a capability-based OS for the web
2011-07-05 23:55:23 GMT
I'd like to announce a forthcoming (free) capability-based operating system: Sitelier (pronounced like hotelier).
Sitelier is a distributed, capability-based operating system for the web that uses OpenPGP to link users with their apps and each other. The idea is to finally give people actual control over their online lives.
In our view, the web right now is backwards: users have accounts on dozens of websites, all with their own logins and passwords, and our content and personal information is scattered all over the web, out of our control. Sitelier turns the situation around: when you install an app, you're effectively creating an account on *your* site for the app, which can then save its data (your data) there, so all your online information can live in one secure location that you control. It’s a simple idea with huge implications. For a start, launching an online banking app by clicking an icon as opposed to logging into a website eliminates the opportunity for phishing your banking password – there is no banking password. And vendors like Amazon would no longer need to keep your billing info on their servers, since the Amazon app can just get it from your site (assuming you’ve given them a read-billing-info cap). Once your order ships, they can drop the cap (or you can), and then even if they’re breached, your billing information isn’t compromised, because they don’t have it. I’m barely touching on the potential of the platform, but I think you get the idea.
Given what Sitelier is trying to do, we’re necessarily obsessed with security. We’ve tried to avoid making obvious mistakes, and we’ve tried to implement good ideas wherever possible: besides caps, you'll see petnames and petgraphics (for apps and contacts), decentralized trust (obviously), and TLS-PSK is coming (for app-kernel and kernel-kernel connections). But we’re not security experts; we’re just two good friends tackling an enormous engineering problem together. We could really use some help from people who actually know what they’re doing in this area.
So does this sound interesting to anyone? We’re doing a preview release today and will soon have a tarball of the kernel up on the website, along with installation instructions (you’ll need a world-routable machine if you want to try it). We’re also hosting a couple apps that anyone can install: a basic shell and a notepad app. The kernel source is online at https://launchpad.net/sitelier-kernel, and you can browse it there or branch it with bazaar. You can read more about the project at www.sitelier.com; there’s a lot of info about how it works under /docs.
Seth and Chris
_______________________________________________ cap-talk mailing list cap-talk@... http://www.eros-os.org/mailman/listinfo/cap-talk