|
|
@@ -51,7 +51,7 @@ that only authorized users can read and optionally write to the block.
|
|
|
Users and nodes in the blocktree system are identified by hashes of their public keys. These hashes
|
|
|
are referred to as principals, and they are used for setting access control policy.
|
|
|
|
|
|
-This paper is intended to be short introduction to the ideas of blocktree. A book is planned which
|
|
|
+This paper is intended to be a short introduction to the ideas of blocktree. A book is planned which
|
|
|
will specify the system in greater detail. In keeping with the agile software methodology, this
|
|
|
book is being written concurrently with an open source implementation of the system.
|
|
|
The remainder of this paper is organized as follows:
|
|
|
@@ -117,7 +117,12 @@ that leads back to the owner of the blocktree. The owner may delegate their trus
|
|
|
of intermediaries by issuing them writecaps. These writecaps are scoped based on the path
|
|
|
specified when they are issued. These intermediaries can then delegate this trust as well.
|
|
|
A block is considered valid if it contains a valid writecap, it was signed using the key
|
|
|
-corresponding to the first writecap's public key, and this signature is valid.
|
|
|
+corresponding to the first writecap's public key, and this signature is valid. Note that because
|
|
|
+the first component of the path is the fingerprint
|
|
|
+\footnote{By \emph{fingerprint} I mean the base64url encoding of the root principal, which is
|
|
|
+itself a hash of the root public key.}
|
|
|
+of the root public key, and the path is contained
|
|
|
+in the block, a block can be verified using only information contained within it.
|
|
|
|
|
|
Blocks are used for more than just organizing data, they also organize computation. A program
|
|
|
participating in a blocktree is referred to as a node. Multiple nodes may be run on
|
Matthew Carr