Email is the killer app of the Internet. Amidst many sharing and collaboration applications and services, most of us frequently fall back to email. Marc Stiegler suggests that email often \u201cjust works better\u201d. Why is this?<\/p>\n
Digital communication is fast across distances and allows access to incredible volumes of information, yet digital access controls typically force us into a false dichotomy of control vs sharing.<\/p>\n
Looking at physical models of sharing and access control, we can see that we already have well-established models where we can give up control temporarily, yet not completely.<\/p>\n
Alan Karp illustrated this nicely at last week’s Internet Identity Workshop (IIW<\/a>) in a quick anecdote:<\/p>\n \n Marc gave me the key to his car so I could park in in my garage. I couldn\u2019t do it, so I gave the key to my kid, and asked my neighbor to do it for me. She stopped by my house, got the key and used it to park Marc’s car in my garage.\n<\/p><\/blockquote>\n The car key scenario is clear. In addition to possession of they key, there’s even another layer of control — if my kid doesn’t have a driver’s license, then he can’t drive the car, even if he holds the key.<\/p>\n When we translate this story to our modern digital realm, it sounds crazy:<\/p>\n \n Marc gave me his password so I could copy a file from his computer to mine. I couldn\u2019t do it, so I gave Marc’s password to my kid, and asked my neighbor to do it for me. She stopped by my house so my kid could tell her my password, and then she used it to copy the file from Marc’s computer to mine.\n<\/p><\/blockquote>\n After the conference, I read Marc Stiegler’s 2009 paper Rich Sharing for the Web<\/a> details key features of sharing that we have in the real world that are illustrated in the anecdote that Alan so effectively rattled off.<\/p>\n These 6 features (enumerated below) enable people to create networks of access rights that implement the Principle of Least Authority (POLA). The key is to limit how much you need to trust someone before sharing. \u201cSystems that do not implement these 6 features will feel rigid and inadequately functional once enough users are involved, forcing the users to seek alternate means to work around<\/strong> the limitations in those applications.\u201d<\/p>\n Note: Accountability is not always directly linked to delegation. Marc would likely hold me accountable if his car got scratched, even if my neighbor had damaged the car when parking it in the garage. Whereas, if it isn’t my garage, bur rather a repair shop where my neighbor drops off the car for Marc, then if the repair shop damages the car, Marc would hold them responsible.<\/p>\n The following examples from Marc’s paper were edited for brevity:<\/p>\n Alan Karp’s IoT Position Paper<\/a> compares several sharing tools across these 6 features and also discusses ZBAC (authoriZation-Based Access Control) where authorization is known as a “capability.” An object capability<\/strong> is an unforgeable token that both designates a resource and grants permission to access it.<\/p>\n","protected":false},"excerpt":{"rendered":" Email is the killer app of the Internet. Amidst many sharing and collaboration applications and services, most of us frequently fall back to email. Marc Stiegler suggests that email often \u201cjust works better\u201d. Why is this? Digital communication is fast across distances and allows access to incredible volumes of information, yet digital access controls typically… Continue reading \n
\nneed to communicate policies to another jurisdiction. In the example, I didn\u2019t need to ask Marc to change his policy to grant my neighbor permission to drive his car.<\/li>\nHow does this work for email?<\/h2>\n
\n
\nBob then emails it back, Alice will hold Bob responsible if the edits are erroneous. If Carol (whom Alice
\nmay not know) emails her result directly to Alice, either Alice will ask Carol who she is before accepting
\nthe changes, or if Carol includes the history of messages in the message, Alice will directly see, once
\nagain, that she should hold Bob responsible. <\/li>\n<\/ul>\nFurther reading<\/h2>\n