Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(zoe): prepare-ownable-object #8517

Closed
wants to merge 3 commits into from
Closed

feat(zoe): prepare-ownable-object #8517

wants to merge 3 commits into from

Conversation

erights
Copy link
Member

@erights erights commented Nov 9, 2023
edited
Loading

Staged on #8020

Alternative to #8022 with improved support API

closes: #XXXX
refs: #8020 #8022 #8021 #8682

Description

The basic idea of an "ownable object" is to provide general and lower level support for approximately the pattern that vaults implement manually in an adhoc manner: A ownable object is an object with a makeTransferInvitation method that revokes the object itself, in the sense of inactivating it — it no longer provides any authority. Instead, the exclusively transferable portion of its authority is encapsulated by the returned invitation, in an allegedly legible manner. That invitation can be redeemed, via an offer , for a new ownable object in which the transferable authority from the original ownable object is now exercisable.

We call this an "ownable object" since the rights of ownership include

  • the right to exercise (use)
  • the right to exclusively transfer the rights of ownership
  • the right to exclude others from being able to exercise and transfer
  • the ability to legibly offer the exclusive transfer of ownership

Objects are about rights to exercise (use) and share, but not transfer, and not legibly.

ERTP is about legible exclusive transfer but not exercise.

The lifecycle of an ownable object, transmuting between an ephemeral ownable object and an invitation to get a new “equivalent” ownable object, combines all attributes together. But the attributes are never directly present at the same time. That’s why it is the lifecycle that combines these.

This notion of "ownable" and "ownership rights" has strong echoes in programming language notions of "ownership types", "linear types", and "affine types". However, none of these, as far as we are aware, has the two-phase lifecycle of our ownable objects. Nor do they provide for legibility of offers to transfer, which is crucial for secure exchange and offer safety.

See Necessity specifications for robustness

See https://groups.google.com/g/cap-talk/c/9OU9ZNoB3os/m/gXeu2zs4AgAJ?utm_medium=email&utm_source=footer for a useful real-world analogy for the two-phase ownership cycle.

Security Considerations

Must ensure that revocation really denies all further authority from the original ownable object, even from messages that are already in the air but not yet delivered.

Need to verify that the legibility can meet invitation legibility goals.

Scaling Considerations

Switching much usage to revocables and ownables should have big scaling benefits, but this remains to be measured.

Documentation Considerations

Once ready to be used, not only should this be documented, we should be able to simplify several other APIs in ways that should make them more explainable.

Testing Considerations

Need to test the hell out of this.

Upgrade Considerations

The transfer invitations have durable handlers and so are themselves durable and should survive upgrade.

The ownable objects themselves are defined to be durable, so they can survive upgrade.

The prepareOwnableClass should be able to upgrade a conventional object that had previously been defined with prepareExoClass using the same baggage and kindName.

@erights erights self-assigned this Nov 9, 2023
@erights erights mentioned this pull request Nov 9, 2023
Closed
@erights erights force-pushed the markm-virtual-revocables branch from 7573b2e to 9519f5f Compare November 12, 2023 04:51
@erights erights force-pushed the markm-ownable-kit branch 5 times, most recently from bfb67b4 to ccc323d Compare November 12, 2023 06:25
@erights erights force-pushed the markm-virtual-revocables branch from 9519f5f to 79d4099 Compare November 13, 2023 20:50
@erights erights force-pushed the markm-virtual-revocables branch 2 times, most recently from 095c220 to 6e89af8 Compare December 21, 2023 03:43
@erights erights force-pushed the markm-virtual-revocables branch from 6e89af8 to ea0df28 Compare January 11, 2024 21:30
@erights erights force-pushed the markm-virtual-revocables branch from ea0df28 to 92c4196 Compare January 11, 2024 23:56
@erights erights mentioned this pull request Jan 12, 2024
Merged
@erights
Copy link
Member Author

erights commented Jan 12, 2024

Superseded by #8745 , so reverting to draft

@erights erights marked this pull request as draft January 12, 2024 20:44
This was referenced Jan 13, 2024
Merged
Merged
@erights erights force-pushed the markm-virtual-revocables branch from 92c4196 to 55c9fac Compare January 15, 2024 00:15
@erights
Copy link
Member Author

erights commented Feb 3, 2024

Closing in favor of #8745

@erights erights closed this Feb 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@erights erights

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@erights