First capability-securable implementation of Dataspaces.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
Tony Garnock-Jones 9bb081292b Clean up 3 months ago
experiments Clean up repo layout 7 months ago
schemas TAttenuate 3 months ago
src Clean up 3 months ago
.gitignore Move to autogenerated schemas 6 months ago
README.md Demo instructions 4 months ago
package.json Upgrade to latest schema language including embedded interfaces 4 months ago
rollup.config.js Classify source files into subdirectories 5 months ago
tsconfig.json Split out rewrite.ts 7 months ago
yarn.lock Upgrade to latest schema language including embedded interfaces 4 months ago

README.md

novy-syndicate

A follow-on from Syndicate-2017, incorporating object-capability-based securability and other ideas from E.

You can view this as Syndicate plus locations and capabilities, or as E plus Syndicate-style shared state and fault-tolerance.

The capabilities offer securability of Syndicate-style point-to-point and multiparty communications, a necessary precondition for wider use of Syndicate-like ideas.

The locations offer abstraction over distribution of Syndicate systems, a necessary precondition for modular reasoning about and reuse of Syndicate subsystems.

Take it for a spin

git clone https://git.syndicate-lang.org/syndicate-lang/novy-syndicate
cd novy-syndicate
yarn install
yarn build

Start a server containing a single dataspace:

node -r esm lib/distributed/server.js

It will print out a "root" capability giving full control of the contents of the dataspace:

$ node -r esm lib/distributed/server.js
<ref "syndicate" [] #"\xa6H\x0d\xf50f\x11\xdd\xd0\xd3\x88+Tn\x19w">
b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784

Next, try running the simple-chat example in a separate terminal:

node -r esm lib/distributed/sandbox.js ../examples/simple-chat.js \
    b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784

Note that the second command-line argument is the capability to use to gain access to the server.

Run the same command again in another separate terminal. Typing into one terminal will be relayed to the other; the command /nick <newnick> will change nickname.

Next, generate an attenuated capability which will only allow interaction via the nickname tonyg:

node -r esm lib/tools/attenuate.js \
    b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784 \
    '[<or [
       <rewrite <bind p <compound <rec Present 1> {0: <lit "tonyg">}>> <ref p>>
       <rewrite <bind p <compound <rec Says 2> {0: <lit "tonyg"> 1: String}>> <ref p>>
     ]>]'

The result is the following data structure:

<ref "syndicate" [[<or [
  <rewrite <bind p <compound <rec Present 1> {0: <lit "tonyg">}>> <ref p>>,
  <rewrite <bind p <compound <rec Says 2> {
    0: <lit "tonyg">,
    1: String
  }>> <ref p>>
]>]] #[oHFy7B4NPVqhD6zJmNPbhg==]>

It is a Macaroon, based on the "root" capability, but with additional restrictions added to it.

To try it out, terminate one of the chat clients, and restart it using the hex form of the attenuated capability:

node -r esm lib/distributed/sandbox.js ../examples/simple-chat.js \
    b4b303726566b10973796e646963617465b5b5b4b3026f72b5b4b30772657772697465b4b30462696e64b30170b4b308636f6d706f756e64b4b303726563b30750726573656e749184b790b4b3036c6974b105746f6e796784848484b4b303726566b301708484b4b30772657772697465b4b30462696e64b30170b4b308636f6d706f756e64b4b303726563b304536179739284b790b4b3036c6974b105746f6e79678491b306537472696e67848484b4b303726566b30170848484848484b210a07172ec1e0d3d5aa10facc998d3db8684

Notice that (a) this new client can't hear anything from its peers and (b) can't send anything either -- until it changes its nickname to tonyg (via /nick tonyg). Then, its peers can hear it. But to allow it to hear its peers, we need to add another option when we attenuate the root capability:

node -r esm lib/tools/attenuate.js \
    b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784 \
    '[<or [
       <rewrite <bind p <compound <rec Present 1> {0: <lit "tonyg">}>> <ref p>>
       <rewrite <bind p <compound <rec Says 2> {0: <lit "tonyg"> 1: String}>> <ref p>>
       <rewrite <bind p <compound <rec Observe 2> {}>> <ref p>>
     ]>]'

The result,

<ref "syndicate" [[<or [
  <rewrite <bind p <compound <rec Present 1> {0: <lit "tonyg">}>> <ref p>>,
  <rewrite <bind p <compound <rec Says 2> {
    0: <lit "tonyg">,
    1: String
  }>> <ref p>>,
  <rewrite <bind p <compound <rec Observe 2> {}>> <ref p>>
]>]] #[FqMH2fgbrM29dQedmuFclg==]>

allows assertion of <Present "tonyg">, transmission of <Says "tonyg" _>, and observation of anything at all in the dataspace, with assertion of <Observe _ _>.

Rerunning the chat client with the hex form of the capability shows off the new behaviour:

node -r esm lib/distributed/sandbox.js ../examples/simple-chat.js \
    b4b303726566b10973796e646963617465b5b5b4b3026f72b5b4b30772657772697465b4b30462696e64b30170b4b308636f6d706f756e64b4b303726563b30750726573656e749184b790b4b3036c6974b105746f6e796784848484b4b303726566b301708484b4b30772657772697465b4b30462696e64b30170b4b308636f6d706f756e64b4b303726563b304536179739284b790b4b3036c6974b105746f6e79678491b306537472696e67848484b4b303726566b301708484b4b30772657772697465b4b30462696e64b30170b4b308636f6d706f756e64b4b303726563b3074f6273657276659284b7848484b4b303726566b30170848484848484b21016a307d9f81baccdbd75079d9ae15c9684