►
From YouTube: Identity and Capabilities using CACAO and DID Session Keys - @smrz2001 - Building Apps on IPFS
Description
Identity and Capabilities using CACAO and DID Session Keys - presented by @smrz2001 at IPFS þing 2022- Building Apps on IPFS - https://2022.ipfs-thing.io
A
So
my
talk
today
is
going
to
be
about
cacao,
which
is
our
derived
version
of
ucan.
That
allows
for
blockchain
wallets
to
be
used
as
the
accounts
that
authorize
access
to
resources
and
cacaos
are
still
stored
in
ipld
as
well.
So
these
were
the
questions
we
wanted
to
to
answer.
As
a
blockchain
account
holder,
how
can
I
safely
permit
third
party
to
act?
My
behalf
again
a
familiar
question
from
the
ucan
discussion,
I'll
kind
of
hone
in
on
a
couple
of
pieces
of
this,
so
blockchain
account
holder.
A
So
that
was
a
specific
need.
We
had
people
with
accounts
on
any
blockchain
should
be
able
to
use
this
mechanism
safely.
Obviously,
cryptographically
secure,
unforgeable
references
and,
on
my
behalf
again
familiar
there
should
be
an
inversion
of
control
compared
to
traditional
apps,
where
the
users
can
revoke
access
to
certain
resources
and-
and
the
other
important
thing
we
wanted
to
achieve
was
that
users
shouldn't
have
to
reapprove
every
action
so
once
authorization
has
been
granted
delegated,
that
should
work
for
a
certain
amount
of
time
and
again.
A
A
So
this
is
what
cow
is.
It
is
an
acronym
kind
of
weirdly
put
together,
but
it's
an
acronym
for
like
chain
agnostic
object,
capability
and
stored
as
an
ipld
object,
specifically
designed
to
be
authenticated
using
blockchain
accounts,
and
it
inherits
from
the
great
work
from
of
ucan
and
z-cap
ld
and
chained.
Agnosticism,
of
course
means
that
various
blockchains
would
work.
We
have
it
working
with
ethereum
right
now.
Prototype
for
salon
is
in
progress.
A
This
enables
an
entire
universe
of
webview
applications
to
add
privacy-preserving
features
using
blockchain
accounts
and
kakaos
can
be
deterministically
serialized
into
ipld,
using
cbor
or
from
ipld
using
c4
and,
like
I
said
earlier,
it
does
inherit
from
ucan
and
z
capability.
I'll
show
what
particular
pieces.
A
So
this
is
the
the
structure
of
the
payload
we
specifically
desi.
I
decided,
like
you,
can't
kind
of
adhere
to
the
gwt
standard.
It
is
universally
accepted
and
I
think
there
were
some
discussions
on
the
spec
about
the
naming
and
stuff.
We
decided
to
kind
of
push
for
similar
names,
obviously
because
they're
already
familiar
to
the
entire
web
2
ecosystem,
it
is
bandwidth
efficient.
You
don't
want
to
send
serialized
versions
of
larger
payloads
back
and
forth
on
the
network.
A
A
So
very
briefly,
ceramic
gives
you
mutability
composability
and
coming
up
soon,
indexability
of
data
over
ipld
and
ipfs,
one
example,
being
you
can
connect
all
your
blockchain
wallets
into
a
single
identity
that
can
be
used
to
authenticate
across
various
services
and
applications
or
a
more
typical,
I
guess
more
familiar
use
case
would
be
social
graphs.
People
can
store
their
social
graphs.
A
Applications
can
compose
data
in
different
ways:
they're
not
tied
to
an
original
schema.
They
can
derive
schemas
update
them,
build
apps
that
can
kind
of
it's
like
a
positive
something
you
can
build
on
work.
Other
people
have
done
instead
of
being
siloed
applications
essential
to
that
is
the
ceramics
concept
of
of
streams,
which
is
just
an
ipld,
dag
essentially,
and
an
update
to
a
ceramic
stream
is
a
dag
jws
object
stored
in
using
the
daggo's,
a
codec
and
ipld.
A
And
this
would
be
the
normal
flow.
A
blockchain
wallet
would
provide
a
capability
to
an
application.
The
dit
key
is
a
session
key.
It
can
be
ephemeral,
so
an
application
generates
an
ephemeral
key
uses,
the
user's
authorization
to
sign
a
capability
which
would
be
the
cacao
that
gets
stored
in
ipld
and
thereafter,
when
the
protocol
processes
any
updates
to
that
user's
data.
A
So
the
user,
the
the
owner
of
the
of
the
did,
would
authorize
this,
and
any
updates
made
to
their
content
would
be
verified
by
looking
at
the
cacao
and
obviously
like
jwt's
work
in
practice.
You'd
have
time
limitations,
cacao
would
expire
for
a
certain
time.
A
I
believe
uconn
has
the
same
features
with
the
expiration
and
and
again
the
issuer
is
the
is
the
blockchain
wallet
holder
and
the
audience
would
be
the
would
be
the
application.
A
What
this
enables
this
enables
interesting
use
cases
like
redelegation
permissions.
You
can,
as
a
blockchain
account
holder,
delegate
your
rights
for
updating
some
of
your
content
to
like
a
data,
collective
privacy
watchdog,
a
bank.
You
trust
this
lets.
You
really
tie
into
existing
web
2
applications
somewhat
seamlessly.
A
So
this
is
kind
of
what
the
stack
would
look
like
and
pkh
if
you're
not
familiar
with
that,
it
is
a.
A
A
And
that's
kind
of
what
I
had
so
it's
not
a
whole
lot.
I
wanted
to
kind
of
focus
on
the
small
subset,
because
it
was
of
the
of
main
interest
today
with
the
ucan
discussion.
But,
like
I
said
ceramic
is,
is
a
way
for
applications
to
to
compose
data
with
each
other
and
gives
users
access.
A
B
A
Kind
of
adding
data-
it's
kind
of
yes,
what,
where
our
main
audience
is
yeah.
That's.
B
A
A
Right
the
thing
about
cacao
also
is
that
it's
not
limited
to
blockchain
it'll
work
with
blockchain
wallets
and
dpgh
it'll
work
with
any
other
git
method
as
well.
So
it's
not
limited
to
that
is
just
for
now.
It
kind
of
happens
to
be
the
focus
because
of
the
community
impetus,
but
yeah
yeah.
B
Absolutely
so
that's
something
that's
not
clear
to
people,
because
dids
are
still
fairly
brand
new
and
need
some
work.
The
dudes
generally
there's
lots
of
different
kinds
as
well,
so
you
can
at
our
later,
we
haven't
included,
did
option
but
are
actually
gonna
work
with
signing
with
ethereum
and
ceramic
stuff
and
so
on,
and
maybe.
A
Must
identifier
right,
yeah
yeah,
it's
it's
a
pseudonymous
identifier
yeah,
so
that
your
representation
online
is
your.
Is
your
identifier?
Not
your
your
wallet
address
or
doesn't
have
to
be
wall
address
could
be
some
other
identity
that
gets
translated
to
a
did.
So
that's
what
it's
I've
heard.
The
term
pseudonymous
identifier,
it's
kind
of
pretty
succinctly
captures
what
it
is.
A
B
I
think
probably
another
useful
thing
to
surface
is
that
yeah,
so
the
ceramic
team
very
much
participates
in
the
uk
working
group.
Lots
of
discussion
there
on
making
the
stuff
like
interop
usefully
the
other
area,
the
standards
and
discussion
that
both
vision
and
ceramic
interoperated
is
something
called
the
chain
agnostic
standards
alliance.
B
We
haven't
really
brought
up
a
bunch
of
blockchain
things
and
I
think
that's
this
session
this.
We
probably
should
because
they,
in
fact
our
major
customers,
if
we
want
to
think
about
it
that
way,
so
that
casa
is
a
really
great
group
with
all
sorts
of
like
it's,
not
a
standards
body,
it's
basically
bottom-up
people
building
code
and
not
wanting
to
have
to
duplicate
stuff,
and
it
hasn't
settled,
but
likely
the
next
in
person
will
be
september
in
berlin.
A
B
Audience
who
do
you
want
to
really
have
on
that
stuff
and
maybe
actually,
I
think,
maybe
missing
a
little
bit
of
a
tie
to
ipfs.
A
A
So
ipld
is
cacao
as
our
store,
not
bld,
but
ceramic
content.
We
store
it
in
streams,
so
an
account
has
a
stream
which
represents
data
that
can
be
modified.
So
you
can,
you
can
add
things
to
your
account
profile,
for
example,
very
basic
example.
Your
profile
change
it
and
ceramic
keeps
track
of
the
the
history
of
updates,
so
that
they're
always
verifiable
cryptographically,
and
this
is
a
hash
length
structure
stored
in
ipl
using
ipld
in
ipfs,
which
means
we've
had
all
the
same
problems
with
ipfs.
A
We
moved
away
from
js
ipfs
because,
like
every
few
days,
you'd
see
the
memory
utilization
go
up,
drop
off
a
cliff
because
it
restarted
because
it
oem'd,
so
we
moved
away
from
gs,
ipfess
to
kubo
and
that's
been
much
better,
has
its
own
issues,
which
obviously
we
need
to
work
with.
Server-Side
yeah
we've
had
problems
with
civilization,
which
somewhat,
I
think,
related
to
the
dht
and
the
way
it
looks
up
peers.
A
A
I
forgot
what
what
I
think
it's
bit
swap
or
it's
something
in
lib
p2p,
perhaps
every
hour
you'd
see
the
cpu
spike
like
shoot
up
and
go
back
down
like
on
the
like.
It
was
like
10
minutes
past.
Is
this
weird.
D
B
B
A
Two
different
problems:
one
is
js
ipfs
and
the
memory
leak
which
we
reported
a
year
ago,
oh
coop
cooper,
has
a
memory
leak
too:
okay,
interesting,
okay,
okay,
I
thought
you
were
referring:
jsonp,
okay
and
then
the
the
routing
table
thing
is
a
different
one.
So
we
do
have
a
demo
I'll
post
it
to
github
yeah.
A
We
already
have
several-
I
wouldn't
be
able
to
rattle
off
top
of
my
head,
but.
A
D
C
D
B
So
as
an
example,
the
way
that
user
data
is
owned
in
web
native
is
actually
a
lot
more
like
desktop
or
mobile
programming,
which
is
a
little
bit
like
peer
glass
as
well,
where
the
app
asks
permission
to
the
user's
data
so
that
reuses
well,
I
have
photos
and
I
have
a
gallery
app
and
an
editing
app
and
a
publishing
app
like
this
is
not
very
like
controversial
from
a
user
perspective.
B
This
is
like
you
know,
saying
this
is
like
a
single
user
note,
and
maybe
that's
also
a
super
interesting
thing,
because
we
haven't
had
these
capabilities
on
the
web
other
than
multi-tenant
databases
that
are
affordable
well
and.
B
C
Where,
like
those
three
less
different
standards
that
come
together
such
that
they're,
like
maybe
isn't
this
between
things
for
blockchain
audience
and.
A
Things
for
the
rest
like
for
other
audiences,
so
I
mean
it
depends
on
how
things
really
play
out
with
the
specs
and
usage
and
what
people
like
for.
We
would
hope
that
cacao
can
be
used
across
the
various
use
cases
not
limited
to
blockchain,
but
eventually
it'll
be
like
good.
D
D
And
all
these
things,
and
that
one
can
definitely
be
done,
but
there's
some
discussion
that
like
well.
Let's
go
right
to
this,
so
even
though
these
might
not
like
directly
interoperate-
and
there
are
some
spec
level
differences
like
not
just
which
keys
are
available
but
like
literally
how
the
system
works
between
these
and
you
can
that
make
them
not
fully
compatible.
At
least
we
can
represent
them
in
a
consistent
way,
potentially.
C
B
Resources
adopting
yes,
but
I
guess
I'm
figuring
out
whether
yeah
I
think
the
path
for
ceramic
one
of
the
challenges
there.
If
you
browser
extensions,
is
one
of
the
the
sports
as
well
as
wall
connect
is
as
long
and
sort
of
thing.
Paragraphs
and
vision
are
like.
Please,
no
browser
extensions,
although
again
you're
consuming
it.
B
B
Is
web
and
browser
centric
ceramics
approach
starts
with
a
blockchain-centric
audience
today
and
fission
is
a
or
you
can
use
a
jwt
centric
as
in
we're
agnostic
and
are
definitely
beyond
the
left
is
maybe
a
useful
triangle.
D
Yeah,
so
here's
a
should
with
just
orange
like
what
you
think
so
not
the
worst
track
directly
is
now,
but
from
the
little
bits
of
the
rapture.
Some
of
the
argument
has
been.
D
C
A
It's
a
way
to
it's
more
of
a
way
to
unify
and
tie
together
these
various
elements
instead
of
having
incompatibility
so
we're
trying
to
kind
of
bridge
the
gap
put
it
together
in
a
in
a
more
consistent
way
that
also
works
with
blockchain
wallets.
So
that's
what
I
would
say
not
sure.
If
that
answers
the
questions.
A
D
So
the
lineage
really
goes
down
to
the
early
nine
to
the
late
90s,
where
there
was
sbki
spooky
as
we're
called.
And
then
it's
because
some.
D
And
then,
in
about
2017
2018,
there
was
an
attempt
to
bring
this
idea
back
with
lynn's
data
and
a
very
hard
model.
And
this
was
eventually
because.
D
And
essentially
lets
you
describe
okay,
so
this
signer
is
always
cryptographically.
You
know.
D
Owns
some
resource
and
they're
going
to
delegate
access
to
it
to
somebody
else
with
these
intentions
right
and
certainly
they'll,
actually
write
to
this
path
from
the
cloud
system.
We're
able
to
publish
this
many
data
points,
portrait
search
and
I
uk
came
about
because
we
needed
a
lightweight
way
of
doing
some
of
these
things
in
a
know
like
more
what
free
mode,
but
then
also
with
a
bunch
of
abilities
that
we
shouldn't
see
like
all
of
these
are
pretty
early
stacks
right.
So
zeke
is
in
version
first.
D
So
there's
not
overlap
where
they're
all
capability
systems,
so
they
all
have
this.
This
basic
idea
that
we're
gonna
sign
something
that
says
yeah.
I'm
gonna
give
a
friend
with
this
resource
right
as
a
broad
picture,
but
the
actual
approach
and
the
capabilities
around
the
things
that
you're
about
to
express,
there's
some
others
too,
there's
like
biscuits,
which
does
it
with
data
log
and.