UCAN & WNFS ๐ŸŒณ What, Why, and Integration ๐Ÿฆœ

Decentralized Digital Identity DIDs ๐Ÿ›‚

Decentralized Digital Identity DIDs

Decentralized Digital Identity DIDs โ€ข One or more public keys โ€ข Truly โ€œuniversalโ€ user IDs โ€ข Agnostic about backing โ€ข Self-attesting โ€ข Database โ€ข Blockchain โ€ข For users, devices, and more โ€ข Relates to verifiable credentials

Decentralized Digital Identity did:key & UCAN

Decentralized Digital Identity did:key & UCAN โ€ข โ€œJustโ€ a public key (e.g. RSA, EdDSA)

Decentralized Digital Identity did:key & UCAN โ€ข โ€œJustโ€ a public key (e.g. RSA, EdDSA) โ€ข Self-certifying, extremely flexible

Decentralized Digital Identity did:key & UCAN โ€ข โ€œJustโ€ a public key (e.g. RSA, EdDSA) โ€ข Self-certifying, extremely flexible โ€ข Well suited to capabilities/authZ (vs identity/authN)

Decentralized Digital Identity did:key & UCAN โ€ข โ€œJustโ€ a public key (e.g. RSA, EdDSA) โ€ข Self-certifying, extremely flexible โ€ข Well suited to capabilities/authZ (vs identity/authN) โ€ข Made practical with UCANs โ€ข did:key โ†’ authN โ€ข UCAN โ†’ authZ

Decentralized Digital Identity Variety

Decentralized Digital Identity Variety โ€ข Microsoft ION, 3Boxโ€™s Ceramic, Sovrin, did:key, and well over 400 others

Decentralized Digital Identity Variety โ€ข Microsoft ION, 3Boxโ€™s Ceramic, Sovrin, did:key, and well over 400 others โ€ข Can federate, but hasnโ€™t been done yet win the wild โ€ข Fission working towards interop with ION as first step

User Controlled, Local-First, Universal Auth & ID UCAN ๐Ÿ•Š

UCAN Fission Use Case โ†’ Highly Flexible & Secure

UCAN Fission Use Case โ†’ Highly Flexible & Secure โ€ข Work directly in a browser without plugins

UCAN Fission Use Case โ†’ Highly Flexible & Secure โ€ข Work directly in a browser without plugins โ€ข Browser is hostile โ€” compatible with WebCrypto non-exportable keys

UCAN Fission Use Case โ†’ Highly Flexible & Secure โ€ข Work directly in a browser without plugins โ€ข Browser is hostile โ€” compatible with WebCrypto non-exportable keys โ€ข User controlled / user owned

UCAN Fission Use Case โ†’ Highly Flexible & Secure โ€ข Work directly in a browser without plugins โ€ข Browser is hostile โ€” compatible with WebCrypto non-exportable keys โ€ข User controlled / user owned โ€ข Pseudonymous, principle of least authority & least visibility

UCAN Fission Use Case โ†’ Highly Flexible & Secure โ€ข Work directly in a browser without plugins โ€ข Browser is hostile โ€” compatible with WebCrypto non-exportable keys โ€ข User controlled / user owned โ€ข Pseudonymous, principle of least authority & least visibility โ€ข Wonโ€™t always have access to the โ€œrootโ€ device

UCAN Fission Use Case โ†’ Highly Flexible & Secure โ€ข Work directly in a browser without plugins โ€ข Browser is hostile โ€” compatible with WebCrypto non-exportable keys โ€ข User controlled / user owned โ€ข Pseudonymous, principle of least authority & least visibility โ€ข Wonโ€™t always have access to the โ€œrootโ€ device ffl โ€ข Must work o ine

UCAN Fission Use Case โ†’ Highly Flexible & Secure โ€ข Work directly in a browser without plugins โ€ข Browser is hostile โ€” compatible with WebCrypto non-exportable keys โ€ข User controlled / user owned โ€ข Pseudonymous, principle of least authority & least visibility โ€ข Wonโ€™t always have access to the โ€œrootโ€ device โ€ข Must work o ine ffl โ€ข Extensible semantics

UCAN Fission Use Case โ†’ Highly Flexible & Secure โ€ข Work directly in a browser without plugins โ€ข Browser is hostile โ€” compatible with WebCrypto non-exportable keys โ€ข User controlled / user owned โ€ข Pseudonymous, principle of least authority & least visibility โ€ข Wonโ€™t always have access to the โ€œrootโ€ device โ€ข Must work o ine โ€ข Extensible semantics ffl โ€ข Flexible granularity

UCAN Fission Use Case โ†’ Highly Flexible & Secure โ€ข Work directly in a browser without plugins โ€ข Browser is hostile โ€” compatible with WebCrypto non-exportable keys โ€ข User controlled / user owned โ€ข Pseudonymous, principle of least authority & least visibility โ€ข Wonโ€™t always have access to the โ€œrootโ€ device โ€ข Must work o ine โ€ข Extensible semantics โ€ข Flexible granularity ffl โ€ข Revocable

UCAN Object Capability Model (OCAP)

UCAN Object Capability Model (OCAP) โ€ข ACL is โ€œreactive authโ€

UCAN Object Capability Model (OCAP) โ€ข ACL is โ€œreactive authโ€ ๐Ÿ‘ฉ๐ŸŽค

UCAN Object Capability Model (OCAP) โ€ข ACL is โ€œreactive authโ€ ๐Ÿ‘ฉ๐ŸŽค โš™

UCAN Object Capability Model (OCAP) โ€ข ACL is โ€œreactive authโ€ ๐Ÿ‘ฉ๐ŸŽค ๐Ÿ‘ฎ โœ‹ โš™

UCAN Object Capability Model (OCAP) โ€ข ACL is โ€œreactive authโ€ ๐Ÿ“‘ ๐Ÿ‘ฉ๐ŸŽค ๐Ÿ‘ฎ โœ‹ โš™

UCAN Object Capability Model (OCAP) โ€ข ACL is โ€œreactive authโ€ ๐Ÿ“‘ ๐Ÿ‘ฉ๐ŸŽค ๐Ÿ‘ฎ โœ‹ โš™

UCAN Object Capability Model (OCAP) ACL โ€ข ACL is โ€œreactive authโ€ ๐Ÿ“‘ ๐Ÿ‘ฉ๐ŸŽค ๐Ÿ‘ฎ โœ‹ โš™

UCAN Object Capability Model (OCAP) ACL โ€ข ACL is โ€œreactive authโ€ ๐Ÿ“‘ โ€ข OCAP is โ€œproactive authโ€ โ€ข Contains all the info about access โ€ข Any guarding done up front (e.g. time limiting) โ€ข Generally some reference, proof, or key โ€ข Anything directly created (parenthood) โ€ข Delegate subset of access to another (introduction) โ€ข Long history (e.g. X.509, SDSI, SPKI, Macaroons) ๐Ÿ‘ฉ๐ŸŽค ๐Ÿ‘ฎ โœ‹ โš™

UCAN Object Capability Model (OCAP) ACL โ€ข ACL is โ€œreactive authโ€ ๐Ÿ“‘ โ€ข OCAP is โ€œproactive authโ€ โ€ข Contains all the info about access โ€ข Any guarding done up front (e.g. time limiting) โ€ข Generally some reference, proof, or key ๐Ÿ‘ฉ๐ŸŽค โ€ข Anything directly created (parenthood) โ€ข Delegate subset of access to another (introduction) โ€ข Long history (e.g. X.509, SDSI, SPKI, Macaroons) ๐Ÿ‘ฉ๐ŸŽค ๐Ÿ‘ฎ โœ‹ โš™

UCAN Object Capability Model (OCAP) ACL โ€ข ACL is โ€œreactive authโ€ ๐Ÿ“‘ โ€ข OCAP is โ€œproactive authโ€ โ€ข Contains all the info about access โ€ข Any guarding done up front (e.g. time limiting) โ€ข Generally some reference, proof, or key ๐Ÿ‘ฉ๐ŸŽค ๐Ÿ‘ฎ โœ‹ โš™ โ€ข Anything directly created (parenthood) โ€ข Delegate subset of access to another (introduction) โ€ข Long history (e.g. X.509, SDSI, SPKI, Macaroons) ๐Ÿ‘ฉ๐ŸŽค โš™

UCAN Object Capability Model (OCAP) ACL โ€ข ACL is โ€œreactive authโ€ ๐Ÿ“‘ โ€ข OCAP is โ€œproactive authโ€ โ€ข Contains all the info about access โ€ข Any guarding done up front (e.g. time limiting) โ€ข Generally some reference, proof, or key ๐Ÿ‘ฉ๐ŸŽค โœ‹ ๐Ÿ‘ฎ โš™ ๐Ÿ‘ฉ๐ŸŽค ๐ŸŽŸ โš™ โ€ข Anything directly created (parenthood) โ€ข Delegate subset of access to another (introduction) โ€ข Long history (e.g. X.509, SDSI, SPKI, Macaroons)

UCAN Object Capability Model (OCAP) ACL โ€ข ACL is โ€œreactive authโ€ ๐Ÿ“‘ โ€ข OCAP is โ€œproactive authโ€ โ€ข Contains all the info about access โ€ข Any guarding done up front (e.g. time limiting) โ€ข Generally some reference, proof, or key ๐Ÿ‘ฉ๐ŸŽค โ€ข Anything directly created (parenthood) โ€ข Delegate subset of access to another (introduction) โ€ข Long history (e.g. X.509, SDSI, SPKI, Macaroons) ๐Ÿ‘ฎ โœ‹ โš™ OCAP ๐Ÿ‘ฉ๐ŸŽค ๐ŸŽŸ โš™

UCAN Chained Attenuation

UCAN Chained Attenuation ๐Ÿ‘ฉ๐Ÿ’ป

UCAN Chained Attenuation ๐Ÿ‘ฉ๐Ÿ’ป ๐ŸŒˆ ๐Ÿถ ๐Ÿฌ ๐Ÿพ ๐Ÿงธ

UCAN Chained Attenuation ๐Ÿ‘ฉ๐Ÿ’ป ๐ŸŒˆ ๐Ÿถ ๐Ÿฌ ๐Ÿพ ๐Ÿงธ ๐Ÿ‘จ๐Ÿฆณ๐Ÿ–ฅ

UCAN Chained Attenuation ๐Ÿ‘ฉ๐Ÿ’ป ๐Ÿ‘จ๐Ÿฆณ๐Ÿ–ฅ ๐ŸŒˆ ๐Ÿถ ๐Ÿฌ ๐Ÿพ ๐Ÿงธ ๐ŸŒˆ ๐Ÿถ ๐Ÿฌ ๐Ÿพ ๐Ÿงธ

UCAN Chained Attenuation ๐Ÿ‘ฉ๐Ÿ’ป ๐Ÿ‘จ๐Ÿฆณ๐Ÿ–ฅ ๐Ÿ‘จ๐Ÿฆณ๐Ÿ“ฑ ๐ŸŒˆ ๐Ÿถ ๐Ÿฌ ๐Ÿพ ๐Ÿงธ ๐ŸŒˆ ๐Ÿถ ๐Ÿฌ ๐Ÿพ ๐Ÿงธ ๐ŸŒˆ ๐Ÿถ ๐Ÿงธ

UCAN Chained Attenuation ๐Ÿ‘ฉ๐Ÿ’ป ๐Ÿ‘จ๐Ÿฆณ๐Ÿ–ฅ ๐Ÿ‘จ๐Ÿฆณ๐Ÿ“ฑ ๐ŸŒˆ ๐Ÿถ ๐Ÿฌ ๐Ÿพ ๐Ÿงธ ๐ŸŒˆ ๐Ÿถ ๐Ÿฌ ๐Ÿพ ๐Ÿงธ ๐ŸŒˆ ๐Ÿถ ๐Ÿงธ ๐Ÿ‘ฉ๐Ÿš€ ๐Ÿถ

UCAN Chained Attenuation ๐Ÿ‘ฉ๐Ÿ’ป ๐Ÿ‘จ๐Ÿฆณ๐Ÿ–ฅ ๐Ÿ‘จ๐Ÿฆณ๐Ÿ“ฑ ๐ŸŒˆ ๐Ÿถ ๐Ÿฌ ๐Ÿพ ๐Ÿงธ ๐ŸŒˆ ๐Ÿถ ๐Ÿฌ ๐Ÿพ ๐Ÿงธ ๐ŸŒˆ ๐Ÿถ ๐ŸŒˆ ๐Ÿพ ๐Ÿงธ ๐Ÿ‘จ๐ŸŽจ ๐Ÿงธ ๐Ÿ‘ฉ๐Ÿš€ ๐Ÿถ

UCAN Chained Attenuation ๐Ÿ‘ฉ๐Ÿ’ป ๐Ÿ‘จ๐Ÿฆณ๐Ÿ–ฅ ๐Ÿ‘จ๐Ÿฆณ๐Ÿ“ฑ ๐ŸŒˆ ๐Ÿถ ๐Ÿฌ ๐Ÿพ ๐Ÿงธ ๐ŸŒˆ ๐Ÿถ ๐Ÿฌ ๐Ÿพ ๐Ÿงธ ๐ŸŒˆ ๐Ÿถ ๐ŸŒˆ ๐ŸŒˆ ๐Ÿงธ ๐Ÿพ ๐Ÿงธ ๐Ÿ‘จ๐ŸŽจ โ˜โš™ ๐Ÿ‘ฉ๐Ÿš€ ๐Ÿถ

UCAN Chained Attenuation ๐Ÿ‘ฉ๐Ÿ’ป ๐Ÿ‘จ๐Ÿฆณ๐Ÿ–ฅ ๐Ÿ‘จ๐Ÿฆณ๐Ÿ“ฑ ๐ŸŒˆ ๐Ÿถ ๐Ÿฌ ๐Ÿพ ๐Ÿงธ ๐ŸŒˆ ๐Ÿถ ๐Ÿฌ ๐Ÿพ ๐Ÿงธ ๐ŸŒˆ ๐Ÿถ ๐ŸŒˆ ๐ŸŒˆ ๐Ÿ‘ฉ๐Ÿš€ ๐Ÿถ ๐Ÿงธ ๐ŸŒˆ ๐Ÿถ ๐Ÿพ ๐Ÿงธ ๐Ÿ‘จ๐ŸŽจ โ˜โš™ ๐Ÿ’ƒ

UCAN Tradeoffs & Hybridization

UCAN Tradeoffs & Hybridization โ€ข Pure ACL, reactive โ€ข Centrally view who has access to what โ€ข Check on every request, bottleneck โ€ข At-will revocation โ€ข Access rules grow in complexity โ€ข More complex provisioning

UCAN Tradeoffs & Hybridization โ€ข Pure ACL, reactive โ€ข Pure OCAP, proactive โ€ข Centrally view who has access to what โ€ข Works o ine & everywhere โ€ข Check on every request, bottleneck โ€ข User owned or provisioned โ€ข At-will revocation โ€ข No resource contention, infinite scale โ€ข Access rules grow in complexity โ€ข Easy interop (as weโ€™ll see) โ€ข More complex provisioning โ€ข Principle of least authority โ€ข Revocation more di cult ff ffi ffl โ€ข Tracking possible but has tradeo s

UCAN OAuth Sequence

UCAN UCAN Sequence ๐Ÿ•™ ๐Ÿ•™

UCAN Revocation Cascade ๐Ÿ‘ฉ๐Ÿ’ป ๐Ÿ‘จ๐Ÿฆณ๐Ÿ–ฅ ๐Ÿ‘จ๐Ÿฆณ๐Ÿ“ฑ ๐ŸŒˆ ๐Ÿถ ๐Ÿฌ ๐Ÿพ ๐Ÿงธ ๐ŸŒˆ ๐Ÿถ ๐Ÿฌ ๐Ÿพ ๐Ÿงธ ๐ŸŒˆ ๐Ÿถ ๐ŸŒˆ ๐ŸŒˆ ๐Ÿ‘ฉ๐Ÿš€ ๐Ÿถ ๐Ÿงธ ๐ŸŒˆ ๐Ÿถ ๐Ÿพ ๐Ÿงธ ๐Ÿ‘จ๐ŸŽจ โ˜โš™ ๐Ÿ’ƒ

UCAN Revocation Cascade UCAN CID ๐Ÿ‘ฉ๐Ÿ’ป ๐Ÿ‘จ๐Ÿฆณ๐Ÿ–ฅ ๐Ÿ‘จ๐Ÿฆณ๐Ÿ“ฑ ๐ŸŒˆ ๐Ÿถ ๐Ÿฌ ๐Ÿพ ๐Ÿงธ ๐ŸŒˆ ๐Ÿถ ๐Ÿฌ ๐Ÿพ ๐Ÿงธ ๐ŸŒˆ ๐Ÿถ ๐ŸŒˆ ๐ŸŒˆ ๐Ÿ‘ฉ๐Ÿš€ ๐Ÿถ ๐Ÿงธ ๐ŸŒˆ ๐Ÿถ ๐Ÿพ ๐Ÿงธ ๐Ÿ‘จ๐ŸŽจ โ˜โš™ ๐Ÿ’ƒ

UCAN JWT

UCAN Auth Chaining โ€ข OCAP, provable chains, revocable โ€ข Non-exportable 2048-bit RSA (WebCrypto), Ed25519 & BLS everywhere else

UCAN Trustless Interop ๐Ÿ›‚ OIDC Server ๐Ÿค– ๐Ÿ‘ฝ Service A Service B UCAN with ๐Ÿ’ ID / email Describes o er for ๐Ÿค– OIDC Login OIDC Token O er for ๐Ÿค–+๐Ÿ’ Secured with signature ๐Ÿ‘ฝ and HMAC ๐Ÿ’๐Ÿ›‚ ๐Ÿ’โ€™s OIDC token? ๐Ÿ’โ€™s OIDC token! Check ๐Ÿ’ HMAC and ๐Ÿ‘ฝ signature Update ๐Ÿค– subscription for ๐Ÿ’ ff ff 204 Accepted ๐Ÿ’ User

High Level Auth Topologies OCAP FileCoin & Accounts โœ

OCAP FileCoin & Accounts Fully Managed (Similar to Today)

OCAP FileCoin & Accounts Fully Managed (Similar to Today) โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“

OCAP FileCoin & Accounts Fully Managed (Similar to Today) โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ ๐Ÿง˜

OCAP FileCoin & Accounts Fully Managed (Similar to Today) โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ ๐Ÿง˜ ๐Ÿ›ข๐Ÿ›ขDB๐Ÿ›ข๐Ÿ›ข

OCAP FileCoin & Accounts Fully Managed (Similar to Today) โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ ๐Ÿง˜ ๐Ÿ‘ฉ๐Ÿ’ป๐Ÿ”‘ ๐Ÿ›ข๐Ÿ›ขDB๐Ÿ›ข๐Ÿ›ข

OCAP FileCoin & Accounts Fully Managed (Similar to Today) โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ ๐Ÿง˜ ๐Ÿ‘ฉ๐Ÿ’ป๐Ÿ”‘ ๐Ÿ›ข๐Ÿ›ขDB๐Ÿ›ข๐Ÿ›ข ๐Ÿ‘ฉ๐Ÿ’ป๐Ÿ’ป ๐Ÿ’ฐ๐Ÿ’ฐ ๐Ÿ’ฐ ๐Ÿ— ๐Ÿ’พ

OCAP FileCoin & Accounts Fully Managed (Similar to Today) โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ€ n io s i v o Pr ๐Ÿ‘ฉ๐Ÿ’ป๐Ÿ”‘ ๐Ÿ›ข๐Ÿ›ขDB๐Ÿ›ข๐Ÿ›ข ๐Ÿ’พ ๐Ÿ’ฐ1 ๐Ÿ’ฐ AN โ€œ ๐Ÿง˜ ๐Ÿ‘ฉ๐Ÿ’ป๐Ÿ’ป ๐Ÿ’ฐ UC ๐Ÿ’ฐ๐Ÿ’ฐ ๐Ÿ’ฐ ๐Ÿ— ๐Ÿ’พ

OCAP FileCoin & Accounts Fully Managed (Similar to Today) โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ€ n io s i v o Pr ๐Ÿ‘ฉ๐Ÿ’ป๐Ÿ”‘ ๐Ÿ›ข๐Ÿ›ขDB๐Ÿ›ข๐Ÿ›ข ๐Ÿ’พ ๐Ÿ’ฐ1 ๐Ÿ’ฐ AN โ€œ ๐Ÿง˜ ๐Ÿ‘ฉ๐Ÿ’ป๐Ÿ’ป ๐Ÿ’ฐ UC ๐Ÿ’ฐ๐Ÿ’ฐ ๐Ÿ’ฐ ๐Ÿ— ๐Ÿ’พ ๐Ÿ’ฐ๐Ÿ’พ UCAN 2 ๐Ÿ‘ฉ๐Ÿ’ป๐Ÿ“ฑ ๐Ÿ’ฐ ๐Ÿ’พ

OCAP FileCoin & Accounts Fully Managed (Similar to Today) โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ€ n io s i v o Pr ๐Ÿ’พ ๐Ÿ’ฐ1 ๐Ÿ’ฐ AN โ€œ ๐Ÿง˜ ๐Ÿ‘ฉ๐Ÿ’ป๐Ÿ’ป ๐Ÿ’ฐ UC ๐Ÿ’ฐ๐Ÿ’พ ๐Ÿ‘ฉ๐Ÿ’ป๐Ÿ”‘ ๐Ÿ›ข๐Ÿ›ขDB๐Ÿ›ข๐Ÿ›ข ๐Ÿ’ฐ๐Ÿ’ฐ ๐Ÿ’ฐ ๐Ÿ— ๐Ÿ’พ UCAN 2 ๐Ÿ’ฐ ๐Ÿ’พ UC AN 3 TX ๐Ÿงพ ๐Ÿ‘ฉ๐Ÿ’ป๐Ÿ“ฑ ๐Ÿ’ฐ ๐Ÿ’พ

OCAP FileCoin & Accounts Fully Managed (Similar to Today) โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ€ n io s i v o Pr TX ๐Ÿงพ ๐Ÿ’พ ๐Ÿ’ฐ1 ๐Ÿ’ฐ AN โ€œ ๐Ÿง˜ ๐Ÿ‘ฉ๐Ÿ’ป๐Ÿ’ป ๐Ÿ’ฐ UC ๐Ÿ’ฐ๐Ÿ’พ ๐Ÿ‘ฉ๐Ÿ’ป๐Ÿ”‘ ๐Ÿ›ข๐Ÿ›ขDB๐Ÿ›ข๐Ÿ›ข ๐Ÿ’ฐ๐Ÿ’ฐ ๐Ÿ’ฐ ๐Ÿ— ๐Ÿ’พ UCAN 2 ๐Ÿ’ฐ ๐Ÿ’พ UC AN 3 TX ๐Ÿงพ ๐Ÿ‘ฉ๐Ÿ’ป๐Ÿ“ฑ ๐Ÿ’ฐ ๐Ÿ’พ

OCAP FileCoin & Accounts BLS Cosigner (Self Sovereign) โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ Registration ๐Ÿง˜ 2/3 PK for ๐Ÿ”? ๐Ÿ—1+๐Ÿ—2 = ๐Ÿ”‘ PK(๐Ÿ—2,) ๐Ÿ‘ฉ๐Ÿ’ป๐Ÿ—2 {PK(๐Ÿ”‘ID), PK(๐Ÿ—1) } ๐Ÿ— ( K UCAN 1 ๐Ÿง˜ TX ๐Ÿงพ ๐Ÿ‘ฉ๐Ÿ’ป๐Ÿ—3 (๐Ÿ”A, ๐Ÿ—1) ๐Ÿ’ฐ๐Ÿ’พ 3) P ๐Ÿ—1+๐Ÿ—3 = ๐Ÿ”‘ ๐Ÿ‘ฉ๐Ÿ’ป๐Ÿ’ป ๐Ÿ‘ฉ๐Ÿ’ป๐Ÿ“ฑ UCAN 2 TX ๐Ÿ’ฐ๐Ÿ’พ ๐Ÿ— ๐Ÿงพ1 ๐Ÿ’ฐ (๐Ÿ”B, ๐Ÿ—1) ๐Ÿ’พ

OCAP FileCoin & Accounts Delegate-Aware Blockchain ๐Ÿ’ฐ ๐Ÿ’ฐ๐Ÿ’ฐ ๐Ÿ”‘ ๐Ÿ’พ ๐Ÿ’พ๐Ÿ’พ โœจโœจโœจ โœจโœจโœจ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ โ›“ ๐Ÿ‘ฉ๐Ÿ’ป๐Ÿ’ป ๐Ÿ’ฐ๐Ÿ’พ UCAN 1 UCAN 2 TX ๐Ÿ’ฐ๐Ÿ’พ ๐Ÿ— ๐Ÿงพ UCAN 2 ๐Ÿคน โ€œDumbโ€ Relay TX ๐Ÿ’ฐ๐Ÿ’พ ๐Ÿ— ๐Ÿงพ ๐Ÿ‘ฉ๐Ÿ’ป๐Ÿ“ฑ ๐Ÿ’ฐ ๐Ÿ— ๐Ÿ’พ

OCAP FileCoin & Accounts Bonus: Payment Channel Interop

OCAP FileCoin & Accounts Bonus: Payment Channel Interop โœจ๐Ÿง‘๐ŸŽจ๐Ÿ’ป๐Ÿ”‘ ๐Ÿง‘๐ŸŽจ๐Ÿ“ฑ๐Ÿ— ๐Ÿ‘ฉ๐Ÿ”ง๐Ÿ–ฅ

OCAP FileCoin & Accounts Bonus: Payment Channel Interop โœจ๐Ÿง‘๐ŸŽจ๐Ÿ’ป๐Ÿ”‘ ๐Ÿง‘๐ŸŽจ๐Ÿ“ฑ๐Ÿ— UCAN{ max: 200๐Ÿ’ฐ, from: ๐Ÿ”‘, to: ๐Ÿ—, sig: โœ } ๐Ÿ‘ฉ๐Ÿ”ง๐Ÿ–ฅ

OCAP FileCoin & Accounts Bonus: Payment Channel Interop โœจ๐Ÿง‘๐ŸŽจ๐Ÿ’ป๐Ÿ”‘ ๐Ÿง‘๐ŸŽจ๐Ÿ“ฑ๐Ÿ— UCAN{ max: 200๐Ÿ’ฐ, from: ๐Ÿ”‘, to: ๐Ÿ—, sig: โœ } sendTx(๐Ÿ‘ฉ๐Ÿ”ง, 100๐Ÿ’ฐ, UCAN{ max: 200๐Ÿ’ฐ, from: ๐Ÿ”‘, to: ๐Ÿ— sig: โœ }) 100๐Ÿ’ฐ ๐Ÿ‘ฉ๐Ÿ”ง๐Ÿ–ฅ

OCAP FileCoin & Accounts Bonus: Payment Channel Interop โœจ๐Ÿง‘๐ŸŽจ๐Ÿ’ป๐Ÿ”‘ ๐Ÿง‘๐ŸŽจ๐Ÿ“ฑ๐Ÿ— UCAN{ max: 200๐Ÿ’ฐ, from: ๐Ÿ”‘, to: ๐Ÿ—, sig: โœ } sendTx(๐Ÿ‘ฉ๐Ÿ”ง, 100๐Ÿ’ฐ, UCAN{ max: 200๐Ÿ’ฐ, from: ๐Ÿ”‘, to: ๐Ÿ— sig: โœ }) 100๐Ÿ’ฐ Countersigned Tx! Countersigned Tx! ๐Ÿ‘ฉ๐Ÿ”ง๐Ÿ–ฅ

User Controlled, Serverless, Universal Auth & ID Read vs Write ๐Ÿ‘“๐Ÿ–‹

Securing Data Access WNFS Layout

Securing Data Access WNFS Layout alice.fission.name

Securing Data Access WNFS Layout Public Photos Avatars Apps alice.fission.name

Securing Data Access WNFS Layout alice.fission.name Public Photos Avatars Private Apps Photos Apps Family Photos My Gallery

Securing Data Access WNFS Layout alice.fission.name Public Photos Avatars Private Apps Shared By Me Photos Apps Family Photos My Gallery Keys and Keys Keysand and Pointers Pointers Pointers

Securing Data Access WNFS Layout alice.fission.name Public Photos Avatars Private Apps Shared By Me Photos Apps Family Photos My Gallery Keys and Keys Keysand and Pointers Pointers Pointers Shared w/ Me Keys and Pointers

Securing Data Access Virtual Nodes

Securing Data Access Virtual Nodes Raw Node

Securing Data Access Virtual Nodes Raw Node File Node Raw Data Metadata

Securing Data Access Virtual Nodes Raw Node File Node Raw Data Metadata Directory Node Index Metadata

Securing Data Access Virtual Nodes File Node Raw Node โ€ข Virtual Node Raw Data โ€ข Consistent interface โ€ข Arbitrary metadata โ€ข Tags, creators, MIME, sources, &c Metadata Directory Node Index Metadata

Securing Data Access Hard & Soft Links

Securing Data Access Hard & Soft Links โ€ข Hard links โ€ข New for the web! โ€ข Direct reference โ€ข 2 pointers ~ duplicate

Securing Data Access Hard & Soft Links โ€ข Hard links โ€ข New for the web! โ€ข Direct reference โ€ข 2 pointers ~ duplicate โ€ข Soft links โ€ข Like a symlink or web link โ€ข 2 pointers ~ latest โ€ข May break โ€ข Always some version available

Securing Data Access Hard & Soft Links โ€ข Hard links โ€ข New for the web! โ€ข Direct reference โ€ข 2 pointers ~ duplicate โ€ข Soft links โ€ข Like a symlink or web link โ€ข 2 pointers ~ latest โ€ข May break โ€ข Always some version available

Securing Data Access Hard & Soft Links โ€ข Hard links โ€ข New for the web! โ€ข Direct reference โ€ข 2 pointers ~ duplicate โ€ข Soft links โ€ข Like a symlink or web link โ€ข 2 pointers ~ latest โ€ข May break โ€ข Always some version available

Securing Data Access Hard & Soft Links โ€ข Hard links โ€ข New for the web! โ€ข Direct reference โ€ข 2 pointers ~ duplicate โ€ข Soft links โ€ข Like a symlink or web link โ€ข 2 pointers ~ latest โ€ข May break โ€ข Always some version available

Securing Data Access Hard & Soft Links โ€ข Hard links โ€ข New for the web! โ€ข Direct reference โ€ข 2 pointers ~ duplicate โ€ข Soft links โ€ข Like a symlink or web link โ€ข 2 pointers ~ latest โ€ข May break โ€ข Always some version available

Securing Data Access Persistent Versioning

Securing Data Access Persistent Versioning Photos@r0 Vacation Avatars@r0 beach.png caricature.jpg Revision 0

Securing Data Access Persistent Versioning Photos@r0 Vacation Avatars@r0 beach.png caricature.jpg Revision 0 ๐Ÿ•™

Securing Data Access Persistent Versioning Photos@r0 Photos@r1 Vacation Avatars@r0 Avatars@r1 beach.png caricature.jpg headshot.png Revision 0 Revision 1 ๐Ÿ•™

Securing Data Access Persistent Versioning Photos@r0 ChildHasEvent Vacation Avatars@r0 beach.png caricature.jpg Photos@r1 InsertNew Revision 0 headshot.png Revision 1 ๐Ÿ•™ Avatars@r1

Securing Data Access Persistent Versioning Photos@r0 ChildHasEvent Vacation Avatars@r0 beach.png caricature.jpg Photos@r1 InsertNew Revision 0 headshot.png Revision 1 ๐Ÿ•™ Avatars@r1

Securing Data Access Persistent Versioning Photos@r0 Generation 0 ChildHasEvent Vacation Avatars@r0 beach.png caricature.jpg Photos@r1 InsertNew Revision 0 headshot.png Revision 1 ๐Ÿ•™ Avatars@r1

Securing Data Access Persistent Versioning Generation 0 Generation 1 Photos@r0 ChildHasEvent Vacation Avatars@r0 beach.png caricature.jpg Photos@r1 InsertNew Revision 0 headshot.png Revision 1 ๐Ÿ•™ Avatars@r1

Securing Data Access Rearranged Photos@r1 Photos@r0 Vacation Avatars@r0 beach.png caricature.jpg Avatars@r1 headshot.png

Securing Data Access Private Nodes ๐Ÿ™ˆ CBOR Binary Encrypted Node ๐Ÿ”’ AES256 + ๐Ÿ”‘ Virtual Node = Index ๐Ÿ”‘ ๐Ÿ”‘ Metadata ๐Ÿ”‘

Securing Data Access Cryptree ๐ŸŽ„ Virtual Node Virtual Node ๐Ÿ”‘ Index ๐Ÿ”‘ ๐Ÿ”‘ Metadata ๐Ÿ”‘ ๐Ÿ”‘ ๐Ÿ”‘ Index Metadata

Cryptree ๐ŸŽ„ Virtual Node Virtual Node ๐Ÿ”‘ Index ๐Ÿ”‘ ๐Ÿ”‘ Metadata ๐Ÿ”‘ ๐Ÿ”‘ name: โ€œbeach.jpgโ€ revision: 42 key: โ€œB374A26A71490437Aโ€ฆโ€ ๐Ÿ”‘

, } , { Securing Data Access Index Metadata

๐Ÿ”‘ Cryptree ๐ŸŽ„ Virtual Node Virtual Node ๐Ÿ”‘ Index ๐Ÿ”‘ ๐Ÿ”‘ Metadata ๐Ÿ”‘ ๐Ÿ”‘ name: โ€œbeach.jpgโ€ revision: 42 key: โ€œB374A26A71490437Aโ€ฆโ€ ๐Ÿ”‘

, } , { Securing Data Access Index Metadata

๐Ÿ”‘ Cryptree ๐ŸŽ„ Virtual Node Virtual Node ๐Ÿ”‘ Index ๐Ÿ”‘ ๐Ÿ”‘ Metadata ๐Ÿ”‘ ๐Ÿ”‘ name: โ€œbeach.jpgโ€ revision: 42 key: โ€œB374A26A71490437Aโ€ฆโ€ ๐Ÿ”‘

, } , { Securing Data Access Index Metadata

Securing Data Access Subtree Read Access

Securing Data Access Future Light Cone Restriction

Securing Data Access Future Light Cone Restriction โ€ข Ratchet keys for backwards secrecy โ€ข Spiral ratchet for quick fast forwards

Securing Data Access Future Light Cone Restriction โ€ข Ratchet keys for backwards secrecy โ€ข Spiral ratchet for quick fast forwards

Securing Data Access Future Light Cone Restriction โ€ข Ratchet keys for backwards secrecy โ€ข Spiral ratchet for quick fast forwards

Securing Data Access Encrypted Tree is Surprisingly Efficient

Securing Data Access Encrypted Tree is Surprisingly Efficient HAMT (weight 16)

Securing Data Access Encrypted Tree is Surprisingly Efficient HAMT 163 = 4,096 items (weight 16) 164 = 65,536 items

Securing Data Access Encrypted Tree is Surprisingly Efficient HAMT 163 = 4,096 items (weight 16) 164 = 65,536 items Append-only Quick Read/Write Merkleized Concurrency Friendly

Securing Data Access Encrypted Tree is Surprisingly Efficient HAMT 163 = 4,096 items (weight 16) 164 = 65,536 items Append-only Quick Read/Write Merkleized Concurrency Friendly ๐Ÿ”‘

Securing Data Access Namefilters & Hidden Paths

Securing Data Access Namefilters & Hidden Paths โ€ข Bare Filter โ€ข parentFilte โ€ข AND bloom(SHA(aesKey) โ€ข AND bloom(SHA(aesKey ++ revisionRatchet) โ€ข Saturation โ€ข nameFilter AND bloom(SHA(nameFilter) ) ) ) r โ€ข Repeat until threshold bits flipped

Securing Data Access Access-Mediated Collaborative Rooting

Securing Data Access Access-Mediated Collaborative Rooting Rev 0

Securing Data Access Access-Mediated Collaborative Rooting Rev 0

Securing Data Access Access-Mediated Collaborative Rooting Rev 0 Rev 1 (Partial)

Securing Data Access Access-Mediated Collaborative Rooting Rooting progress Rev 0 Rev 1 (Partial)

Securing Data Access Access-Mediated Collaborative Rooting Rooting progress Rev 0 Rev 1 (Partial)

Securing Data Access Access-Mediated Collaborative Rooting Rooting progress No common root at this layer! Attached via HAMT Rev 0 Rev 1 (Partial)

Securing Data Access Progressive Fast Forward Rev 0 Rev 1 (Partial)

Securing Data Access Progressive Fast Forward Rev 0 Rev 1 (Partial) Rev 2 (Partial)

Securing Data Access Progressive Fast Forward Rev 3 (Complete) Rev 0 Rev 1 (Partial) Rev 2 (Partial)

Securing Data Access Progressive Fast Forward Rev 3 (Complete) Rev 0 Rev 1 (Partial) Rev 2 (Partial)

Securing Data Access Progressive Fast Forward Rev 3 (Complete) Rev 0 Rev 1 (Partial) Rev 2 (Partial)

Securing Data Access Merkle CRDT Single File Version Shadow

Securing Data Access Merkle CRDT โ€ข Original paper from PL โ€ข Persistent data structure by default โ€ข Confluent with automated reconciliation โ€ข Innate causal clock via Merkle DAG โ€ข Coarse grained (path-level) Single File Version Shadow

Securing Data Access Async Granting Read & Write

Securing Data Access Async Granting Read & Write Shared by Me

Securing Data Access Async Granting Read & Write Shared by Me did:key:zStEksDrxkwYmpzqB did:key:zStEksDrxkwYmpzqB did:key:zStEksDrxkwYmpzqB dAQjjx1PRbHG3fq4ChGeJcYU dAQjjx1PRbHG3fq4ChGeJcYU dAQjjx1PRbHG3fq4ChGeJcYU YU44a4CBUExTTjeCbop6Uur YU44a4CBUExTTjeCbop6Uur YU44a4CBUExTTjeCbop6Uur

Securing Data Access Async Granting Read & Write Shared by Me did:key:zStEksDrxkwYmpzqB did:key:zStEksDrxkwYmpzqB did:key:zStEksDrxkwYmpzqB dAQjjx1PRbHG3fq4ChGeJcYU dAQjjx1PRbHG3fq4ChGeJcYU dAQjjx1PRbHG3fq4ChGeJcYU YU44a4CBUExTTjeCbop6Uur YU44a4CBUExTTjeCbop6Uur YU44a4CBUExTTjeCbop6Uur Human Readable Name ๐Ÿ”‘ Symlink

Securing Data Access Async Granting Read & Write Shared by Me did:key:zStEksDrxkwYmpzqB did:key:zStEksDrxkwYmpzqB did:key:zStEksDrxkwYmpzqB dAQjjx1PRbHG3fq4ChGeJcYU dAQjjx1PRbHG3fq4ChGeJcYU dAQjjx1PRbHG3fq4ChGeJcYU YU44a4CBUExTTjeCbop6Uur YU44a4CBUExTTjeCbop6Uur YU44a4CBUExTTjeCbop6Uur Human Readable Name ๐Ÿ”‘ Symlink

Securing Data Access Async Granting Read & Write Shared by Me did:key:zStEksDrxkwYmpzqB did:key:zStEksDrxkwYmpzqB did:key:zStEksDrxkwYmpzqB dAQjjx1PRbHG3fq4ChGeJcYU dAQjjx1PRbHG3fq4ChGeJcYU dAQjjx1PRbHG3fq4ChGeJcYU YU44a4CBUExTTjeCbop6Uur YU44a4CBUExTTjeCbop6Uur YU44a4CBUExTTjeCbop6Uur Human Readable Name ๐Ÿ”‘ Symlink

Securing Data Access Async Granting Read & Write Shared with Me Shared by Me did:key:zStEksDrxkwYmpzqB did:key:zStEksDrxkwYmpzqB did:key:zStEksDrxkwYmpzqB dAQjjx1PRbHG3fq4ChGeJcYU dAQjjx1PRbHG3fq4ChGeJcYU dAQjjx1PRbHG3fq4ChGeJcYU YU44a4CBUExTTjeCbop6Uur YU44a4CBUExTTjeCbop6Uur YU44a4CBUExTTjeCbop6Uur Human Readable Name ๐Ÿ”‘ Symlink