[cap-talk] Comments on a paper
Nick Szabo
szabo at szabo.best.vwh.net
Sat Jul 2 23:05:54 EDT 2005
Alan describes an important problem. Capabilities don't help solve it, and
trying to keep track of "who is responsible" is an invitation to exploding
complexity and dependence on trusted third parties (i.e. security holes).
Instead, the answer is scarce objects:
http://szabo.best.vwh.net/scarce.html
Scarce objects are objects that like physical objects are finite and
excludable, and force the client to either conserve or consume (use
up) their own rights to use the object.
One good tool for implementing scarce objects is:
http://szabo.best.vwh.net/bearer_contracts.html
The attribute of these "bearer certificates" that is crucial for
scarce objects: they are use-once or use-N-times tokens.
Alan's problem illustrates why it is the scarce object model, rather than
the capabilities model, that is crucial for implementing the Agorics vision.
More generally for online commerce, scarce objects are crucial for
creating an online world that responds properly to the intuitions we
traditionally bring to contracts, property, and economics.
At the far opposite on the intuitive and mental transaction cost spectrum is
the proposal Alan mentions -- a bizarrely complex system of recording
and (it is more presumed than satisfactorily explained) analyzing
and making decisions based on the delegation chain.
-- Nick Szabo
Alan Karp wrote:
> First of all, if there's no delegation, the issuing party is to blame.
> For example, if Alice has 100 GB of disk space and grants Bob and Carol
> a claim on all of it for a week, Alice has only herself to blame if she
> has to reject one of the claims.
>
> Let's say that Alice grants Bob a claim on 50 GB and Carol the same. If
> Bob now grants David and Edward claims on 50 GB, and Carol, David, and
> Edward all submit their claims, Alice can figure out that Bob is
> responsible for the over subscription by keeping track of the capability
> (SwissNumber) she gave to each party.
>
> In order to illustrate what I don't know how to do, we need to add
> another level of delegation. Say that Alice has 100 GB of disk space.
> She grants Bob the right to claim 50 GB for one week and Carol the same.
> Bob grants David the right to claim 25 GB for that week and Edward the
> same. So far, so good. Now, Edward grants Fred and George each the
> right to claim 25 GB. Carol submits her claim and gets a lease on the
> space; David and Fred do the same. When George submits his claim, Alice
> must reject it, but she wants to know if Bob or Carol is responsible for
> the oversubscription, and Bob wants to know if it's Fred or George.
> SwissNumber tracking can answer Alice's question, but how does Bob know
> whether to blame David or Edward?
More information about the cap-talk
mailing list