a capability-based OS for the web
Hello everyone,
I'd like to announce a forthcoming (free) capability-based operating system: Sitelier (pronounced like hotelier).
Sitelier is a distributed, capability-based operating system for the web that uses OpenPGP to link users with their apps and each other. The idea is to finally give people actual control over their online lives.
Basically, it manages a secure private website on which users can “install” web apps, which can then save their data on the user’s site, rather than on the web app’s servers. It also provides a globally unique (and portable) identity for each user in the form of PGP keys, and in the near future will let users easily “friend” each other for securely communicating or sharing. It doesn't run on the hardware directly; it's a user mode server written entirely in JavaScript (Node.js). It’s free and open source so you can host your site wherever you like.
In our view, the web right now is backwards: users have accounts on dozens of websites, all with their own logins and passwords, and our content and personal information is scattered all over the web, out of our control. Sitelier turns the situation around: when you install an app, you're effectively creating an account on *your* site for the app, which can then save its data (your data) there, so all your online information can live in one secure location that you control. It’s a simple idea with huge implications. For a start, launching an online banking app by clicking an icon as opposed to logging into a website eliminates the opportunity for phishing your banking password – there is no banking password. And vendors like Amazon would no longer need to keep your billing info on their servers, since the Amazon app can just get it from your site (assuming you’ve given them a read-billing-info cap). Once your order ships, they can drop the cap (or you can), and then even if they’re breached, your billing information isn’t compromised, because they don’t have it. I’m barely touching on the potential of the platform, but I think you get the idea.
Given what Sitelier is trying to do, we’re necessarily obsessed with security. We’ve tried to avoid making obvious mistakes, and we’ve tried to implement good ideas wherever possible: besides caps, you'll see petnames and petgraphics (for apps and contacts), decentralized trust (obviously), and TLS-PSK is coming (for app-kernel and kernel-kernel connections). But we’re not security experts; we’re just two good friends tackling an enormous engineering problem together. We could really use some help from people who actually know what they’re doing in this area.
So does this sound interesting to anyone? We’re doing a preview release today and will soon have a tarball of the kernel up on the website, along with installation instructions (you’ll need a world-routable machine if you want to try it). We’re also hosting a couple apps that anyone can install: a basic shell and a notepad app. The kernel source is online at https://launchpad.net/sitelier-kernel, and you can browse it there or branch it with bazaar. You can read more about the project at www.sitelier.com; there’s a lot of info about how it works under /docs.
Seth and Chris
_______________________________________________ cap-talk mailing list cap-talk@... http://www.eros-os.org/mailman/listinfo/cap-talk
--marcs
On Wed, 2011-07-20 at 10:47 -0700, Kevin Reid wrote:
> They even called it a powerbox.
>
> > “Apple has chosen to solve this problem by providing heightened permissions to a particular class of
actions: those explicitly initiated by the user. Lion includes a trusted daemon process called Powerbox
(pboxd) whose job is to present and control open/save dialog boxes on behalf of sandboxed applications.
After the user selects a file or directory into which a file should be saved, Powerbox pokes a hole in the
application sandbox that allows it to perform the specific action.”
>
> — Ars Technica's Mac OS X review
> <
RSS Feed