UCAN: How to make the internet web3, from the inside out

A presentation at Chain Agnostic Standards Alliance (CASA) Gathering in April 2022 in Amsterdam, Netherlands by Brooklyn Zelenka

Slide 1

Slide 1

An Intro to UCAN Or: how to make the internet web3, from the inside out

Slide 2

Slide 2

Slide 3

Slide 3

Every program has (at least) two purposes: the one for which it was written, and another for which it wasn’t Alan Perlis, Epigram #16

Slide 4

Slide 4

Slide 5

Slide 5

Cryptography is a tool for turning lots of different problems into key management problems Dr. Lea Kissner, Google’s Global Lead of Privacy Technologies

Slide 6

Slide 6

Brooklyn Zelenka @expede

Slide 7

Slide 7

Brooklyn Zelenka @expede • Cofounder & CTO at Fission • https://fission.codes / @FISSIONCodes • Chain agnostic from the ground up!

Slide 8

Slide 8

Brooklyn Zelenka @expede • Cofounder & CTO at Fission • https://fission.codes / @FISSIONCodes • Chain agnostic from the ground up! • Editor of the UCAN spec

Slide 9

Slide 9

Brooklyn Zelenka @expede • Cofounder & CTO at Fission • https://fission.codes / @FISSIONCodes • Chain agnostic from the ground up! • Editor of the UCAN spec • Background: PLT, VMs, Formal Methods, Distributed Systems

Slide 10

Slide 10

Brooklyn Zelenka @expede ff • Cofounder & CTO at Fission • https://fission.codes / @FISSIONCodes • Chain agnostic from the ground up! • Editor of the UCAN spec • Background: PLT, VMs, Formal Methods, Distributed Systems • Meetups: VanFP, Code & Co ee, Distributed Systems Reading Group

Slide 11

Slide 11

Brooklyn Zelenka @expede • Cofounder & CTO at Fission • https://fission.codes / @FISSIONCodes • Chain agnostic from the ground up! • Editor of the UCAN spec • Background: PLT, VMs, Formal Methods, Distributed Systems • Meetups: VanFP, Code & Co ee, Distributed Systems Reading Group ff https://lu.ma/distributed-systems

Slide 12

Slide 12

Meta Wherefore Art Thou UCAN?

Slide 13

Slide 13

Meta Wherefore Art Thou UCAN? DIDs say who you are

Slide 14

Slide 14

Meta Wherefore Art Thou UCAN? DIDs say who you are UCANs show what you can do

Slide 15

Slide 15

Meta Wherefore Art Thou UCAN? AuthN DIDs say who you are UCANs show what you can do AuthZ

Slide 16

Slide 16

Meta Teaser Token eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCIsInVjdiI6IjAuNy4wIn0.eyJhdWQiOiJkaWQ6a2V5Ono2TWtzWFFCZkw4b3d6dFRDSlRt N2hOUmY2YjE4WXhYUHAzaTY2b0pIbThMM1lHSiIsImF0dCI6W3sid25mcyI6ImRlbW91c2VyLmZpc3Npb24ubmFtZS9wdWJsaWMvbm90 ZXMvIiwiY2FwIjoiT1ZFUldSSVRFIn1dLCJleHAiOjkyNTY5Mzk1MDUsImlzcyI6ImRpZDprZXk6ejZNa3A1RXN6OXMyTUhzcVl2TG9j Y3lId1g1U2V5WktwcTc5R3Q0NWZGR0VaUjk5IiwibmJmIjoxNjM5NjA4MjkzLCJwcmYiOltdfQ.MgYarLqy7RmQ1AIrqYL6cFy9z7a5W IAU—TYARPSgirOSszvar3_DNr25rbPretHbnT0mMVKyoaQXruR7KbrBg { } “iss”: “did:key:z6Mkp5Esz9s2MHsqYvLoccyHwX5SeyZKpq79Gt45fFGEZR99”, “aud”: “did:key:z6MksXQBfL8owztTCJTm7hNRf6b18YxXPp3i66oJHm8L3YGJ”, “exp”: 9256939505, “nbf”: 1639608293, “att”: [ { “with”: “wnfs://demouser.fission.name/public/notes/”, “can”: “OVERWRITE” } ]

Slide 17

Slide 17

How to Power a New Internet 🔌

Slide 18

Slide 18

How to Power a New Internet 🔌

Slide 19

Slide 19

How to Power a New Internet 🔌 web3 ⊋ Blockchain

Slide 20

Slide 20

How to Power a New Internet 🔌 web3 ⊋ Blockchain P2P, IPFS, Matrix

Slide 21

Slide 21

How to Power a New Internet 🔌 web3 ⊋ Blockchain P2P, IPFS, Matrix Open, accessible, trustless, portable

Slide 22

Slide 22

How to Power a New Internet 🔌 web3 ⊋ Blockchain P2P, IPFS, Matrix Open, accessible, trustless, portable User sovereignty: mobile browsers, local-first

Slide 23

Slide 23

How to Power a New Internet 🔌 web3 ⊋ Blockchain P2P, IPFS, Matrix Open, accessible, trustless, portable User sovereignty: mobile browsers, local-first …and so on

Slide 24

Slide 24

How to Power a New Internet 🔌 It’s Still Extremely Early Days!

Slide 25

Slide 25

How to Power a New Internet 🔌 It’s Still Extremely Early Days!

Slide 26

Slide 26

How to Power a New Internet 🔌 It’s Still Extremely Early Days!

Slide 27

Slide 27

How to Power a New Internet 🔌 It’s Still Extremely Early Days!

Slide 28

Slide 28

How to Power a New Internet 🔌 User Problems

Slide 29

Slide 29

How to Power a New Internet 🔌 User Problems Dapp UX is too hard for many users

Slide 30

Slide 30

How to Power a New Internet 🔌 Dev Problems

Slide 31

Slide 31

How to Power a New Internet 🔌 Dev Problems Too many (d)apps are centralized(!)

Slide 32

Slide 32

How to Power a New Internet 🔌 Move the Needle

Slide 33

Slide 33

How to Power a New Internet 🔌 Move the Needle Realpolitik Easier, more secure, & more open than: OAuth, X.509, SAML, MetaMask, WalletConnect, etc

Slide 34

Slide 34

How to Power a New Internet 🔌 OAuth Sequence

Slide 35

Slide 35

How to Power a New Internet 🔌 UCAN Sequence 🕙 🕙

Slide 36

Slide 36

Design Principles 📐

Slide 37

Slide 37

Design Principles 📐 Adoption

Slide 38

Slide 38

Design Principles 📐 Adoption Be a Trojan Horse Build on widely supported, familiar, well-understood standards

Slide 39

Slide 39

Design Principles 📐 Adoption

Slide 40

Slide 40

Design Principles 📐 Adoption Convenience > ideology

Slide 41

Slide 41

Design Principles 📐 Adoption

Slide 42

Slide 42

Design Principles 📐 Adoption Play Nice with Others Plug into existing tools Bridge to other standards Integrate with other systems

Slide 43

Slide 43

User Controlled, Local-First, Universal Auth UCAN 🎟

Slide 44

Slide 44

UCAN Non-Extractable Browser Keys

Slide 45

Slide 45

UCAN Non-Extractable Browser Keys

Slide 46

Slide 46

UCAN Non-Extractable Browser Keys

Slide 47

Slide 47

UCAN Non-Extractable Browser Keys

Slide 48

Slide 48

UCAN Non-Extractable Browser Keys

Slide 49

Slide 49

UCAN Non-Extractable Browser Keys

Slide 50

Slide 50

UCAN Auth Models

Slide 51

Slide 51

UCAN Auth Models ACLs 📑 👩🎤 👮 ✋ ⚙ Caps 👩🎤 🎟 ⚙

Slide 52

Slide 52

UCAN ACL Read & Write

Slide 53

Slide 53

UCAN ACL Read & Write 🧑🌾

Slide 54

Slide 54

UCAN ACL Read & Write 🧑🌾 ⚙

Slide 55

Slide 55

UCAN ACL Read & Write 🧑🌾 💂 ✋ ⚙

Slide 56

Slide 56

UCAN ACL Read & Write 🧑🌾 📑 💂 ✋ ⚙

Slide 57

Slide 57

UCAN ACL Read & Write 🧑🌾 📑 💂 ✋ ⚙

Slide 58

Slide 58

UCAN ACL Read & Write 🧑🌾 📑 💂 ✋ ⚙

Slide 59

Slide 59

UCAN ACL Read & Write 🧑🌾 📑 💂 ✋ Not in control ⚙

Slide 60

Slide 60

UCAN ACL Read & Write 📑 In control 🧑🌾 💂 ✋ Not in control ⚙

Slide 61

Slide 61

UCAN ACL Read & Write 📑 In control 🧑🌾 💂 ✋ Not in control ⚙

Slide 62

Slide 62

UCAN ACL Read & Write 📑 💂 ✋ In control 🧑🌾 💂 ✋ Not in control ⚙

Slide 63

Slide 63

UCAN ACL Read & Write 📑 💂 ✋ In control 🧑🌾 💂 ✋ Not in control ⚙

Slide 64

Slide 64

UCAN From Actors to Capabilities

Slide 65

Slide 65

UCAN From Actors to Capabilities 🕵

Slide 66

Slide 66

UCAN From Actors to Capabilities 🕵 ⚙

Slide 67

Slide 67

UCAN From Actors to Capabilities 🕵 🗺 ✊ ✊ Addr ⚙

Slide 68

Slide 68

UCAN From Actors to Capabilities 🕵 🗺 ✊ ✊ Addr 🎟 ⚙

Slide 69

Slide 69

UCAN From Actors to Capabilities 🕵 🗺 ✊ ✊ Addr In control 🎟 ⚙

Slide 70

Slide 70

UCAN From Actors to Capabilities 🕵 🗺 ✊ ✊ Addr In control 🎟 ⚙ All req info

Slide 71

Slide 71

UCAN From Actors to Capabilities 🕵 🗺 ✊ ✊ Addr 🎟 ⚙

Slide 72

Slide 72

UCAN From Actors to Capabilities 🕵 🎟 🗺 🎟 🎟 ✊ ✊ Addr ⚙

Slide 73

Slide 73

UCAN From Actors to Capabilities 🕵 🗺 ✊ ✊ Addr 🎟 ⚙

Slide 74

Slide 74

UCAN From Actors to Capabilities 🕵 🗺 ✊ ✊ Addr 🎟 👨🎨 ⚙

Slide 75

Slide 75

UCAN From Actors to Capabilities 🕵 🗺 ✊ ✊ Addr 🎟 🎟 👨🎨 ⚙

Slide 76

Slide 76

UCAN From Actors to Capabilities 🕵 🗺 ✊ ✊ Addr 🎟 🎟 👨🎨 ⚙ 🎟

Slide 77

Slide 77

UCAN From Actors to Capabilities ) h t u a r o f s l e n 🕵 🗺 ✊ ✊ Addr n a h c e t a t s e k i (L 🎟 🎟 ⚙ 👨🎨 🎟

Slide 78

Slide 78

UCAN Rights Amplification

Slide 79

Slide 79

UCAN Rights Amplification 🥫 ✂

Slide 80

Slide 80

UCAN Rights Amplification 🥫 ✨ ✂

Slide 81

Slide 81

UCAN Rights Amplification 🥫 ✨ 🥘 ✂

Slide 82

Slide 82

UCAN JWT → UCAN

Slide 83

Slide 83

UCAN JWT → UCAN Header { } “alg”: “EdDSA”, “typ”: “JWT”, “ucv”: “0.9.0”

Slide 84

Slide 84

UCAN JWT → UCAN Payload { Header { } “alg”: “EdDSA”, “typ”: “JWT”, “ucv”: “0.9.0” } “iss”: “did:key:z6MksXQBfL8owztTCJTm7hNRf6b18YxXPp3i66oJHm8L3YGJ”, “aud”: “did:key:z6MkvXfPUv8bxtsVQiGo7Ntk4qKJNcgK2it52pc73teUpRLT”, “nbf”: 1639608293, “exp”: 9256939505, “fct” {“hello”: “world}, “att”: [ { “with”: “wnfs://demouser.fission.name/public/photos/”, “can”: “wnfs/overwrite” }, { “with”: “wnfs://demouser.fission.name/public/notes/”, “can”: “wnfs/append” } ]

Slide 85

Slide 85

UCAN JWT → UCAN Payload { Header { } “alg”: “EdDSA”, “typ”: “JWT”, “ucv”: “0.9.0” } “iss”: “did:key:z6MksXQBfL8owztTCJTm7hNRf6b18YxXPp3i66oJHm8L3YGJ”, “aud”: “did:key:z6MkvXfPUv8bxtsVQiGo7Ntk4qKJNcgK2it52pc73teUpRLT”, “nbf”: 1639608293, “exp”: 9256939505, “fct” {“hello”: “world}, “att”: [ { “with”: “wnfs://demouser.fission.name/public/photos/”, “can”: “wnfs/overwrite” }, { “with”: “wnfs://demouser.fission.name/public/notes/”, “can”: “wnfs/append” } ] Signature kwRdqPN74pkcpXGgdk7Z7FW3M1mRR YaDE5ZgkG6srAuu6V6mvMVRdBLnD5 CWid-X4tDIKpliVjlCSLTntB4pCw

Slide 86

Slide 86

UCAN JWT → UCAN Payload { Header { } “alg”: “EdDSA”, “typ”: “JWT”, “ucv”: “0.9.0” } “iss”: “did:key:z6MksXQBfL8owztTCJTm7hNRf6b18YxXPp3i66oJHm8L3YGJ”, “aud”: “did:key:z6MkvXfPUv8bxtsVQiGo7Ntk4qKJNcgK2it52pc73teUpRLT”, “nbf”: 1639608293, “exp”: 9256939505, “fct” {“hello”: “world}, “att”: [ { “with”: “wnfs://demouser.fission.name/public/photos/”, “can”: “wnfs/overwrite” }, { “with”: “wnfs://demouser.fission.name/public/notes/”, “can”: “wnfs/append” } ] ✅ Signature kwRdqPN74pkcpXGgdk7Z7FW3M1mRR YaDE5ZgkG6srAuu6V6mvMVRdBLnD5 CWid-X4tDIKpliVjlCSLTntB4pCw

Slide 87

Slide 87

UCAN Anatomy of a Capability

Slide 88

Slide 88

UCAN Anatomy of a Capability [ { “with”: “http://example.com/alice/photos/”, “can”: “crud/read” }, { “with”: “mailto:boris@fission.codes”, “can”: “msg/send”, “ext”: { to”: “/.*@fission.codes/” } } ]

Slide 89

Slide 89

UCAN Anatomy of a Capability [ Resource / “noun” { “with”: “http://example.com/alice/photos/”, “can”: “crud/read” }, { “with”: “mailto:boris@fission.codes”, “can”: “msg/send”, “ext”: { to”: “/.*@fission.codes/” } } ] (URI)

Slide 90

Slide 90

UCAN Anatomy of a Capability [ Resource / “noun” { “with”: “http://example.com/alice/photos/”, “can”: “crud/read” }, Action / “verb” { “with”: “mailto:boris@fission.codes”, “can”: “msg/send”, “ext”: { to”: “/.*@fission.codes/” } } ] (URI)

Slide 91

Slide 91

UCAN Anatomy of a Capability [ Resource / “noun” { “with”: “http://example.com/alice/photos/”, (URI) “can”: “crud/read” }, Action / “verb” { “with”: “mailto:boris@fission.codes”, “can”: “msg/send”, “ext”: { to”: “/.*@fission.codes/” } } ] Extensible fields

Slide 92

Slide 92

UCAN Chain Witnesses

Slide 93

Slide 93

UCAN Chain Witnesses 👨🎨 🍭💐🎨

Slide 94

Slide 94

UCAN Chain Witnesses 👨🎨 🍭💐🎨 🧑🚀 🍭💐

Slide 95

Slide 95

UCAN Chain Witnesses 👨🎨 🍭💐🎨 🧑🚀 🍭💐 👨🦳 💐

Slide 96

Slide 96

UCAN Chain Witnesses 👨🎨 🍭💐🎨 🧑🚀 🍭💐 👨🦳 💐 👩💻 💐

Slide 97

Slide 97

UCAN Chain Witnesses 👨🎨 💐🍭🎨 👨🎨 🍭💐🎨 🧑🚀 🍭💐 👨🦳 💐 👩💻 💐

Slide 98

Slide 98

UCAN Chain Witnesses Root 👨🎨 💐🍭🎨 👨🎨 🍭💐🎨 From: 👨🎨 To: 🧑🚀 Caps: [🍭, 💐] 🧑🚀 🍭💐 👨🦳 💐 👩💻 💐

Slide 99

Slide 99

UCAN Chain Witnesses 👨🎨 💐🍭🎨 👨🎨 🍭💐🎨 Root Witness From: 👨🎨 To: 🧑🚀 Caps: [🍭, 💐] From: 🧑🚀 To: 👨🦳 Caps: [💐] 🧑🚀 🍭💐 👨🦳 💐 👩💻 💐

Slide 100

Slide 100

UCAN Chain Witnesses 👨🎨 💐🍭🎨 👨🎨 🍭💐🎨 Root Witness Invoked From: 👨🎨 To: 🧑🚀 Caps: [🍭, 💐] From: 🧑🚀 To: 👨🦳 Caps: [💐] From: 👨🦳 To: 👩💻 Caps: [💐] 🧑🚀 🍭💐 👨🦳 💐 👩💻 💐

Slide 101

Slide 101

UCAN Zoomed Out

Slide 102

Slide 102

UCAN Zoomed Out 👩💻

Slide 103

Slide 103

UCAN Zoomed Out 👩💻 🌈 🐶 🍬 🍾 🧸

Slide 104

Slide 104

UCAN Zoomed Out 👩💻 🌈 🐶 🍬 🍾 🧸 👨🦳🖥

Slide 105

Slide 105

UCAN Zoomed Out 👩💻 👨🦳🖥 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸

Slide 106

Slide 106

UCAN Zoomed Out 👩💻 👨🦳🖥 👨🦳📱 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🧸

Slide 107

Slide 107

UCAN Zoomed Out 👩💻 👨🦳🖥 👨🦳📱 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🧸 👩🚀 🐶

Slide 108

Slide 108

UCAN Zoomed Out 👩💻 👨🦳🖥 👨🦳📱 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🌈 🍾 🧸 👨🎨 🧸 👩🚀 🐶

Slide 109

Slide 109

UCAN Zoomed Out 👩💻 👨🦳🖥 👨🦳📱 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🌈 🌈 🧸 🍾 🧸 👨🎨 ☁⚙ 👩🚀 🐶

Slide 110

Slide 110

UCAN Zoomed Out 👩💻 👨🦳🖥 👨🦳📱 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🌈 🌈 👩🚀 🐶 🧸 🌈 🐶 🍾 🧸 👨🎨 ☁⚙ 💃

Slide 111

Slide 111

UCAN Zoomed Out 🐦 👩💻 👨🦳🖥 👨🦳📱 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🌈 🌈 Zero Coordination ✅ 📊 👩🚀 🐶 🧸 🌈 🐶 🔬 🍾 🧸 👨🎨 ☁⚙ 💃

Slide 112

Slide 112

UCAN Revocation Cascade 👩💻 👨🦳🖥 👨🦳📱 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🌈 🌈 👩🚀 🐶 🧸 🌈 🐶 🍾 🧸 👨🎨 ☁⚙ 💃

Slide 113

Slide 113

UCAN Revocation Cascade UCAN Hash 👩💻 👨🦳🖥 👨🦳📱 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🌈 🌈 👩🚀 🐶 🧸 🌈 🐶 🍾 🧸 👨🎨 ☁⚙ 💃

Slide 114

Slide 114

UCAN Composable Standard Library

Slide 115

Slide 115

UCAN Composable Standard Library Resource (URI) https: mailto: file: wnfs: dns: news: Action (Cap) crud/create crud/read crud/update crud/destroy msg/send msg/receive group/ban group/join

Slide 116

Slide 116

UCAN Semantic Extension

Slide 117

Slide 117

UCAN Semantic Extension { “with”: “http://example.com/alice/photos/”, “can”: “crud/read” } { “with”: “http://example.com/alice/photos/devconnect/”, “can”: “album/publish” }

Slide 118

Slide 118

UCAN Semantic Extension { “with”: “http://example.com/alice/photos/”, “can”: “crud/read” } { “with”: “http://example.com/alice/photos/devconnect/”, “can”: “album/publish” } album/publish ⇒ crud/read

Slide 119

Slide 119

Nontrivial Example 🕊

Slide 120

Slide 120

Nontrivial Example Encoded

Slide 121

Slide 121

Nontrivial Example Encoded eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCIsInVjdiI6IjAuNy4wIn0.eyJhdWQiOiJkaWQ6a2V5Ono2T Wt2WGZQVXY4Ynh0c1ZRaUdvN050azRxS0pOY2dLMml0NTJwYzczdGVVcFJMVCIsImF0dCI6W3sid25mcy I6ImRlbW91c2VyLmZpc3Npb24ubmFtZS9wdWJsaWMvcGhvdG9zLyIsImNhcCI6Ik9WRVJXUklURSJ9LHs id25mcyI6ImRlbW91c2VyLmZpc3Npb24ubmFtZS9wdWJsaWMvbm90ZXMvIiwiY2FwIjoiT1ZFUldSSVRF In1dLCJleHAiOjkyNTY5Mzk1MDUsImlzcyI6ImRpZDprZXk6ejZNa3NYUUJmTDhvd3p0VENKVG03aE5SZ jZiMThZeFhQcDNpNjZvSkhtOEwzWUdKIiwibmJmIjoxNjM5NjA4MjkzLCJwcmYiOlsiZXlKaGJHY2lPaU pGWkVSVFFTSXNJblI1Y0NJNklrcFhWQ0lzSW5WamRpSTZJakF1Tnk0d0luMC5leUpoZFdRaU9pSmthV1E 2YTJWNU9ubzJUV3R6V0ZGQ1prdzRiM2Q2ZEZSRFNsUnROMmhPVW1ZMllqRTRXWGhZVUhBemFUWTJiMHBJ YlRoTU0xbEhTaUlzSW1GMGRDSTZXM3NpZDI1bWN5STZJbVJsYlc5MWMyVnlMbVpwYzNOcGIyNHVibUZ0W lM5d2RXSnNhV012Y0dodmRHOXpMeUlzSW1OaGNDSTZJazlXUlZKWFVrbFVSU0o5WFN3aVpYaHdJam81TW pVMk9UTTVOVEExTENKcGMzTWlPaUprYVdRNmEyVjVPbm8yVFd0d05VVnplamx6TWsxSWMzRlpka3h2WTJ ONVNIZFlOVk5sZVZwTGNIRTNPVWQwTkRWbVJrZEZXbEk1T1NJc0ltNWlaaUk2TVRZek9UWXdPREk1TXl3 aWNISm1JanBiWFgwLjRUTmh1SFJyUEc5YUhvODY5SFhsc05LOF9GbWxTaFE1R3pHNGl0TjJOS2steUtUY kFNb0Z3VHVwdEcwWEZnTkl2SHVsUHBsVnpaWURWRGV4bzc2a0F3IiwiZXlKaGJHY2lPaUpGWkVSVFFTSX NJblI1Y0NJNklrcFhWQ0lzSW5WamRpSTZJakF1Tnk0d0luMC5leUpoZFdRaU9pSmthV1E2YTJWNU9ubzJ UV3R6V0ZGQ1prdzRiM2Q2ZEZSRFNsUnROMmhPVW1ZMllqRTRXWGhZVUhBemFUWTJiMHBJYlRoTU0xbEhT aUlzSW1GMGRDSTZXM3NpZDI1bWN5STZJbVJsYlc5MWMyVnlMbVpwYzNOcGIyNHVibUZ0WlM5d2RXSnNhV 012Ym05MFpYTXZJaXdpWTJGd0lqb2lUMVpGVWxkU1NWUkZJbjFkTENKbGVIQWlPamt5TlRZNU16azFNRF VzSW1semN5STZJbVJwWkRwclpYazZlalpOYTNBMVJYTjZPWE15VFVoemNWbDJURzlqWTNsSWQxZzFVMlY 1V2t0d2NUYzVSM1EwTldaR1IwVmFVams1SWl3aWJtSm1Jam94TmpNNU5qQTRNamt6TENKd2NtWWlPbHRk ZlEuTWdZYXJMcXk3Um1RMUFJcnFZTDZjRnk5ejdhNVdJQVUtLVRZQVJQU2dpck9Tc3p2YXIzX0ROcjI1c mJQcmV0SGJuVDBtTVZLeW9hUVhydVI3S2JyQmciXX0.kwRdqPN74pkcpXGgdk7Z7FW3M1mRRYaDE5ZgkG 6srAuu6V6mvMVRdBLnD5CWid-X4tDIKpliVjlCSLTntB4pCw

Slide 122

Slide 122

Nontrivial Example Decoded Payload { Header { } “alg”: “EdDSA”, “typ”: “JWT”, “ucv”: “0.8.0” “iss”: “did:key:z6MksXQBfL8owztTCJTm7hNRf6b18YxXPp3i66oJHm8L3YGJ”, “aud”: “did:key:z6MkvXfPUv8bxtsVQiGo7Ntk4qKJNcgK2it52pc73teUpRLT”, “nbf”: 1639608293, “exp”: 9256939505, “att”: [ { “with”: “wnfs://demouser.fission.name/public/photos/”, “can”: “OVERWRITE” }, { “with”: “wnfs://demouser.fission.name/public/notes/”, “can”: “APPEND” } ], “prf”: [ “eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCIsInVjdiI6IjAuNy4wIn0.eyJhdWQiOiJkaWQ6a 2V5Ono2TWtzWFFCZkw4b3d6dFRDSlRtN2hOUmY2YjE4WXhYUHAzaTY2b0pIbThMM1lHSiIsImF 0dCI6W3sid25mcyI6ImRlbW91c2VyLmZpc3Npb24ubmFtZS9wdWJsaWMvcGhvdG9zLyIsImNhc CI6Ik9WRVJXUklURSJ9XSwiZXhwIjo5MjU2OTM5NTA1LCJpc3MiOiJkaWQ6a2V5Ono2TWtwNUV zejlzMk1Ic3FZdkxvY2N5SHdYNVNleVpLcHE3OUd0NDVmRkdFWlI5OSIsIm5iZiI6MTYzOTYwO DI5MywicHJmIjpbXX0.4TNhuHRrPG9aHo869HXlsNK8_FmlShQ5GzG4itN2NKkyKTbAMoFwTuptG0XFgNIvHulPplVzZYDVDexo76kAw”, “eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCIsInVjdiI6IjAuNy4wIn0.eyJhdWQiOiJkaWQ6a 2V5Ono2TWtzWFFCZkw4b3d6dFRDSlRtN2hOUmY2YjE4WXhYUHAzaTY2b0pIbThMM1lHSiIsImF 0dCI6W3sid25mcyI6ImRlbW91c2VyLmZpc3Npb24ubmFtZS9wdWJsaWMvbm90ZXMvIiwiY2FwI joiT1ZFUldSSVRFIn1dLCJleHAiOjkyNTY5Mzk1MDUsImlzcyI6ImRpZDprZXk6ejZNa3A1RXN 6OXMyTUhzcVl2TG9jY3lId1g1U2V5WktwcTc5R3Q0NWZGR0VaUjk5IiwibmJmIjoxNjM5NjA4M jkzLCJwcmYiOltdfQ.MgYarLqy7RmQ1AIrqYL6cFy9z7a5WIAU-TYARPSgirOSszvar3_DNr25rbPretHbnT0mMVKyoaQXruR7KbrBg” ] } Signature kwRdqPN74pkcpXGgdk7Z7FW3M1mRR YaDE5ZgkG6srAuu6V6mvMVRdBLnD5 CWid-X4tDIKpliVjlCSLTntB4pCw

Slide 123

Slide 123

Nontrivial Example Decoded Payload { Header { } “alg”: “EdDSA”, “typ”: “JWT”, “ucv”: “0.8.0” “iss”: “did:key:z6MksXQBfL8owztTCJTm7hNRf6b18YxXPp3i66oJHm8L3YGJ”, “aud”: “did:key:z6MkvXfPUv8bxtsVQiGo7Ntk4qKJNcgK2it52pc73teUpRLT”, “nbf”: 1639608293, “exp”: 9256939505, “att”: [ { “with”: “wnfs://demouser.fission.name/public/photos/”, “can”: “OVERWRITE” }, { “with”: “wnfs://demouser.fission.name/public/notes/”, “can”: “APPEND” } ], “prf”: [ “eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCIsInVjdiI6IjAuNy4wIn0.eyJhdWQiOiJkaWQ6a 2V5Ono2TWtzWFFCZkw4b3d6dFRDSlRtN2hOUmY2YjE4WXhYUHAzaTY2b0pIbThMM1lHSiIsImF 0dCI6W3sid25mcyI6ImRlbW91c2VyLmZpc3Npb24ubmFtZS9wdWJsaWMvcGhvdG9zLyIsImNhc CI6Ik9WRVJXUklURSJ9XSwiZXhwIjo5MjU2OTM5NTA1LCJpc3MiOiJkaWQ6a2V5Ono2TWtwNUV zejlzMk1Ic3FZdkxvY2N5SHdYNVNleVpLcHE3OUd0NDVmRkdFWlI5OSIsIm5iZiI6MTYzOTYwO DI5MywicHJmIjpbXX0.4TNhuHRrPG9aHo869HXlsNK8_FmlShQ5GzG4itN2NKkyKTbAMoFwTuptG0XFgNIvHulPplVzZYDVDexo76kAw”, “eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCIsInVjdiI6IjAuNy4wIn0.eyJhdWQiOiJkaWQ6a 2V5Ono2TWtzWFFCZkw4b3d6dFRDSlRtN2hOUmY2YjE4WXhYUHAzaTY2b0pIbThMM1lHSiIsImF 0dCI6W3sid25mcyI6ImRlbW91c2VyLmZpc3Npb24ubmFtZS9wdWJsaWMvbm90ZXMvIiwiY2FwI joiT1ZFUldSSVRFIn1dLCJleHAiOjkyNTY5Mzk1MDUsImlzcyI6ImRpZDprZXk6ejZNa3A1RXN 6OXMyTUhzcVl2TG9jY3lId1g1U2V5WktwcTc5R3Q0NWZGR0VaUjk5IiwibmJmIjoxNjM5NjA4M jkzLCJwcmYiOltdfQ.MgYarLqy7RmQ1AIrqYL6cFy9z7a5WIAU-TYARPSgirOSszvar3_DNr25rbPretHbnT0mMVKyoaQXruR7KbrBg” ] } Signature kwRdqPN74pkcpXGgdk7Z7FW3M1mRR YaDE5ZgkG6srAuu6V6mvMVRdBLnD5 CWid-X4tDIKpliVjlCSLTntB4pCw

Slide 124

Slide 124

Nontrivial Example Decoded Witness #1 Payload { Header { } “alg”: “EdDSA”, “typ”: “JWT”, “ucv”: “0.8.0” } “iss”: “did:key:z6Mkp5Esz9s2MHsqYvLoccyHwX5SeyZKpq79Gt45fFGEZR99”, “aud”: “did:key:z6MksXQBfL8owztTCJTm7hNRf6b18YxXPp3i66oJHm8L3YGJ”, “nbf”: 1639608293, “exp”: 9256939505, “att”: [ { “with”: “wnfs://demouser.fission.name/public/photos/”, “can”: “OVERWRITE” } ], “prf”: [] Signature 4TNhuHRrPG9aHo869HXlsNK8_FmlShQ5GzG 4itN2NKkyKTbAMoFwTuptG0XFgNIvHulPplVzZYDVDe xo76kAw

Slide 125

Slide 125

Nontrivial Example ucan.xyz — Online Explorer / Validator

Slide 126

Slide 126

Nontrivial Example ucan.xyz — Online Explorer / Validator

Slide 127

Slide 127

Nontrivial Example ucan.xyz — Online Explorer / Validator

Slide 128

Slide 128

Nontrivial Example ucan.xyz — Online Explorer / Validator

Slide 129

Slide 129

Nontrivial Example Auth Should be Boring!

Slide 130

Slide 130

Nontrivial Example Auth Should be Boring!

Slide 131

Slide 131

Resources 📚

Slide 132

Slide 132

Resources Further Reading

Slide 133

Slide 133

Resources Further Reading • https://talk.fission.codes/t/user-controlled-authorization-networks-ucan-resources/1122 • https://github.com/ucan-wg/ • Spec, Improvement Proposals • Libraries in TypeScript, Rust, Golang, Haskell • Capability Myths Demolished (https://srl.cs.jhu.edu/pubs/SRL2003-02.pdf) • ACLs Don’t (http://waterken.sourceforge.net/aclsdont/current.pdf) • https://erights.org • https://theworld.com/~cme/html/spki.html

Slide 134

Slide 134

https://ucan.xyz https://github.com/ucan-wg 🎉 Thank You, CASA Amsterdam 🇳🇱 brooklyn@fission.codes https://fission.codes github.com/expede @expede