Background links and info about Private Data. Please feel free to edit this page directly to capture a list of links to existing discussions and resources.
Bluesky Github Issues
(links to infamous bsky github issues that are relevant / background reading)
Groundmist
A series of progressive experiments exploring the possibilities enabled by connecting the AT Protocol and the local-first software paradigm. Uses Automerge for local first files and collaboration. This is “security by obscurity” – if you know the Automerge document ID you can get to it. Future plans for Automerge rely on Keyhive for fully encryped and local first access control.
Zanzibar / SpiceDB
Relation Based Access Control (ReBAC)
Paper: Zanzibar: Google’s Consistent, Global Authorization System
Some useful links for SpiceDB.
Hard problems in permission systems:
-
Dual Write:
-
New Enemy
-
Recursion in ReBAC
Caveats:
Capability Based Tokens / Macaroons
Paper: “Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud” https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/41892.pdf
Some Links:
- Macaroons Escalated Quickly · The Fly Blog
- What is Capability-based Security? | by Kevin Leffew | Medium
- What are Macaroons, and How do They Work | Voltage Blog
- CS 513 System Security -- Capability-based Access Control Mechanisms