►
Description
Identity, Capabilities, & Private Data - presented by @ianopolous at IPFS þing 2022 - Building Apps on IPFS - https://2022.ipfs-thing.io
A
So
on
that
the
topic
of
the
the
problem
of
public
cipher
text,
so
we've
solved
that
problem.
I
actually
talked
about
that
yesterday.
In
our
talk,
I
can
briefly
mention
it
here.
I
actually
cut
up
most
of
that
from
this
talk,
but
yeah
so
to
focus
on
applications,
but
I'll
give
you
a
super
quick
overview
of
pegos.
It's
a
global
peer-to-peer,
encrypted
file
system
and
application
protocol
being
a
file
system.
Everything
has
a
unique
path
which
begins
with
your
username
fine
grained
access
control.
A
A
A
A
A
A
So
this
is
this:
is
the
execution
model,
so
the
the
idea
is
your
your
end.
User
is
logged
into
peergas
in
the
browser
and
that's
the
the
main
tab
on
the
left,
the
main
main
context
and
that's
the
thing
that
can
get
data
from
the
network.
It
doesn't.
We
don't
do
peer-to-peer
stuff
directly
in
the
browser
for
privacy
reasons,
for
we
don't
have
a
broadcast
uip
address
or
anything
like
that.
So
that's
handled
by
the
server,
but
everything
the
server
is
treated
as
untrusted.
A
So
everything
the
client
gets
whether
it's
a
hash
or
a
signature
or
whatever
is
is
checked
in
the
client
code
and
in
terms
of
an
app
so
the
way
we
do
this.
So
we
want
to
isolate
different
apps,
both
from
the
main
phos
context
where,
for
example,
your
keys
are
and
your
data,
but
also
from
other
apps
and
as
we've
learned
from
the
recent
years,
you
have
to
worry
about
things
like
side
channel
attacks.
A
So
this
absolutely
has
to
be
a
separate
operating
system
level
process
than
the
main
tab
and
that's
quite
hard
to
guarantee
in
browsers
these
days.
But
but
you
can
with
some
recent
additions
to
browsers,
and
so
the
basic
idea
is.
We
have
a
generated
sub
domain
and
this
works
on
localhost
as
well,
so
you
don't
have
to
have
a
wildcard
certificate
on
a
public
server
and
the
the
generated
subdomain
is
basically
a
hash
of
the
human
readable
path
for
the
app
that
you're
running.
A
So
those
are
the
they're
paths
in
the
peergas
file
system,
so
those
are
unique
anyway.
The
hash
is
then
unique,
and
so
you
get
your
isolation
that
way
you
can
also
within
an
app
you
can
add
an
extra
like
isolation
parameter
to
get
a
different
hash
as
well.
If
you
want
so,
for
example,
one
of
our
apps
is
is
a
web
browser
in
the
browser
and
it
wants
to
isolate
its
websites
from
each
other,
so
it
has
an
extra
the
isolation
parameter
and
so
yeah.
A
The
basic
idea
is
that
by
default
an
app
has
no
permissions.
It
can't
do
anything.
All
it
can
do
is
read
its
own
assets,
and
so
the
other
critical
thing
is
the
the
green
box,
the
the
sandbox
there
that's
locked
down,
so
that
an
app
also
can't
make
external
connections
to
to
the
web,
because
that
you
could
just
trivially
exfoliate
data,
and
so
the
idea
is
that
the
server
serves
up
the
same
static
code
for
all
sub
domains,
and
all
that
does
is
set
up.
A
So
yeah
we've
just
talked
about
most
of
that
yeah.
So
by
default
an
app
can
just
read
its
own
assets,
app
permissions.
So
if
you
want
to
have
more
more
more
interesting
stuff,
you
can
grant
an
app
a
permission
to
store
basically
persist
data
in
your
space,
so
this
means
it's
an
app
specific
folder.
The
app
can
read
and
write
arbitrary
files,
whatever
it
wants,
enter
into
that
folder,
so
that
could
be
save
games
or
settings
or
whatever
another
one
is
to
edit
a
chosen
file.
A
So
this
means
it's
basically
like
the
user
says.
I
want
to
open
this
file
with
this
app
and
the
app
can
then,
during
that
invocation,
edit
that
particular
file
or
there's
another
one
which
is
read
chosen
folder,
so
that
could
be
like
a
gallery
or
a
music
player,
or
something
like
this
so
far,
those
first
three
they're
one
player
mode.
So
that's
just
you
and
your
app
you
and
your
data
and
your
app.
A
It
gets
more
interesting
with
the
fourth
one,
which
is
you
can
exchange
messages
with
friends,
and
these
are
all
so
there's.
Basically,
we
already
have
a
chat
protocol.
It's
you
know.
It's
it's
all
encrypted.
It's
it's
cidt
based
inside
the
encryption
on
on
top
of
piergos,
but
the
app
doesn't
have
to
know
about
that.
It
just
says
I
want
to
create
a
chat
and
with
with
some
friends
who
might
have
the
same
app
installed,
and
you
can
then
send
asynchronous
messages
this
way.
A
So
you
could
use
that
to
do
you
know
multiplayer
turn-based
games
or
something
it's
not
real
time,
so
you
can't
use
it
for
network
doom
or
something
like
that.
We'll
work
on
that
one
we
do
have
plans
for
that,
but
not
yet
so
yeah.
This
is.
I
mean
this
is
all
hot
off
the
press.
Literally
we
released
this
sandbox
two
weeks
ago,
so
there's
lots
more
lots
more
to
come.
A
A
A
A
A
A
A
So
you
can
see
we're
working
our
way
up
to
network
doing
this.
This
is
single
player
too,
but
anyway
you
you
get
the
idea,
and
this
is
so
the
cool
thing
with
these
apps
is
the
server
doesn't
see
the
app
assets,
so
the
apps
themselves
are
private.
That
might
also
trigger
something.
So,
let's
close,
that.
A
A
An
app
is
so
so
so
these
these
are
the
apps
here.
This
is
pre
some
pre-installing
them,
so
I
can
show
you
so,
for
example,
the
image
editor
or,
if
I
wanted
to
create
my
own
app,
I
would
just
go,
create
a
folder
in
here
and
then
do
whatever
format:
okay,
yeah
so
yeah.
Basically
it
has
the
assets
folder,
which
is
the
assets,
that's
all
the
standard,
html5
stuff
and
then
there's
this
magical
file,
the
the
manifest
the
json
file,
which
we
can.
We
can
look
at
in
another
app.
The
text
editor.
B
A
And
so
yeah,
the
other.
The
thing
that's
cool
is
so
you
can.
As
I
mentioned,
an
app
is
just
basically
a
website,
so
you
can
view
websites
natively
in
peergas.
So
this
is
again.
These
assets
are
served
from
pagos.
The
server
doesn't
see
them
because
they're
all
decrypted
locally,
but
I've
got
the
full
website
in
there
and
in
a
similar
way
that
you
can
share
anything
in
pagos
via
secret
link.
You
can
also
share
websites,
let's
see
if
we
can
do
this
and
I'm
imagining
there's
a
permission
model
for
the.
A
A
You
so
the
secret
link,
that's
mainly
for
sharing
with
people
who
are
not
on
pagos.
If
they're
on
pagos,
you
can
do
in-band
sharing.
So
this
is
the
sharing
screen
here,
so
I
can
type
in
username
of
who
I
want
to
share
it
with,
and
this
this
remembers
who
it's
been
shared
with,
read
or
write
or
whatever,
or
you
can
share
with
groups.
So
there's
friends
or
followers
of
the
default
groups,
but
you
can
also
do
custom
groups
but
yeah,
so
the
secret
link,
let's
see
if
this
works.
A
A
A
C
A
C
C
A
C
That's
something
that
I
had
in
my
giant
list
of
random
things.
I'd
like
to
have
eventually,
but
and
just
basically
used
html5
manifest
file
with
a
few
extra
vendor.
Extensions
that
might
be
interesting
for
us
to
use
is
that
kind
of
what
that
manifest
violence.
What
are
they?
What
are
the
extra
approvals.
A
C
C
Do
capabilities
if
we
can
have
some
consistent
language
for
some
of
that?
That
would
be
super
useful
and
you
know,
like
my
thinking,
is
developer
option
like
hey.
If
we've
already
got
people
we're
using
html5
pwa
manifest
files,
then
yep
we
can
consume
all
that.
There's
probably-
and
I'm
not
smart
enough
about
this,
yet
yada
yada
yada
ipld,
something
that
comes
in
there,
but
is
that
the
correct
answer
I
like?
I
feel.
C
A
B
B
A
Right
so
yeah
I
mean
so:
we've
been
thinking
about
this
for
years
and
basically
yeah
the
the
kind
of
privacy
we
want
from
libya
to
peer.
There's
a
there's,
a
group.
Some
did
some
work
of
this
a
few
years
ago,
p3
lib
on
anonymity
within
libid
appear
something
like
that
would
be
awesome,
and
so
the
way
we
would
use
that
is,
you
might
have
seen
yesterday.
In
our
talk,
we
only
really
use
the
block
api.
A
We
would
have
an
extra
parameter
to
all
the
api
calls,
which
is
the
anonymity
class,
and
that
would
basically
determine
the
the
onion
identity
that
this
that
that
request
would
be
routed
through,
and
so
you
could
you
can
the
application
to
decide.
I
want
you
know
these.
These
bits
of
data
should
be
not
connectable
by
the
external
network
because
they're,
for
example,
from
different
people,
and
you
don't
want
them
to
there's
friendship,
connection
to
be
leaked
or
that
kind
of
thing,
as
well
as
obviously
protecting
things
like
your
ip
address.
Yeah.
C
C
B
I've
got
another
question
and
you
might
have
answered
this,
but
paragraphs
to
me
seems
like
it's
focused
on
specifically
on
users
for
their
data,
but
is
there
a
story?
For
you
know
this
track
is
building
apps
on
ipfs.
So
what
about
building
apps
on
pure
dots
like?
How
do
I
build
an
app
and
share
it?
And
then,
potentially
you
know
profit
from
some
app
that
I
distribute
to
your
gas
users.
Is
that.
A
Yeah
so
so
apps
they're
just
a
folder
of
staff
on
pagos
and
we
you
know
it's
a
private
file
system.
We
have
access
control,
so
you
can
control
access
to
your
app.
So
if
you
want
to
charge
for
your
app,
for
example,
you
can
do
that.
We
don't
have
payments
in
band,
but
you
can
do
that
out
of
band
and
just
share
share
the
app
using
the
access
control.