A presentation at Chain Agnostic Standards Alliance (CASA) Gathering in in Amsterdam, Netherlands by Brooklyn Zelenka
An Intro to UCAN Or: how to make the internet web3, from the inside out
Every program has (at least) two purposes: the one for which it was written, and another for which it wasn’t Alan Perlis, Epigram #16
Cryptography is a tool for turning lots of different problems into key management problems Dr. Lea Kissner, Google’s Global Lead of Privacy Technologies
Brooklyn Zelenka @expede
Brooklyn Zelenka @expede • Cofounder & CTO at Fission • https://fission.codes / @FISSIONCodes • Chain agnostic from the ground up!
Brooklyn Zelenka @expede • Cofounder & CTO at Fission • https://fission.codes / @FISSIONCodes • Chain agnostic from the ground up! • Editor of the UCAN spec
Brooklyn Zelenka @expede • Cofounder & CTO at Fission • https://fission.codes / @FISSIONCodes • Chain agnostic from the ground up! • Editor of the UCAN spec • Background: PLT, VMs, Formal Methods, Distributed Systems
Brooklyn Zelenka @expede ff • Cofounder & CTO at Fission • https://fission.codes / @FISSIONCodes • Chain agnostic from the ground up! • Editor of the UCAN spec • Background: PLT, VMs, Formal Methods, Distributed Systems • Meetups: VanFP, Code & Co ee, Distributed Systems Reading Group
Brooklyn Zelenka @expede • Cofounder & CTO at Fission • https://fission.codes / @FISSIONCodes • Chain agnostic from the ground up! • Editor of the UCAN spec • Background: PLT, VMs, Formal Methods, Distributed Systems • Meetups: VanFP, Code & Co ee, Distributed Systems Reading Group ff https://lu.ma/distributed-systems
Meta Wherefore Art Thou UCAN?
Meta Wherefore Art Thou UCAN? DIDs say who you are
Meta Wherefore Art Thou UCAN? DIDs say who you are UCANs show what you can do
Meta Wherefore Art Thou UCAN? AuthN DIDs say who you are UCANs show what you can do AuthZ
Meta Teaser Token eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCIsInVjdiI6IjAuNy4wIn0.eyJhdWQiOiJkaWQ6a2V5Ono2TWtzWFFCZkw4b3d6dFRDSlRt N2hOUmY2YjE4WXhYUHAzaTY2b0pIbThMM1lHSiIsImF0dCI6W3sid25mcyI6ImRlbW91c2VyLmZpc3Npb24ubmFtZS9wdWJsaWMvbm90 ZXMvIiwiY2FwIjoiT1ZFUldSSVRFIn1dLCJleHAiOjkyNTY5Mzk1MDUsImlzcyI6ImRpZDprZXk6ejZNa3A1RXN6OXMyTUhzcVl2TG9j Y3lId1g1U2V5WktwcTc5R3Q0NWZGR0VaUjk5IiwibmJmIjoxNjM5NjA4MjkzLCJwcmYiOltdfQ.MgYarLqy7RmQ1AIrqYL6cFy9z7a5W IAU—TYARPSgirOSszvar3_DNr25rbPretHbnT0mMVKyoaQXruR7KbrBg { } “iss”: “did:key:z6Mkp5Esz9s2MHsqYvLoccyHwX5SeyZKpq79Gt45fFGEZR99”, “aud”: “did:key:z6MksXQBfL8owztTCJTm7hNRf6b18YxXPp3i66oJHm8L3YGJ”, “exp”: 9256939505, “nbf”: 1639608293, “att”: [ { “with”: “wnfs://demouser.fission.name/public/notes/”, “can”: “OVERWRITE” } ]
How to Power a New Internet 🔌
How to Power a New Internet 🔌
How to Power a New Internet 🔌 web3 ⊋ Blockchain
How to Power a New Internet 🔌 web3 ⊋ Blockchain P2P, IPFS, Matrix
How to Power a New Internet 🔌 web3 ⊋ Blockchain P2P, IPFS, Matrix Open, accessible, trustless, portable
How to Power a New Internet 🔌 web3 ⊋ Blockchain P2P, IPFS, Matrix Open, accessible, trustless, portable User sovereignty: mobile browsers, local-first
How to Power a New Internet 🔌 web3 ⊋ Blockchain P2P, IPFS, Matrix Open, accessible, trustless, portable User sovereignty: mobile browsers, local-first …and so on
How to Power a New Internet 🔌 It’s Still Extremely Early Days!
How to Power a New Internet 🔌 It’s Still Extremely Early Days!
How to Power a New Internet 🔌 It’s Still Extremely Early Days!
How to Power a New Internet 🔌 It’s Still Extremely Early Days!
How to Power a New Internet 🔌 User Problems
How to Power a New Internet 🔌 User Problems Dapp UX is too hard for many users
How to Power a New Internet 🔌 Dev Problems
How to Power a New Internet 🔌 Dev Problems Too many (d)apps are centralized(!)
How to Power a New Internet 🔌 Move the Needle
How to Power a New Internet 🔌 Move the Needle Realpolitik Easier, more secure, & more open than: OAuth, X.509, SAML, MetaMask, WalletConnect, etc
How to Power a New Internet 🔌 OAuth Sequence
How to Power a New Internet 🔌 UCAN Sequence 🕙 🕙
Design Principles 📐
Design Principles 📐 Adoption
Design Principles 📐 Adoption Be a Trojan Horse Build on widely supported, familiar, well-understood standards
Design Principles 📐 Adoption
Design Principles 📐 Adoption Convenience > ideology
Design Principles 📐 Adoption
Design Principles 📐 Adoption Play Nice with Others Plug into existing tools Bridge to other standards Integrate with other systems
User Controlled, Local-First, Universal Auth UCAN 🎟
UCAN Non-Extractable Browser Keys
UCAN Non-Extractable Browser Keys
UCAN Non-Extractable Browser Keys
UCAN Non-Extractable Browser Keys
UCAN Non-Extractable Browser Keys
UCAN Non-Extractable Browser Keys
UCAN Auth Models
UCAN Auth Models ACLs 📑 👩🎤 👮 ✋ ⚙ Caps 👩🎤 🎟 ⚙
UCAN ACL Read & Write
UCAN ACL Read & Write 🧑🌾
UCAN ACL Read & Write 🧑🌾 ⚙
UCAN ACL Read & Write 🧑🌾 💂 ✋ ⚙
UCAN ACL Read & Write 🧑🌾 📑 💂 ✋ ⚙
UCAN ACL Read & Write 🧑🌾 📑 💂 ✋ ⚙
UCAN ACL Read & Write 🧑🌾 📑 💂 ✋ ⚙
UCAN ACL Read & Write 🧑🌾 📑 💂 ✋ Not in control ⚙
UCAN ACL Read & Write 📑 In control 🧑🌾 💂 ✋ Not in control ⚙
UCAN ACL Read & Write 📑 In control 🧑🌾 💂 ✋ Not in control ⚙
UCAN ACL Read & Write 📑 💂 ✋ In control 🧑🌾 💂 ✋ Not in control ⚙
UCAN ACL Read & Write 📑 💂 ✋ In control 🧑🌾 💂 ✋ Not in control ⚙
UCAN From Actors to Capabilities
UCAN From Actors to Capabilities 🕵
UCAN From Actors to Capabilities 🕵 ⚙
UCAN From Actors to Capabilities 🕵 🗺 ✊ ✊ Addr ⚙
UCAN From Actors to Capabilities 🕵 🗺 ✊ ✊ Addr 🎟 ⚙
UCAN From Actors to Capabilities 🕵 🗺 ✊ ✊ Addr In control 🎟 ⚙
UCAN From Actors to Capabilities 🕵 🗺 ✊ ✊ Addr In control 🎟 ⚙ All req info
UCAN From Actors to Capabilities 🕵 🗺 ✊ ✊ Addr 🎟 ⚙
UCAN From Actors to Capabilities 🕵 🎟 🗺 🎟 🎟 ✊ ✊ Addr ⚙
UCAN From Actors to Capabilities 🕵 🗺 ✊ ✊ Addr 🎟 ⚙
UCAN From Actors to Capabilities 🕵 🗺 ✊ ✊ Addr 🎟 👨🎨 ⚙
UCAN From Actors to Capabilities 🕵 🗺 ✊ ✊ Addr 🎟 🎟 👨🎨 ⚙
UCAN From Actors to Capabilities 🕵 🗺 ✊ ✊ Addr 🎟 🎟 👨🎨 ⚙ 🎟
UCAN From Actors to Capabilities ) h t u a r o f s l e n 🕵 🗺 ✊ ✊ Addr n a h c e t a t s e k i (L 🎟 🎟 ⚙ 👨🎨 🎟
UCAN Rights Amplification
UCAN Rights Amplification 🥫 ✂
UCAN Rights Amplification 🥫 ✨ ✂
UCAN Rights Amplification 🥫 ✨ 🥘 ✂
UCAN JWT → UCAN
UCAN JWT → UCAN Header { } “alg”: “EdDSA”, “typ”: “JWT”, “ucv”: “0.9.0”
UCAN JWT → UCAN Payload { Header { } “alg”: “EdDSA”, “typ”: “JWT”, “ucv”: “0.9.0” } “iss”: “did:key:z6MksXQBfL8owztTCJTm7hNRf6b18YxXPp3i66oJHm8L3YGJ”, “aud”: “did:key:z6MkvXfPUv8bxtsVQiGo7Ntk4qKJNcgK2it52pc73teUpRLT”, “nbf”: 1639608293, “exp”: 9256939505, “fct” {“hello”: “world}, “att”: [ { “with”: “wnfs://demouser.fission.name/public/photos/”, “can”: “wnfs/overwrite” }, { “with”: “wnfs://demouser.fission.name/public/notes/”, “can”: “wnfs/append” } ]
UCAN JWT → UCAN Payload { Header { } “alg”: “EdDSA”, “typ”: “JWT”, “ucv”: “0.9.0” } “iss”: “did:key:z6MksXQBfL8owztTCJTm7hNRf6b18YxXPp3i66oJHm8L3YGJ”, “aud”: “did:key:z6MkvXfPUv8bxtsVQiGo7Ntk4qKJNcgK2it52pc73teUpRLT”, “nbf”: 1639608293, “exp”: 9256939505, “fct” {“hello”: “world}, “att”: [ { “with”: “wnfs://demouser.fission.name/public/photos/”, “can”: “wnfs/overwrite” }, { “with”: “wnfs://demouser.fission.name/public/notes/”, “can”: “wnfs/append” } ] Signature kwRdqPN74pkcpXGgdk7Z7FW3M1mRR YaDE5ZgkG6srAuu6V6mvMVRdBLnD5 CWid-X4tDIKpliVjlCSLTntB4pCw
UCAN JWT → UCAN Payload { Header { } “alg”: “EdDSA”, “typ”: “JWT”, “ucv”: “0.9.0” } “iss”: “did:key:z6MksXQBfL8owztTCJTm7hNRf6b18YxXPp3i66oJHm8L3YGJ”, “aud”: “did:key:z6MkvXfPUv8bxtsVQiGo7Ntk4qKJNcgK2it52pc73teUpRLT”, “nbf”: 1639608293, “exp”: 9256939505, “fct” {“hello”: “world}, “att”: [ { “with”: “wnfs://demouser.fission.name/public/photos/”, “can”: “wnfs/overwrite” }, { “with”: “wnfs://demouser.fission.name/public/notes/”, “can”: “wnfs/append” } ] ✅ Signature kwRdqPN74pkcpXGgdk7Z7FW3M1mRR YaDE5ZgkG6srAuu6V6mvMVRdBLnD5 CWid-X4tDIKpliVjlCSLTntB4pCw
UCAN Anatomy of a Capability
UCAN Anatomy of a Capability [ { “with”: “http://example.com/alice/photos/”, “can”: “crud/read” }, { “with”: “mailto:boris@fission.codes”, “can”: “msg/send”, “ext”: { to”: “/.*@fission.codes/” } } ]
UCAN Anatomy of a Capability [ Resource / “noun” { “with”: “http://example.com/alice/photos/”, “can”: “crud/read” }, { “with”: “mailto:boris@fission.codes”, “can”: “msg/send”, “ext”: { to”: “/.*@fission.codes/” } } ] (URI)
UCAN Anatomy of a Capability [ Resource / “noun” { “with”: “http://example.com/alice/photos/”, “can”: “crud/read” }, Action / “verb” { “with”: “mailto:boris@fission.codes”, “can”: “msg/send”, “ext”: { to”: “/.*@fission.codes/” } } ] (URI)
UCAN Anatomy of a Capability [ Resource / “noun” { “with”: “http://example.com/alice/photos/”, (URI) “can”: “crud/read” }, Action / “verb” { “with”: “mailto:boris@fission.codes”, “can”: “msg/send”, “ext”: { to”: “/.*@fission.codes/” } } ] Extensible fields
UCAN Chain Witnesses
UCAN Chain Witnesses 👨🎨 🍭💐🎨
UCAN Chain Witnesses 👨🎨 🍭💐🎨 🧑🚀 🍭💐
UCAN Chain Witnesses 👨🎨 🍭💐🎨 🧑🚀 🍭💐 👨🦳 💐
UCAN Chain Witnesses 👨🎨 🍭💐🎨 🧑🚀 🍭💐 👨🦳 💐 👩💻 💐
UCAN Chain Witnesses 👨🎨 💐🍭🎨 👨🎨 🍭💐🎨 🧑🚀 🍭💐 👨🦳 💐 👩💻 💐
UCAN Chain Witnesses Root 👨🎨 💐🍭🎨 👨🎨 🍭💐🎨 From: 👨🎨 To: 🧑🚀 Caps: [🍭, 💐] 🧑🚀 🍭💐 👨🦳 💐 👩💻 💐
UCAN Chain Witnesses 👨🎨 💐🍭🎨 👨🎨 🍭💐🎨 Root Witness From: 👨🎨 To: 🧑🚀 Caps: [🍭, 💐] From: 🧑🚀 To: 👨🦳 Caps: [💐] 🧑🚀 🍭💐 👨🦳 💐 👩💻 💐
UCAN Chain Witnesses 👨🎨 💐🍭🎨 👨🎨 🍭💐🎨 Root Witness Invoked From: 👨🎨 To: 🧑🚀 Caps: [🍭, 💐] From: 🧑🚀 To: 👨🦳 Caps: [💐] From: 👨🦳 To: 👩💻 Caps: [💐] 🧑🚀 🍭💐 👨🦳 💐 👩💻 💐
UCAN Zoomed Out
UCAN Zoomed Out 👩💻
UCAN Zoomed Out 👩💻 🌈 🐶 🍬 🍾 🧸
UCAN Zoomed Out 👩💻 🌈 🐶 🍬 🍾 🧸 👨🦳🖥
UCAN Zoomed Out 👩💻 👨🦳🖥 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸
UCAN Zoomed Out 👩💻 👨🦳🖥 👨🦳📱 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🧸
UCAN Zoomed Out 👩💻 👨🦳🖥 👨🦳📱 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🧸 👩🚀 🐶
UCAN Zoomed Out 👩💻 👨🦳🖥 👨🦳📱 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🌈 🍾 🧸 👨🎨 🧸 👩🚀 🐶
UCAN Zoomed Out 👩💻 👨🦳🖥 👨🦳📱 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🌈 🌈 🧸 🍾 🧸 👨🎨 ☁⚙ 👩🚀 🐶
UCAN Zoomed Out 👩💻 👨🦳🖥 👨🦳📱 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🌈 🌈 👩🚀 🐶 🧸 🌈 🐶 🍾 🧸 👨🎨 ☁⚙ 💃
UCAN Zoomed Out 🐦 👩💻 👨🦳🖥 👨🦳📱 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🌈 🌈 Zero Coordination ✅ 📊 👩🚀 🐶 🧸 🌈 🐶 🔬 🍾 🧸 👨🎨 ☁⚙ 💃
UCAN Revocation Cascade 👩💻 👨🦳🖥 👨🦳📱 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🌈 🌈 👩🚀 🐶 🧸 🌈 🐶 🍾 🧸 👨🎨 ☁⚙ 💃
UCAN Revocation Cascade UCAN Hash 👩💻 👨🦳🖥 👨🦳📱 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🍬 🍾 🧸 🌈 🐶 🌈 🌈 👩🚀 🐶 🧸 🌈 🐶 🍾 🧸 👨🎨 ☁⚙ 💃
UCAN Composable Standard Library
UCAN Composable Standard Library Resource (URI) https: mailto: file: wnfs: dns: news: Action (Cap) crud/create crud/read crud/update crud/destroy msg/send msg/receive group/ban group/join
UCAN Semantic Extension
UCAN Semantic Extension { “with”: “http://example.com/alice/photos/”, “can”: “crud/read” } { “with”: “http://example.com/alice/photos/devconnect/”, “can”: “album/publish” }
UCAN Semantic Extension { “with”: “http://example.com/alice/photos/”, “can”: “crud/read” } { “with”: “http://example.com/alice/photos/devconnect/”, “can”: “album/publish” } album/publish ⇒ crud/read
Nontrivial Example 🕊
Nontrivial Example Encoded
Nontrivial Example Encoded eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCIsInVjdiI6IjAuNy4wIn0.eyJhdWQiOiJkaWQ6a2V5Ono2T Wt2WGZQVXY4Ynh0c1ZRaUdvN050azRxS0pOY2dLMml0NTJwYzczdGVVcFJMVCIsImF0dCI6W3sid25mcy I6ImRlbW91c2VyLmZpc3Npb24ubmFtZS9wdWJsaWMvcGhvdG9zLyIsImNhcCI6Ik9WRVJXUklURSJ9LHs id25mcyI6ImRlbW91c2VyLmZpc3Npb24ubmFtZS9wdWJsaWMvbm90ZXMvIiwiY2FwIjoiT1ZFUldSSVRF In1dLCJleHAiOjkyNTY5Mzk1MDUsImlzcyI6ImRpZDprZXk6ejZNa3NYUUJmTDhvd3p0VENKVG03aE5SZ jZiMThZeFhQcDNpNjZvSkhtOEwzWUdKIiwibmJmIjoxNjM5NjA4MjkzLCJwcmYiOlsiZXlKaGJHY2lPaU pGWkVSVFFTSXNJblI1Y0NJNklrcFhWQ0lzSW5WamRpSTZJakF1Tnk0d0luMC5leUpoZFdRaU9pSmthV1E 2YTJWNU9ubzJUV3R6V0ZGQ1prdzRiM2Q2ZEZSRFNsUnROMmhPVW1ZMllqRTRXWGhZVUhBemFUWTJiMHBJ YlRoTU0xbEhTaUlzSW1GMGRDSTZXM3NpZDI1bWN5STZJbVJsYlc5MWMyVnlMbVpwYzNOcGIyNHVibUZ0W lM5d2RXSnNhV012Y0dodmRHOXpMeUlzSW1OaGNDSTZJazlXUlZKWFVrbFVSU0o5WFN3aVpYaHdJam81TW pVMk9UTTVOVEExTENKcGMzTWlPaUprYVdRNmEyVjVPbm8yVFd0d05VVnplamx6TWsxSWMzRlpka3h2WTJ ONVNIZFlOVk5sZVZwTGNIRTNPVWQwTkRWbVJrZEZXbEk1T1NJc0ltNWlaaUk2TVRZek9UWXdPREk1TXl3 aWNISm1JanBiWFgwLjRUTmh1SFJyUEc5YUhvODY5SFhsc05LOF9GbWxTaFE1R3pHNGl0TjJOS2steUtUY kFNb0Z3VHVwdEcwWEZnTkl2SHVsUHBsVnpaWURWRGV4bzc2a0F3IiwiZXlKaGJHY2lPaUpGWkVSVFFTSX NJblI1Y0NJNklrcFhWQ0lzSW5WamRpSTZJakF1Tnk0d0luMC5leUpoZFdRaU9pSmthV1E2YTJWNU9ubzJ UV3R6V0ZGQ1prdzRiM2Q2ZEZSRFNsUnROMmhPVW1ZMllqRTRXWGhZVUhBemFUWTJiMHBJYlRoTU0xbEhT aUlzSW1GMGRDSTZXM3NpZDI1bWN5STZJbVJsYlc5MWMyVnlMbVpwYzNOcGIyNHVibUZ0WlM5d2RXSnNhV 012Ym05MFpYTXZJaXdpWTJGd0lqb2lUMVpGVWxkU1NWUkZJbjFkTENKbGVIQWlPamt5TlRZNU16azFNRF VzSW1semN5STZJbVJwWkRwclpYazZlalpOYTNBMVJYTjZPWE15VFVoemNWbDJURzlqWTNsSWQxZzFVMlY 1V2t0d2NUYzVSM1EwTldaR1IwVmFVams1SWl3aWJtSm1Jam94TmpNNU5qQTRNamt6TENKd2NtWWlPbHRk ZlEuTWdZYXJMcXk3Um1RMUFJcnFZTDZjRnk5ejdhNVdJQVUtLVRZQVJQU2dpck9Tc3p2YXIzX0ROcjI1c mJQcmV0SGJuVDBtTVZLeW9hUVhydVI3S2JyQmciXX0.kwRdqPN74pkcpXGgdk7Z7FW3M1mRRYaDE5ZgkG 6srAuu6V6mvMVRdBLnD5CWid-X4tDIKpliVjlCSLTntB4pCw
Nontrivial Example Decoded Payload { Header { } “alg”: “EdDSA”, “typ”: “JWT”, “ucv”: “0.8.0” “iss”: “did:key:z6MksXQBfL8owztTCJTm7hNRf6b18YxXPp3i66oJHm8L3YGJ”, “aud”: “did:key:z6MkvXfPUv8bxtsVQiGo7Ntk4qKJNcgK2it52pc73teUpRLT”, “nbf”: 1639608293, “exp”: 9256939505, “att”: [ { “with”: “wnfs://demouser.fission.name/public/photos/”, “can”: “OVERWRITE” }, { “with”: “wnfs://demouser.fission.name/public/notes/”, “can”: “APPEND” } ], “prf”: [ “eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCIsInVjdiI6IjAuNy4wIn0.eyJhdWQiOiJkaWQ6a 2V5Ono2TWtzWFFCZkw4b3d6dFRDSlRtN2hOUmY2YjE4WXhYUHAzaTY2b0pIbThMM1lHSiIsImF 0dCI6W3sid25mcyI6ImRlbW91c2VyLmZpc3Npb24ubmFtZS9wdWJsaWMvcGhvdG9zLyIsImNhc CI6Ik9WRVJXUklURSJ9XSwiZXhwIjo5MjU2OTM5NTA1LCJpc3MiOiJkaWQ6a2V5Ono2TWtwNUV zejlzMk1Ic3FZdkxvY2N5SHdYNVNleVpLcHE3OUd0NDVmRkdFWlI5OSIsIm5iZiI6MTYzOTYwO DI5MywicHJmIjpbXX0.4TNhuHRrPG9aHo869HXlsNK8_FmlShQ5GzG4itN2NKkyKTbAMoFwTuptG0XFgNIvHulPplVzZYDVDexo76kAw”, “eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCIsInVjdiI6IjAuNy4wIn0.eyJhdWQiOiJkaWQ6a 2V5Ono2TWtzWFFCZkw4b3d6dFRDSlRtN2hOUmY2YjE4WXhYUHAzaTY2b0pIbThMM1lHSiIsImF 0dCI6W3sid25mcyI6ImRlbW91c2VyLmZpc3Npb24ubmFtZS9wdWJsaWMvbm90ZXMvIiwiY2FwI joiT1ZFUldSSVRFIn1dLCJleHAiOjkyNTY5Mzk1MDUsImlzcyI6ImRpZDprZXk6ejZNa3A1RXN 6OXMyTUhzcVl2TG9jY3lId1g1U2V5WktwcTc5R3Q0NWZGR0VaUjk5IiwibmJmIjoxNjM5NjA4M jkzLCJwcmYiOltdfQ.MgYarLqy7RmQ1AIrqYL6cFy9z7a5WIAU-TYARPSgirOSszvar3_DNr25rbPretHbnT0mMVKyoaQXruR7KbrBg” ] } Signature kwRdqPN74pkcpXGgdk7Z7FW3M1mRR YaDE5ZgkG6srAuu6V6mvMVRdBLnD5 CWid-X4tDIKpliVjlCSLTntB4pCw
Nontrivial Example Decoded Payload { Header { } “alg”: “EdDSA”, “typ”: “JWT”, “ucv”: “0.8.0” “iss”: “did:key:z6MksXQBfL8owztTCJTm7hNRf6b18YxXPp3i66oJHm8L3YGJ”, “aud”: “did:key:z6MkvXfPUv8bxtsVQiGo7Ntk4qKJNcgK2it52pc73teUpRLT”, “nbf”: 1639608293, “exp”: 9256939505, “att”: [ { “with”: “wnfs://demouser.fission.name/public/photos/”, “can”: “OVERWRITE” }, { “with”: “wnfs://demouser.fission.name/public/notes/”, “can”: “APPEND” } ], “prf”: [ “eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCIsInVjdiI6IjAuNy4wIn0.eyJhdWQiOiJkaWQ6a 2V5Ono2TWtzWFFCZkw4b3d6dFRDSlRtN2hOUmY2YjE4WXhYUHAzaTY2b0pIbThMM1lHSiIsImF 0dCI6W3sid25mcyI6ImRlbW91c2VyLmZpc3Npb24ubmFtZS9wdWJsaWMvcGhvdG9zLyIsImNhc CI6Ik9WRVJXUklURSJ9XSwiZXhwIjo5MjU2OTM5NTA1LCJpc3MiOiJkaWQ6a2V5Ono2TWtwNUV zejlzMk1Ic3FZdkxvY2N5SHdYNVNleVpLcHE3OUd0NDVmRkdFWlI5OSIsIm5iZiI6MTYzOTYwO DI5MywicHJmIjpbXX0.4TNhuHRrPG9aHo869HXlsNK8_FmlShQ5GzG4itN2NKkyKTbAMoFwTuptG0XFgNIvHulPplVzZYDVDexo76kAw”, “eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCIsInVjdiI6IjAuNy4wIn0.eyJhdWQiOiJkaWQ6a 2V5Ono2TWtzWFFCZkw4b3d6dFRDSlRtN2hOUmY2YjE4WXhYUHAzaTY2b0pIbThMM1lHSiIsImF 0dCI6W3sid25mcyI6ImRlbW91c2VyLmZpc3Npb24ubmFtZS9wdWJsaWMvbm90ZXMvIiwiY2FwI joiT1ZFUldSSVRFIn1dLCJleHAiOjkyNTY5Mzk1MDUsImlzcyI6ImRpZDprZXk6ejZNa3A1RXN 6OXMyTUhzcVl2TG9jY3lId1g1U2V5WktwcTc5R3Q0NWZGR0VaUjk5IiwibmJmIjoxNjM5NjA4M jkzLCJwcmYiOltdfQ.MgYarLqy7RmQ1AIrqYL6cFy9z7a5WIAU-TYARPSgirOSszvar3_DNr25rbPretHbnT0mMVKyoaQXruR7KbrBg” ] } Signature kwRdqPN74pkcpXGgdk7Z7FW3M1mRR YaDE5ZgkG6srAuu6V6mvMVRdBLnD5 CWid-X4tDIKpliVjlCSLTntB4pCw
Nontrivial Example Decoded Witness #1 Payload { Header { } “alg”: “EdDSA”, “typ”: “JWT”, “ucv”: “0.8.0” } “iss”: “did:key:z6Mkp5Esz9s2MHsqYvLoccyHwX5SeyZKpq79Gt45fFGEZR99”, “aud”: “did:key:z6MksXQBfL8owztTCJTm7hNRf6b18YxXPp3i66oJHm8L3YGJ”, “nbf”: 1639608293, “exp”: 9256939505, “att”: [ { “with”: “wnfs://demouser.fission.name/public/photos/”, “can”: “OVERWRITE” } ], “prf”: [] Signature 4TNhuHRrPG9aHo869HXlsNK8_FmlShQ5GzG 4itN2NKkyKTbAMoFwTuptG0XFgNIvHulPplVzZYDVDe xo76kAw
Nontrivial Example ucan.xyz — Online Explorer / Validator
Nontrivial Example ucan.xyz — Online Explorer / Validator
Nontrivial Example ucan.xyz — Online Explorer / Validator
Nontrivial Example ucan.xyz — Online Explorer / Validator
Nontrivial Example Auth Should be Boring!
Nontrivial Example Auth Should be Boring!
Resources 📚
Resources Further Reading
Resources Further Reading • https://talk.fission.codes/t/user-controlled-authorization-networks-ucan-resources/1122 • https://github.com/ucan-wg/ • Spec, Improvement Proposals • Libraries in TypeScript, Rust, Golang, Haskell • Capability Myths Demolished (https://srl.cs.jhu.edu/pubs/SRL2003-02.pdf) • ACLs Don’t (http://waterken.sourceforge.net/aclsdont/current.pdf) • https://erights.org • https://theworld.com/~cme/html/spki.html
https://ucan.xyz https://github.com/ucan-wg 🎉 Thank You, CASA Amsterdam 🇳🇱 brooklyn@fission.codes https://fission.codes github.com/expede @expede
for free. You
can too.