🚀
Fission Whitepaper
🚀
Fission Whitepaper
🚀
Fission Whitepaper
🚀
Fission Whitepaper
Abstract
Introduction
Context
Vision
Core Principles
The Constellation
High Level Architecture
System Foundation
Unified Storage
Digital Scarcity
Portable Compute
Identity
Overview
Keys
DID Document
JWT Authentication
Verifiable Claims
Access Control
Self-Signed Tokens
Capability-Based Authorization
Key Exchange
Immutable Access
Mutable Access
Session Keys
Threshold Access
Key Revocation
File System
Fission File System
Layout
Security
Public Directory
Private Directories
Unlisted Directories
Shared Mutable Access
Dynamic FaaS
Distributed & Edge FaaS
Global
Applications
Shared Mutable State
Intra-Platform Interaction
Conclusion
Recapitulation
Afterward
WIP
Scaling with SCaaS
**Notes to Self**
Powered by GitBook

Capability-Based Authorization

Access control has traditionally been managed by access control lists (ACLs): metadata or database tables that specify which user is allowed to perform which actions. This requires that the application boundary enclose all of the data. In fully centralized systems, this works reasonably well — though it's very error prone to write and maintain, and makes the application itself a target for attackers.

Fission uses correct-by-construction (AKA "capability-based") authorization. This is a trustless method suitable to centralized, decentralized, peer-to-peer, and local-first applications. In essence, it means using raw cryptography to control who has access to what. Rights are granted by the mere fact that someone has the correct decryption key. Rather than have a centralized application handle access control, this is usable everywhere, and under any circumstance.

Fission does not currently link identities, but rather grants shared access control over resources. This is facilitated by key exchange and certificate signing.

​

Access Control - Previous
Self-Signed Tokens
Next - Access Control
Key Exchange
Last updated 4 months ago