[tahoe-dev] Giving away the farm (was Re: Google Summer of Code 2010 -- Ideas Needed!)

Michael Walsh michael at michael.ie
Sun Mar 14 05:47:08 PDT 2010 

If only we could have a model that users are already familiar with -
with always using urls of least capability everywhere, but
transforming actions to write caps with a traditional username and
password model/cookie

On Sunday, March 14, 2010, Zooko O'Whielacronx <zookog at gmail.com> wrote:
> Argh, when throwing out a quick note just before going to bed it is
> all too easy to contribute more confusion than clarity.
>
> I wrote:
>
> On Sat, Mar 13, 2010 at 9:32 PM, Zooko O'Whielacronx <zookog at gmail.com> wrote:
>>
>> No! This is a widespread myth. The problem is fundamental to a *sharing* system. A capability system that makes sharing very hard would not have this problem, and a non-capability system that makes sharing very easy would have this problem.
>
> You may now be wondering if it is possible to have a capability system
> that makes sharing very hard. (Or if it is possible to have a
> non-capability system that makes sharing very easy.) I think wondering
> too much about that leads to a semantic rathole—when is a capability
> system not a capability system? (c.f. allmydata.com's user interface)
>
> What I should have said is just this:
>
> No! This is a widespread myth. The problem is fundamental to a
> *sharing* system. The system Toby was using offers a very convenient
> gesture to share write access, which is identical (except for context)
> with the very convenient gesture to share read access. By the way I
> have made this exact same mistake three times now (with my blog). We
> can make it easier to avoid this mistake by making it less convenient
> to share write access, or by making write-access-sharing and
> read-access-sharing gestures different, or by making the
> write-access-sharing-contexts and read-access-sharing-contexts more
> recognizably different. The first two times that I made this mistake
> on my blog I then added one of these improvements to my blog software.
> You can see the current results here:
>
> http://testgrid.allmydata.org:3567/uri/URI%3ADIR2%3Alq5unk3sdmwqckzey573b35paa%3Azshb54dvy4jmpdxjlptn6ttm4m7awi7xf7hqtwmvjriy6ryeb7ya/wiki.html
>
> (Explore that UI and see how write-access-context and
> read-access-context differ.)
>
> My point is that we have this problem not because we used the
> capability access control model, but because we made sharing maximally
> easy in the first version of the user interface, and now we need to
> figure out how to make sharing less easy, or more context dependent,
> or something.
>
> I do hope that with the new crop of Tahoe-LAFS front-ends, such as
> Toby's, we will explore the UX design space and find good
> improvements!
>
> Regards,
>
> Zooko
> _______________________________________________
> tahoe-dev mailing list
> tahoe-dev at allmydata.org
> http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
>

More information about the tahoe-dev mailing list