Zooko O'Whielacronx wrote: > > My point is that we have this problem not because we used the > capability access control model, but because we made sharing maximally > easy in the first version of the user interface, and now we need to > figure out how to make sharing less easy, or more context dependent, > or something.
Yeah. The idea of having distinctive prefixes like "URI:DIR2-RO" and "URI:DIR2" was to give the cut-and-pasting person something to look for, to see what exactly they're about to share. But those prefixes are pretty hard to spot, especially when you're pasting a 143-character string. Shorter caps could help here, as would making the "type" portion of the cap more visible (which depends upon what sort of URIs we're creating.. if they have to start with "tahoe:" then perhaps the type could be in caps, so "tahoe:RO-DIR" vs "tahoe:DIR" ?). But as Zooko and others point out, it's really about front-end functionality. Tahoe's filecaps are great low-level primitives to work with: easy to understand (especially for programs), with clear semantics. But they're a hassle for humans to see and manipulate correctly. Tahoe's web interface (the "WUI") is really bare-bones: when I show it to people, I explain it as an "engineering interface" that's mainly used to check on what your other "real" frontends are doing. It's not something you'd want to actually use. Allmydata customers had the JS-based frontend that made things much prettier (and, incidentally, only provided sharing through a highly-centralized server-based tinyurl scheme). A better frontend, potentially written in JS and served via tahoe's public_html/ feature, would not show filecaps in the URL bar or encourage cutting caps out of the HTML page. Each object that could be shared would have a pair of icons next to it: a green one for readcap, and a red one for writecap. Dragging that icon to some other application would result in a copied filecap. Even better, Tahoe could have some built-in secure sharing mechanism, so you'd drag the file icon to the picture-of-your-buddy icon, and cryptographic mechanisms unseen would convey it to the user of your choice with confidentiality, integrity, and even limited revocability (which would help the cases when you dragged the red icon instead of the green one). I'm slowly prototyping a secure-sharing scheme for some other (mozilla) projects.. if I get something working that would make sense for Tahoe, I'll post details here. cheers, -Brian _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
