[cap-talk] a capability-based OS for the web

Seth Purcell seth.purcell at sitelier.com
Tue Jul 5 16:55:23 PDT 2011


Hello everyone,

 

I'd like to announce a forthcoming (free) capability-based operating system:
Sitelier (pronounced like hotelier).

 

Sitelier is a distributed, capability-based operating system for the web
that uses OpenPGP to link users with their apps and each other. The idea is
to finally give people actual control over their online lives.

 

Basically, it manages a secure private website on which users can "install"
web apps, which can then save their data on the user's site, rather than on
the web app's servers. It also provides a globally unique (and portable)
identity for each user in the form of PGP keys, and in the near future will
let users easily "friend" each other for securely communicating or sharing.
It doesn't run on the hardware directly; it's a user mode server written
entirely in JavaScript (Node.js). It's free and open source so you can host
your site wherever you like.

 

In our view, the web right now is backwards: users have accounts on dozens
of websites, all with their own logins and passwords, and our content and
personal information is scattered all over the web, out of our control.
Sitelier turns the situation around: when you install an app, you're
effectively creating an account on *your* site for the app, which can then
save its data (your data) there, so all your online information can live in
one secure location that you control. It's a simple idea with huge
implications. For a start, launching an online banking app by clicking an
icon as opposed to logging into a website eliminates the opportunity for
phishing your banking password - there is no banking password. And vendors
like Amazon would no longer need to keep your billing info on their servers,
since the Amazon app can just get it from your site (assuming you've given
them a read-billing-info cap). Once your order ships, they can drop the cap
(or you can), and then even if they're breached, your billing information
isn't compromised, because they don't have it. I'm barely touching on the
potential of the platform, but I think you get the idea.

 


Given what Sitelier is trying to do, we're necessarily obsessed with
security. We've tried to avoid making obvious mistakes, and we've tried to
implement good ideas wherever possible: besides caps, you'll see petnames
and petgraphics (for apps and contacts), decentralized trust (obviously),
and TLS-PSK is coming (for app-kernel and kernel-kernel connections). But
we're not security experts; we're just two good friends tackling an enormous
engineering problem together. We could really use some help from people who
actually know what they're doing in this area.

 

So does this sound interesting to anyone? We're doing a preview release
today and will soon have a tarball of the kernel up on the website, along
with installation instructions (you'll need a world-routable machine if you
want to try it). We're also hosting a couple apps that anyone can install: a
basic shell and a notepad app. The kernel source is online at
https://launchpad.net/sitelier-kernel, and you can browse it there or branch
it with bazaar. You can read more about the project at www.sitelier.com;
there's a lot of info about how it works under /docs.

 

Seth and Chris

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20110705/4d4248ae/attachment.html 


More information about the cap-talk mailing list