[e-lang] Voluntary Oblivous Compliance in Walnut
marcs
marcs at skyhunter.com
Sun Aug 29 12:31:12 EDT 2004
The Secure Distributed Computing chapter in E in a Walnut has been augmented
with a collection of new patterns to support Voluntary Oblivious Compliance,
or VOC. VOC is a real-world problem that occurs when you have one person
trying to follow policies set by another person in interacting with yet a
third person.
The canonical example is the corporate confidential document. Alice wants to
send Bob a document. But Alice also wants to follow the corporate policy set
by Carol: she only wants to send Bob the document if Carol allows it. And
Carol has the habit of changing her mind from time to time about what is
allowable (last week, the Carol&Alice Corp was engaged in a patent war with
Bob&Ted Limited, but this week they are collaborating against NanoSoft). In
this situation, Alice wants to follow Carol's policy, so it is voluntary,
but she must be able to follow that policy without working hard at it all
the time--so the compliance must be oblivious.
The idea for VOC came from a series of in-depth discussions in which Alan
Karp did his best to make markm, marcs, and ping understand E-Speak. E-Speak
itself had a number of breakthrough properties. Ping made the second
breakthrough when he extracted from the presentation a name for a particular
special property that E-Speak had: support for VOC. Once we had crystallized
the E-Speak insight into a word we could contemplate, markm developed the
Loan Officer Protocol to support some of the E-Speak abilities in a pure
object-capability system. I have now attempted to document, and elaborate a
little bit, this material in Walnut.
You can find the new material at
http://www.skyhunter.com/marcs/ewalnut.html#proofOfPurchase
The section includes several new patterns, starting with Proof of Purchase
(an old pattern, now documented), going through Basic Claim Check, and
Nontransferable Claim Check. The climax of this sequence is the Oblivious
Claim Check that implements Loan Officer Protocol.
As always, criticism is welcome. I am particularly curious about reactions
to the Nontransferable Claim Check, which is an answer I cooked up to
address a problem in the Loan Officer Protocol. This problem--the fact that
the claim check itself is a considerable authority-- nagged at me for ten
hours while I was driving from California to Arizona. When trapped in a car
for ten hours with no company but a nagging problem, you come up with
interesting ideas--not necessarily good ideas, but usually interesting ones
:-)
--marcs
More information about the e-lang
mailing list