Capabilities & Identity with Leaf
The most challenging point in this list is decentralized identity, so most of this article will be focused on how we plan to deal with identity for our first Leaf application, Weird.
While Meadowcap isn't exactly an object capability (ocap) system - because its concept of resources to be accessed is separate from its concept of the identity that is doing the accessing - it is still a capability system with many of the same advantages.
These capabilities are designed to work even in a local-first, peer-to-peer scenario, so by default they cannot be revoked. Instead you are able to set an expiration time on the capability if desired.
Expiring capabilities are good for some use-cases, but sometimes you really want to be able to revoke access whenever you want, and for that there's a nifty trick we can use.
By using FROST signatures, we can grant a capability to a public key that requires multiple signatures in order to use. One signature can be done by our Co-Signing Server, and the other signature is done by the person who is given access.
/cdn.vox-cdn.com/uploads/chorus_asset/file/24016886/STK093_Google_03.jpg)
