►
From YouTube: Identity and Capabilities using CACAO and DID Session Keys - @smrz2001 - Building Apps on IPFS
Description
Identity and Capabilities using CACAO and DID Session Keys - presented by @smrz2001 at IPFS þing 2022- Building Apps on IPFS - https://2022.ipfs-thing.io
A
So
my
talk
today
is
going
to
be
about
cacao,
which
is
our
derived
version
of
ucan.
That
allows
for
blockchain
wallets
to
be
used
as
the
accounts
that
authorize
access
to
resources
and
cacaos
are
still
stored
in
ipld
as
well.
So
these
were
the
questions
we
wanted
to
to
answer.
As
a
blockchain
account
holder,
how
can
I
safely
permit
third
party
to
act?
My
behalf
again
a
familiar
question
from
the
ucan
discussion,
I'll
kind
of
hone
in
on
a
couple
of
pieces
of
this,
so
blockchain
account
holder.
A
So
that
was
a
specific
need.
We
had
people
with
accounts
on
any
blockchain
should
be
able
to
use
this
mechanism
safely.
Obviously,
cryptographically
secure,
unforgeable
references
and,
on
my
behalf
again
familiar
there
should
be
an
inversion
of
control
compared
to
traditional
apps,
where
the
users
can
revoke
access
to
certain
resources
and-
and
the
other
important
thing
we
wanted
to
achieve
was
that
users
shouldn't
have
to
reapprove
every
action
so
once
authorization
has
been
granted
delegated,
that
should
work
for
a
certain
amount
of
time
and
again.
A
A
So
this
is
what
cow
is.
It
is
an
acronym
kind
of
weirdly
put
together,
but
it's
an
acronym
for
like
chain
agnostic
object,
capability
and
stored
as
an
ipld
object,
specifically
designed
to
be
authenticated
using
blockchain
accounts,
and
it
inherits
from
the
great
work
from
of
ucan
and
z-cap
ld
and
chained.
Agnosticism,
of
course
means
that
various
blockchains
would
work.
We
have
it
working
with
ethereum
right
now.
Prototype
for
salon
is
in
progress.
A
This
enables
an
entire
universe
of
webview
applications
to
add
privacy-preserving
features
using
blockchain
accounts
and
kakaos
can
be
deterministically
serialized
into
ipld,
using
cbor
or
from
ipld
using
c4
and,
like
I
said
earlier,
it
does
inherit
from
ucan
and
z
capability.
I'll
show
what
particular
pieces.
A
So
this
is
the
the
structure
of
the
payload
we
specifically
desi.
I
decided,
like
you,
can't
kind
of
adhere
to
the
gwt
standard.
It
is
universally
accepted
and
I
think
there
were
some
discussions
on
the
spec
about
the
naming
and
stuff.
We
decided
to
kind
of
push
for
similar
names,
obviously
because
they're
already
familiar
to
the
entire
web
2
ecosystem,
it
is
bandwidth
efficient.
You
don't
want
to
send
serialized
versions
of
larger
payloads
back
and
forth
on
the
network.
A
A
So
very
briefly,
ceramic
gives
you
mutability
composability
and
coming
up
soon,
indexability
of
data
over
ipld
and
ipfs,
one
example,
being
you
can
connect
all
your
blockchain
wallets
into
a
single
identity
that
can
be
used
to
authenticate
across
various
services
and
applications
or
a
more
typical,
I
guess
more
familiar
use
case
would
be
social
graphs.
People
can
store
their
social
graphs.
A
Applications
can
compose
data
in
different
ways:
they're
not
tied
to
an
original
schema.
They
can
derive
schemas
update
them,
build
apps
that
can
kind
of
it's
like
a
positive
something
you
can
build
on
work.
Other
people
have
done
instead
of
being
siloed
applications
essential
to
that
is
the
ceramics
concept
of
of
streams,
which
is
just
an
ipld,
dag
essentially,
and
an
update
to
a
ceramic
stream
is
a
dag
jws
object
stored
in
using
the
daggo's,
a
codec
and
ipld.
A
And
this
would
be
the
normal
flow.
A
blockchain
wallet
would
provide
a
capability
to
an
application.
The
dit
key
is
a
session
key.
It
can
be
ephemeral,
so
an
application
generates
an
ephemeral
key
uses,
the
user's
authorization
to
sign
a
capability
which
would
be
the
cacao
that
gets
stored
in
ipld
and
thereafter,
when
the
protocol
processes
any
updates
to
that
user's
data.
A
A
What
this
enables
this
enables
interesting
use
cases
like
redelegation
permissions.
You
can,
as
a
blockchain
account
holder,
delegate
your
rights
for
updating
some
of
your
content
to
like
a
data,
collective
privacy
watchdog,
a
bank.
You
trust
this
lets.
You
really
tie
into
existing
web
2
applications
somewhat
seamlessly.
A
A
A
B
B
A
A
B
Absolutely
so
that's
something
that's
not
clear
to
people,
because
dids
are
still
fairly
brand
new
and
need
some
work.
The
dudes
generally
there's
lots
of
different
kinds
as
well,
so
you
can
at
our
later,
we
haven't
included,
did
option
but
are
actually
gonna
work
with
signing
with
ethereum
and
ceramic
stuff
and
so
on,
and
maybe.
A
Must
identifier
right,
yeah
yeah,
it's
it's
a
pseudonymous
identifier
yeah,
so
that
your
representation
online
is
your.
Is
your
identifier?
Not
your
your
wallet
address
or
doesn't
have
to
be
wall
address
could
be
some
other
identity
that
gets
translated
to
a
did.
So
that's
what
it's
I've
heard.
The
term
pseudonymous
identifier,
it's
kind
of
pretty
succinctly
captures
what
it
is.
A
B
I
think
probably
another
useful
thing
to
surface
is
that
yeah,
so
the
ceramic
team
very
much
participates
in
the
uk
working
group.
Lots
of
discussion
there
on
making
the
stuff
like
interop
usefully
the
other
area,
the
standards
and
discussion
that
both
vision
and
ceramic
interoperated
is
something
called
the
chain
agnostic
standards
alliance.
B
We
haven't
really
brought
up
a
bunch
of
blockchain
things
and
I
think
that's
this
session
this.
We
probably
should
because
they,
in
fact
our
major
customers,
if
we
want
to
think
about
it
that
way,
so
that
casa
is
a
really
great
group
with
all
sorts
of
like
it's,
not
a
standards
body,
it's
basically
bottom-up
people
building
code
and
not
wanting
to
have
to
duplicate
stuff,
and
it
hasn't
settled,
but
likely
the
next
in
person
will
be
september
in
berlin.
A
A
A
So
ipld
is
cacao
as
our
store,
not
bld,
but
ceramic
content.
We
store
it
in
streams,
so
an
account
has
a
stream
which
represents
data
that
can
be
modified.
So
you
can,
you
can
add
things
to
your
account
profile,
for
example,
very
basic
example.
Your
profile
change
it
and
ceramic
keeps
track
of
the
the
history
of
updates,
so
that
they're
always
verifiable
cryptographically,
and
this
is
a
hash
length
structure
stored
in
ipl
using
ipld
in
ipfs,
which
means
we've
had
all
the
same
problems
with
ipfs.
A
We
moved
away
from
js
ipfs
because,
like
every
few
days,
you'd
see
the
memory
utilization
go
up,
drop
off
a
cliff
because
it
restarted
because
it
oem'd,
so
we
moved
away
from
gs,
ipfess
to
kubo
and
that's
been
much
better,
has
its
own
issues,
which
obviously
we
need
to
work
with.
Server-Side
yeah
we've
had
problems
with
civilization,
which
somewhat,
I
think,
related
to
the
dht
and
the
way
it
looks
up
peers.
A
A
D
B
B
A
Two
different
problems:
one
is
js
ipfs
and
the
memory
leak
which
we
reported
a
year
ago,
oh
coop
cooper,
has
a
memory
leak
too:
okay,
interesting,
okay,
okay,
I
thought
you
were
referring:
jsonp,
okay
and
then
the
the
routing
table
thing
is
a
different
one.
So
we
do
have
a
demo
I'll
post
it
to
github
yeah.
A
D
C
D
B
A
D
And
all
these
things,
and
that
one
can
definitely
be
done,
but
there's
some
discussion
that
like
well.
Let's
go
right
to
this,
so
even
though
these
might
not
like
directly
interoperate-
and
there
are
some
spec
level
differences
like
not
just
which
keys
are
available
but
like
literally
how
the
system
works
between
these
and
you
can
that
make
them
not
fully
compatible.
At
least
we
can
represent
them
in
a
consistent
way,
potentially.
C
B
Resources
adopting
yes,
but
I
guess
I'm
figuring
out
whether
yeah
I
think
the
path
for
ceramic
one
of
the
challenges
there.
If
you
browser
extensions,
is
one
of
the
the
sports
as
well
as
wall
connect
is
as
long
and
sort
of
thing.
Paragraphs
and
vision
are
like.
Please,
no
browser
extensions,
although
again
you're
consuming
it.
B
D
D
C
A
It's
a
way
to
it's
more
of
a
way
to
unify
and
tie
together
these
various
elements
instead
of
having
incompatibility
so
we're
trying
to
kind
of
bridge
the
gap
put
it
together
in
a
in
a
more
consistent
way
that
also
works
with
blockchain
wallets.
So
that's
what
I
would
say
not
sure.
If
that
answers
the
questions.
A
D
D
D
Owns
some
resource
and
they're
going
to
delegate
access
to
it
to
somebody
else
with
these
intentions
right
and
certainly
they'll,
actually
write
to
this
path
from
the
cloud
system.
We're
able
to
publish
this
many
data
points,
portrait
search
and
I
uk
came
about
because
we
needed
a
lightweight
way
of
doing
some
of
these
things
in
a
know
like
more
what
free
mode,
but
then
also
with
a
bunch
of
abilities
that
we
shouldn't
see
like
all
of
these
are
pretty
early
stacks
right.
So
zeke
is
in
version
first.
D
So
there's
not
overlap
where
they're
all
capability
systems,
so
they
all
have
this.
This
basic
idea
that
we're
gonna
sign
something
that
says
yeah.
I'm
gonna
give
a
friend
with
this
resource
right
as
a
broad
picture,
but
the
actual
approach
and
the
capabilities
around
the
things
that
you're
about
to
express,
there's
some
others
too,
there's
like
biscuits,
which
does
it
with
data
log
and.