Seeking designs for a capabilities-based multi-user system

Steven J. Owens puff@netcom.com
Wed, 19 Jul 2000 15:22:34 -0700 (PDT) 

Hi,

     I just joined the e-lang list, so I thought I'd say hello.
Mostly I suspect I'll be fairly quiet - crypto is more of a spectator
sport to me, I can't keep up with the math.  I'm really more of a
lightweight in the programming department - what fascinates me is how
people interact with and are affected by software - how it changes
their interaction specifically, and how it changes groups or societies
generally.

     I find e-lang and capabilities interesting, particularly in the
potential for creating tools to enable people to evolve their own
social systems (I found the power-point slides on "Contracting-out
Contract Law" particularly interesting; I especially liked the
subtitle, "Importing Trust Into Low-Trust Societies Electronically").

     I think, after reading some of the language tutorials and short
articles at www.erights.org, that I understand the basic concept of
capabilities.  If I can loosely summarize for the pop-science
audience, a capability is sort of like a combination of:

     a promise of some programmatic service or information 
     a digital signature that identifies and verifies it
     a URL (effectively) pointing to the object that can provide the service

     I can see all sorts of nifty potentials for capabilities-based
systems.  Having them available as part of the operating system or
programing environment changes the ground rules in thinking about
these things.  But one thing I'm still shallow on is how you'd use
them in practice, how you'd design the implementation of a system
using capabilities.

     One reason I subscribed was a paragraph from the "E Language
Design Goals" page (http://www.erights.org/e/e-goals.html):

     "User Creation / Extension of World-Object Behaviors. This could
range from simply adding new World-Object verbs defined in terms of
existing ones, to piecemeal programming interactions like Hypercard's
ability to "dive into" a button and edit its script. MOO experiences
show this to be a compelling source of richness of the world."

     It's this last sentence in particular that I'm interested in.
I'm fascinated by potentials of user-programmable multi-user systems
like MOO, particularly when the limits are really pushed.  One thing
that fascinated me about LambdaMOO back in 1992-94 was the sense of a
really interesting and somewhat unexpected things being developed,
particularly in the area of blurring of the line between the client
and the server.  For example, the MOO specialization of the emacs
mud.el client provided fairly seamless object editing by hiding
specially tagged output from the user's buffer and sending it to a
separate buffer for editing.

     Unfortunately, in some or many ways, the MOO server and basic
approach doesn't seem suited to really innovative exploration.  Some
of it could be addressed by some major overhauls of various aspects of
the system (like going to an event-based architecture instead of a
single stream of unstructured text for each user) and others could be
addressed by tacking stuff on top of it (like building some sort of
tag language to work with a graphical client, or throwing the whole
thing behind SSH).  But I have a suspicion that most of these
approaches would still be fairly constrained by the limitations of
what they're originally designed to do, and wouldn't allow as much for
that unexpected innovation.

     I've been thinking about alternatives.  There's a lot of nifty
projects out there that overlap the problem space to some degree in
one respect or another.  Momoko and SLIRC are two interesting ones,
not to mention really cutting edge stuff like Freenet or the Freedom
Net.  But the big thing that most of them seem to leave unaddressed is
the multi-user programmable community aspect.  Designing and
implementing a system that tries to allow many people to not only
coexist on and use the server, but also to dynamically upload new code
and run it, seems to be a hard task, even in java-based systems where
there are some built-in mechanisms for security management.

     Has anybody coded, designed or done any brainstorming on how
you'd do something like this?  I'd really be interested in reading it.

Steven J. Owens
puff@netcom.com