I saw mention of Willow above, referring to the sync protocol. Creating this topic to make mention of Meadowcap, Willow’s implementation of object capabilities. @andr
See also description of Willow at Malleable Systems forum: The Willow Protocol.
3 Likes
I’m planning to expand on the following ideas in a wiki entry/blog post, but for now I wanted to briefly mention that I’ve been spending lots of time trying to reason about how local-first data synchronization could be nicely integrated into Goblins. The idea I’ve become a bit obsessed with is presented with the term “Orthogonal Synchronization” (This whole blog post is a great read). My interpretation of orthogonal sync is that it allows the programmer to annotate individual slots in an object to add in some sort of version control system that works behind the scenes. Such a system could support “deterministic sync” a la Willow and other CRDT projects, and also more traditional version control systems like Pijul or git. Also, as a result of Lisp’s “code as data” design, this could possibly offer a method of upgrading object behaviors, while keeping everything tracked by VCS, making rollbacks and such simple.
Trying to embed data sync at the slot level might end up causing more problems than it solves, compared to representing namespaces as separate objects, but it’s certainly fun to daydream about.
These idea’s relate to Meadowcap because ideally the capability model backing such a data sync system would use the same capability system that handles message passing. At it’s core Willow and most data sync systems are message-based, and it feels like it should be possible to represent a Willow namespace as a Goblins object, in a way that also plays nice with the existing Goblins security model. The one possibly problematic area I’m aware of is that Willow’s capabilities are able to be expressed within ranges of time, e.g. write access based on timestamps, which is interesting, and I’m not sure how these idea’s could map to the Goblins world. Would love to hear more from ppl that know more about Goblins’ cryptography and capabilities!
Btw, thanks for linking the Malleable Systems forum, lots of interesting posts there 
1 Like
It appears that Meadowcap makes a very common mistake.
The implementation relies on signature schemes again. Consider Alfie and Betty, each holding a key pair. Alfie can mint a new capability for Betty by signing his own capability together with her public key.
By using “her public key” the system makes tracking trivial. In a system that better protects privacy, each capability should be tied to a unique key pair created for just that purpose. I would change that text to say
The implementation relies on signature schemes again. Consider Alfie and Betty, each able to create many key pairs. Alfie can mint a new capability for Betty by signing his own capability together with a public key Betty has created for this purpose…
3 Likes