Sharing is Caring.

2 types of sharing.  Everyone, not everyone.



----
Capabilities.

Having a reference to the thing means you can access the thing.

Different types of references for different permissions.  (Read vs Read+Write vs Write-Only)

----
github gists.

* Public
* Private

Private URLs are "secure" by virtue of being unguessable.

A read capability is implied by possession of the private URL.  This works fine until you give it to one person… then they can give it to everyone.



----
A capability consists of 2 parts.

* The thing
* The capabilities the person has on the thing.

----
What about personalized capabilities.

Now 3 parts:

* The thing
* The capabilities
* The intended actor.



----
Introducing the **share** capability.

Derive new read/write capabilities to give to other people.

Derived cap includes source information.

* The thing.
* The capabilities.
* The originator.
* The intended actor.

Bob gives Alice a share capability.  Alice gives Carol a read capability.

Bob didn't want Carol to have access.  Bob can revoke Carol's cap, or revoke Alice's share cap which revokes all derived caps.