ZgkG6srAuu6V6mvMVRdBLnD5 CWid-X4tDIKpliVjlCSLTntB4pCw

Slide 74

Slide 74

Yes, UCAN! JWT → UCAN Payload { Header { } “alg”: “EdDSA”, “typ”: “JWT”, “ucv”: “0.9.0” } “iss”: “did:key:z6MksXQBfL8owztTCJTm7hNRf6b18YxXPp3i66oJHm8L3YGJ”, “aud”: “did:key:z6MkvXfPUv8bxtsVQiGo7Ntk4qKJNcgK2it52pc73teUpRLT”, “nbf”: 1639608293, “exp”: 9256939505, “fct” {“hello”: “world}, “att”: [ { “with”: “wnfs://demouser.fission.name/public/photos/”, “can”: “wnfs/overwrite” }, { “with”: “wnfs://demouser.fission.name/public/notes/”, “can”: “wnfs/append” } ] ✅ Signature kwRdqPN74pkcpXGgdk7Z7FW3M1mRR YaDE5ZgkG6srAuu6V6mvMVRdBLnD5 CWid-X4tDIKpliVjlCSLTntB4pCw

Slide 75

Slide 75

Yes, UCAN! Anatomy of a Capability

Slide 76

Slide 76

Yes, UCAN! Anatomy of a Capability [ { “with”: “http://example.com/alice/photos/”, “can”: “crud/read” }, { “with”: “mailto:boris@fission.codes”, “can”: “msg/send”, “ext”: { to”: “/.*@fission.codes/” } } ]

Slide 77

Slide 77

Yes, UCAN! Anatomy of a Capability [ Resource / “noun” { “with”: “http://example.com/alice/photos/”, “can”: “crud/read” }, { “with”: “mailto:boris@fission.codes”, “can”: “msg/send”, “ext”: { to”: “/.*@fission.codes/” } } ] (URI)

Slide 78

Slide 78

Yes, UCAN! Anatomy of a Capability [ Resource / “noun” { “with”: “http://example.com/alice/photos/”, “can”: “crud/read” }, Action / “verb” { “with”: “mailto:boris@fission.codes”, “can”: “msg/send”, “ext”: { to”: “/.*@fission.codes/” } } ] (URI)

Slide 79

Slide 79

Yes, UCAN! Anatomy of a Capability [ Resource / “noun” { “with”: “http://example.com/alice/photos/”, (URI) “can”: “crud/read” }, Action / “verb” { “with”: “mailto:boris@fission.codes”, “can”: “msg/send”, All the info you need for invocation 😉 “ext”: { to”: “/.*@fission.codes/” } } ] Extensible fields

Slide 80

Slide 80

Yes, UCAN! Composable Standard Library

Slide 81

Slide 81

Yes, UCAN! Composable Standard Library Resource (URI) https: mailto: file: wnfs: dns: news: Action (Cap) crud/create crud/read crud/update crud/destroy msg/send msg/receive group/ban group/join

Slide 82

Slide 82

Yes, UCAN! Semantic Extension

Slide 83

Slide 83

Yes, UCAN! Semantic Extension { “with”: “http://example.com/alice/photos/”, “can”: “crud/read” } { “with”: “http://example.com/alice/photos/cod_summit/”, “can”: “album/publish” }

Slide 84

Slide 84

Yes, UCAN! Semantic Extension { “with”: “http://example.com/alice/photos/”, “can”: “crud/read” } { “with”: “http://example.com/alice/photos/cod_summit/”, “can”: “album/publish” } album/publish ⇒ crud/read

Slide 85

Slide 85

Yes, UCAN! Chain Witnesses

Slide 86

Slide 86

Yes, UCAN! Chain Witnesses 👨🎨 🍭💐🎨

Slide 87

Slide 87

Yes, UCAN! Chain Witnesses 👨🎨 🍭💐🎨 🧑🚀 🍭💐

Slide 88

Slide 88

Yes, UCAN! Chain Witnesses 👨🎨 🍭💐🎨 🧑🚀 🍭💐 👨🦳 💐

Slide 89

Slide 89

Yes, UCAN! Chain Witnesses 👨🎨 🍭💐🎨 🧑🚀 🍭💐 👨🦳 💐 👩💻 💐

Slide 90

Slide 90

Yes, UCAN! Chain Witnesses 👨🎨 💐🍭🎨 👨🎨 🍭💐🎨 🧑🚀 🍭💐 👨🦳 💐 👩💻 💐

Slide 91

Slide 91

Yes, UCAN! Chain Witnesses Root 👨🎨 💐🍭🎨 👨🎨 🍭💐🎨 From: 👨🎨 To: 🧑🚀 Caps: [🍭, 💐] 🧑🚀 🍭💐 👨🦳 💐 👩💻 💐

Slide 92

Slide 92

Yes, UCAN! Chain Witnesses 👨🎨 💐🍭🎨 👨🎨 🍭💐🎨 Root Witness From: 👨🎨 To: 🧑🚀 Caps: [🍭, 💐] From: 🧑🚀 To: 👨🦳 Caps: [💐] 🧑🚀 🍭💐 👨🦳 💐 👩💻 💐

Slide 93

Slide 93

Yes, UCAN! Chain Witnesses 👨🎨 💐🍭🎨 👨🎨 🍭💐🎨 Root Witness Invoked From: 👨🎨 To: 🧑🚀 Caps: [🍭, 💐] From: 🧑🚀 To: 👨🦳 Caps: [💐] From: 👨🦳 To: 👩💻 Caps: [💐] 🧑🚀 🍭💐 👨🦳 💐 👩💻 💐

Slide 94

Slide 94

Yes, UCAN! Non-Extractable Browser Keys

Slide 95

Slide 95

Yes, UCAN! Non-Extractable Browser Keys

Slide 96

Slide 96

Yes, UCAN! Non-Extractable Browser Keys

Slide 97

Slide 97

Yes, UCAN! Non-Extractable Browser Keys

Slide 98

Slide 98

Yes, UCAN! Non-Extractable Browser Keys

Slide 99

Slide 99

Yes, UCAN! Non-Extractable Browser Keys

Slide 100

Slide 100

Plugging Things Together Composition & Flow 🔌

Slide 101

Slide 101

Slide 102

Slide 102

Every program has (at least) two purposes: the one for which it was written, and another for which it wasn’t — Alan Perlis, Epigram #16

Slide 103

Slide 103

Composition & Flow Permissionless

Slide 104

Slide 104

Composition & Flow Permissionless 👩💻

Slide 105

Slide 105

Composition & Flow Permissionless 👩💻 🌈 🐶 🍬 🍾 🧸

Slide 106

Slide 106

Composition & Flow Permissionless 👩💻 🌈 🐶 🍬 🍾 🧸 👨🦳🖥

Slide 107

Slide 107

Composition & Flow Permissionless 👩💻 👨🦳🖥 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸

Slide 108

Slide 108

Composition & Flow Permissionless 👩💻 👨🦳🖥 👨🦳📱 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🧸

Slide 109

Slide 109

Composition & Flow Permissionless 👩💻 👨🦳🖥 👨🦳📱 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🧸 👩🚀 🐶

Slide 110

Slide 110

Composition & Flow Permissionless 👩💻 👨🦳🖥 👨🦳📱 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🌈 🍾 🧸 👨🎨 🧸 👩🚀 🐶

Slide 111

Slide 111

Composition & Flow Permissionless 👩💻 👨🦳🖥 👨🦳📱 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🌈 🌈 🧸 🍾 🧸 👨🎨 ☁⚙ 👩🚀 🐶

Slide 112

Slide 112

Composition & Flow Permissionless 👩💻 👨🦳🖥 👨🦳📱 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🌈 🌈 👩🚀 🐶 🧸 🌈 🐶 🍾 🧸 👨🎨 ☁⚙ 💃

Slide 113

Slide 113

Composition & Flow Permissionless 🐦 👩💻 👨🦳🖥 👨🦳📱 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🌈 🌈 Zero Coordination ✅ 📊 👩🚀 🐶 🧸 🌈 🐶 🔬 🍾 🧸 👨🎨 ☁⚙ 💃

Slide 114

Slide 114

Composition & Flow Revocation 🐦 👩💻 👨🦳🖥 👨🦳📱 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🌈 🌈 Zero Coordination ✅ 📊 👩🚀 🐶 🧸 🌈 🐶 🔬 🍾 🧸 👨🎨 ☁⚙ 💃

Slide 115

Slide 115

Composition & Flow Revocation 🐦 UCAN CID 👩💻 👨🦳🖥 👨🦳📱 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🌈 🌈 Zero Coordination ✅ 📊 👩🚀 🐶 🧸 🌈 🐶 🔬 🍾 🧸 👨🎨 ☁⚙ 💃

Slide 116

Slide 116

Nice theory, how about a… Nontrivial Example 🕊

Slide 117

Slide 117

Nontrivial Example Encoded

Slide 118

Slide 118

Nontrivial Example Encoded eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCIsInVjdiI6IjAuNy4wIn0.eyJhdWQiOiJkaWQ6a2V5Ono2T Wt2WGZQVXY4Ynh0c1ZRaUdvN050azRxS0pOY2dLMml0NTJwYzczdGVVcFJMVCIsImF0dCI6W3sid25mcy I6ImRlbW91c2VyLmZpc3Npb24ubmFtZS9wdWJsaWMvcGhvdG9zLyIsImNhcCI6Ik9WRVJXUklURSJ9LHs id25mcyI6ImRlbW91c2VyLmZpc3Npb24ubmFtZS9wdWJsaWMvbm90ZXMvIiwiY2FwIjoiT1ZFUldSSVRF In1dLCJleHAiOjkyNTY5Mzk1MDUsImlzcyI6ImRpZDprZXk6ejZNa3NYUUJmTDhvd3p0VENKVG03aE5SZ jZiMThZeFhQcDNpNjZvSkhtOEwzWUdKIiwibmJmIjoxNjM5NjA4MjkzLCJwcmYiOlsiZXlKaGJHY2lPaU pGWkVSVFFTSXNJblI1Y0NJNklrcFhWQ0lzSW5WamRpSTZJakF1Tnk0d0luMC5leUpoZFdRaU9pSmthV1E 2YTJWNU9ubzJUV3R6V0ZGQ1prdzRiM2Q2ZEZSRFNsUnROMmhPVW1ZMllqRTRXWGhZVUhBemFUWTJiMHBJ YlRoTU0xbEhTaUlzSW1GMGRDSTZXM3NpZDI1bWN5STZJbVJsYlc5MWMyVnlMbVpwYzNOcGIyNHVibUZ0W lM5d2RXSnNhV012Y0dodmRHOXpMeUlzSW1OaGNDSTZJazlXUlZKWFVrbFVSU0o5WFN3aVpYaHdJam81TW pVMk9UTTVOVEExTENKcGMzTWlPaUprYVdRNmEyVjVPbm8yVFd0d05VVnplamx6TWsxSWMzRlpka3h2WTJ ONVNIZFlOVk5sZVZwTGNIRTNPVWQwTkRWbVJrZEZXbEk1T1NJc0ltNWlaaUk2TVRZek9UWXdPREk1TXl3 aWNISm1JanBiWFgwLjRUTmh1SFJyUEc5YUhvODY5SFhsc05LOF9GbWxTaFE1R3pHNGl0TjJOS2steUtUY kFNb0Z3VHVwdEcwWEZnTkl2SHVsUHBsVnpaWURWRGV4bzc2a0F3IiwiZXlKaGJHY2lPaUpGWkVSVFFTSX NJblI1Y0NJNklrcFhWQ0lzSW5WamRpSTZJakF1Tnk0d0luMC5leUpoZFdRaU9pSmthV1E2YTJWNU9ubzJ UV3R6V0ZGQ1prdzRiM2Q2ZEZSRFNsUnROMmhPVW1ZMllqRTRXWGhZVUhBemFUWTJiMHBJYlRoTU0xbEhT aUlzSW1GMGRDSTZXM3NpZDI1bWN5STZJbVJsYlc5MWMyVnlMbVpwYzNOcGIyNHVibUZ0WlM5d2RXSnNhV 012Ym05MFpYTXZJaXdpWTJGd0lqb2lUMVpGVWxkU1NWUkZJbjFkTENKbGVIQWlPamt5TlRZNU16azFNRF VzSW1semN5STZJbVJwWkRwclpYazZlalpOYTNBMVJYTjZPWE15VFVoemNWbDJURzlqWTNsSWQxZzFVMlY 1V2t0d2NUYzVSM1EwTldaR1IwVmFVams1SWl3aWJtSm1Jam94TmpNNU5qQTRNamt6TENKd2NtWWlPbHRk ZlEuTWdZYXJMcXk3Um1RMUFJcnFZTDZjRnk5ejdhNVdJQVUtLVRZQVJQU2dpck9Tc3p2YXIzX0ROcjI1c mJQcmV0SGJuVDBtTVZLeW9hUVhydVI3S2JyQmciXX0.kwRdqPN74pkcpXGgdk7Z7FW3M1mRRYaDE5ZgkG 6srAuu6V6mvMVRdBLnD5CWid-X4tDIKpliVjlCSLTntB4pCw

Slide 119

Slide 119

Nontrivial Example Decoded Payload { Header { } “alg”: “EdDSA”, “typ”: “JWT”, “ucv”: “0.9.1” “iss”: “did:key:z6MksXQBfL8owztTCJTm7hNRf6b18YxXPp3i66oJHm8L3YGJ”, “aud”: “did:key:z6MkvXfPUv8bxtsVQiGo7Ntk4qKJNcgK2it52pc73teUpRLT”, “nbf”: 1639608293, “exp”: 9256939505, “att”: [ { “with”: “wnfs://boris.fission.name/public/photos/”, “can”: “fs/append” }, { “with”: “wnfs://boris.fission.name/public/notes/”, “can”: “fs/append” } ], “prf”: [ “eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCIsInVjdiI6IjAuNy4wIn0.eyJhdWQiOiJkaWQ6a 2V5Ono2TWtzWFFCZkw4b3d6dFRDSlRtN2hOUmY2YjE4WXhYUHAzaTY2b0pIbThMM1lHSiIsImF 0dCI6W3sid25mcyI6ImRlbW91c2VyLmZpc3Npb24ubmFtZS9wdWJsaWMvcGhvdG9zLyIsImNhc CI6Ik9WRVJXUklURSJ9XSwiZXhwIjo5MjU2OTM5NTA1LCJpc3MiOiJkaWQ6a2V5Ono2TWtwNUV zejlzMk1Ic3FZdkxvY2N5SHdYNVNleVpLcHE3OUd0NDVmRkdFWlI5OSIsIm5iZiI6MTYzOTYwO DI5MywicHJmIjpbXX0.4TNhuHRrPG9aHo869HXlsNK8_FmlShQ5GzG4itN2NKkyKTbAMoFwTuptG0XFgNIvHulPplVzZYDVDexo76kAw”, “eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCIsInVjdiI6IjAuNy4wIn0.eyJhdWQiOiJkaWQ6a 2V5Ono2TWtzWFFCZkw4b3d6dFRDSlRtN2hOUmY2YjE4WXhYUHAzaTY2b0pIbThMM1lHSiIsImF 0dCI6W3sid25mcyI6ImRlbW91c2VyLmZpc3Npb24ubmFtZS9wdWJsaWMvbm90ZXMvIiwiY2FwI joiT1ZFUldSSVRFIn1dLCJleHAiOjkyNTY5Mzk1MDUsImlzcyI6ImRpZDprZXk6ejZNa3A1RXN 6OXMyTUhzcVl2TG9jY3lId1g1U2V5WktwcTc5R3Q0NWZGR0VaUjk5IiwibmJmIjoxNjM5NjA4M jkzLCJwcmYiOltdfQ.MgYarLqy7RmQ1AIrqYL6cFy9z7a5WIAU-TYARPSgirOSszvar3_DNr25rbPretHbnT0mMVKyoaQXruR7KbrBg” ] } Signature kwRdqPN74pkcpXGgdk7Z7FW3M1mRR YaDE5ZgkG6srAuu6V6mvMVRdBLnD5 CWid-X4tDIKpliVjlCSLTntB4pCw

Slide 120

Slide 120

Nontrivial Example Decoded Payload { Header { } “alg”: “EdDSA”, “typ”: “JWT”, “ucv”: “0.9.1” “iss”: “did:key:z6MksXQBfL8owztTCJTm7hNRf6b18YxXPp3i66oJHm8L3YGJ”, “aud”: “did:key:z6MkvXfPUv8bxtsVQiGo7Ntk4qKJNcgK2it52pc73teUpRLT”, “nbf”: 1639608293, “exp”: 9256939505, “att”: [ { “with”: “wnfs://boris.fission.name/public/photos/”, “can”: “fs/append” }, { “with”: “wnfs://boris.fission.name/public/notes/”, “can”: “fs/append” } ], “prf”: [ “eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCIsInVjdiI6IjAuNy4wIn0.eyJhdWQiOiJkaWQ6a 2V5Ono2TWtzWFFCZkw4b3d6dFRDSlRtN2hOUmY2YjE4WXhYUHAzaTY2b0pIbThMM1lHSiIsImF 0dCI6W3sid25mcyI6ImRlbW91c2VyLmZpc3Npb24ubmFtZS9wdWJsaWMvcGhvdG9zLyIsImNhc CI6Ik9WRVJXUklURSJ9XSwiZXhwIjo5MjU2OTM5NTA1LCJpc3MiOiJkaWQ6a2V5Ono2TWtwNUV zejlzMk1Ic3FZdkxvY2N5SHdYNVNleVpLcHE3OUd0NDVmRkdFWlI5OSIsIm5iZiI6MTYzOTYwO DI5MywicHJmIjpbXX0.4TNhuHRrPG9aHo869HXlsNK8_FmlShQ5GzG4itN2NKkyKTbAMoFwTuptG0XFgNIvHulPplVzZYDVDexo76kAw”, “eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCIsInVjdiI6IjAuNy4wIn0.eyJhdWQiOiJkaWQ6a 2V5Ono2TWtzWFFCZkw4b3d6dFRDSlRtN2hOUmY2YjE4WXhYUHAzaTY2b0pIbThMM1lHSiIsImF 0dCI6W3sid25mcyI6ImRlbW91c2VyLmZpc3Npb24ubmFtZS9wdWJsaWMvbm90ZXMvIiwiY2FwI joiT1ZFUldSSVRFIn1dLCJleHAiOjkyNTY5Mzk1MDUsImlzcyI6ImRpZDprZXk6ejZNa3A1RXN 6OXMyTUhzcVl2TG9jY3lId1g1U2V5WktwcTc5R3Q0NWZGR0VaUjk5IiwibmJmIjoxNjM5NjA4M jkzLCJwcmYiOltdfQ.MgYarLqy7RmQ1AIrqYL6cFy9z7a5WIAU-TYARPSgirOSszvar3_DNr25rbPretHbnT0mMVKyoaQXruR7KbrBg” ] } Signature kwRdqPN74pkcpXGgdk7Z7FW3M1mRR YaDE5ZgkG6srAuu6V6mvMVRdBLnD5 CWid-X4tDIKpliVjlCSLTntB4pCw

Slide 121

Slide 121

Nontrivial Example Decoded Witness Payload { Header { } “alg”: “EdDSA”, “typ”: “JWT”, “ucv”: “0.9.1” } “iss”: “did:key:z6Mkp5Esz9s2MHsqYvLoccyHwX5SeyZKpq79Gt45fFGEZR99”, “aud”: “did:key:z6MksXQBfL8owztTCJTm7hNRf6b18YxXPp3i66oJHm8L3YGJ”, “nbf”: 1639608293, “exp”: 9256939505, “att”: [ { “with”: “wnfs://boris.fission.name/public/photos/”, “can”: “fs/append” } ], “prf”: [] Signature 4TNhuHRrPG9aHo869HXlsNK8_FmlShQ5GzG 4itN2NKkyKTbAMoFwTuptG0XFgNIvHulPplVzZYDVDe xo76kAw

Slide 122

Slide 122

Nontrivial Example ucan.xyz — Online Explorer / Validator

Slide 123

Slide 123

Nontrivial Example ucan.xyz — Online Explorer / Validator

Slide 124

Slide 124

Nontrivial Example ucan.xyz — Online Explorer / Validator

Slide 125

Slide 125

Nontrivial Example ucan.xyz — Online Explorer / Validator

Slide 126

Slide 126

Further Reading Adoption 📚

Slide 127

Slide 127

How to Power a New Internet ⚡ Still Extremely Early Days for Web3!

Slide 128

Slide 128

How to Power a New Internet ⚡ Still Extremely Early Days for Web3!

Slide 129

Slide 129

How to Power a New Internet ⚡ Still Extremely Early Days for Web3!

Slide 130

Slide 130

How to Power a New Internet ⚡ Still Extremely Early Days for Web3!

Slide 131

Slide 131

How to Power a New Internet ⚡ User Problems

Slide 132

Slide 132

How to Power a New Internet ⚡ User Problems Service composition is too hard for many devs

Slide 133

Slide 133

How to Power a New Internet ⚡ User Problems Service composition is too hard for many devs (D)app UX is too hard for many users

Slide 134

Slide 134

How to Power a New Internet ⚡ User Problems Service composition is too hard for many devs (D)app UX is too hard for many users No one is in control of their data or compute

Slide 135

Slide 135

How to Power a New Internet ⚡ Adoption

Slide 136

Slide 136

How to Power a New Internet ⚡ Adoption Be a Trojan Horse Build on widely supported, familiar, well-understood standards

Slide 137

Slide 137

How to Power a New Internet ⚡ Adoption

Slide 138

Slide 138

How to Power a New Internet ⚡ Adoption Play Nice with Others Plug into existing tools Bridge to other standards Integrate with other systems Realpolitik Easier, as secure, & more open than: OAuth, X.509, SAML, MetaMask, WalletConnect, etc

Slide 139

Slide 139

Further Reading Resources 📚

Slide 140

Slide 140

Resources (Some) Existing Subprojects

Slide 141

Slide 141

Resources (Some) Existing Subprojects https://github.com/ucan-wg/ Spec, Improvement Proposals ts-ucan rs-ucan go-ucan hs-ucan ucan-ipld ucan-bearer-token AWAKE

Slide 142

Slide 142

Resources Upcoming

Slide 143

Slide 143

Resources Upcoming Get to a “LTS” v1.0 — Q1 2023 ucan-cacao / SIWE WhoCAN 🦉 ucan-invocation ucan-chan (state channels) ucan-wg/cosigner

Slide 144

Slide 144

Resources Invocation

Slide 145

Slide 145

Resources Invocation UCAN as RPC System at DAG House IPVM

Slide 146

Slide 146

Resources Further Reading

Slide 147

Slide 147

Resources Further Reading https://talk.fission.codes/t/user-controlled-authorization-networks-ucan-resources/1122 Capability Myths Demolished (https://srl.cs.jhu.edu/pubs/SRL2003-02.pdf) ACLs Don’t (http://waterken.sourceforge.net/aclsdont/current.pdf) https://erights.org https://theworld.com/~cme/html/spki.html

Slide 148

Slide 148

https://ucan.xyz https://github.com/ucan-wg 🎉 Thank You, CoD Summit 🇵🇹 brooklyn@fission.codes https://fission.codes github.com/expede @expede