_notes/UCAN.md at cadcedf6ded0782eff00d38a0d6cdeb15c8ef9d1 · bmann.ca/bmannconsulting.com

The bmannconsulting.com website
bmannconsulting.com / _notes / UCAN.md
at cadcedf6ded0782eff00d38a0d6cdeb15c8ef9d1 2.6 kB view raw view rendered
 1---
 2github: https://github.com/ucan-wg
 3discord: https://discord.gg/zSfgeHhKxA
 4tags:
 5  - protocol
 6  - capabilities
 7---
 8User Controlled Authorization Networks
 9
10Developed at [[Fission]] by [[Brooklyn Zelenka]]. See [[Capabilities Adoption]]
11
12> User Controlled Authorization Networks (UCANs) are decentralized, [capabilities model](https://en.wikipedia.org/wiki/Capability-based_security) authorization tokens.
13> 
14> UCAN is a trustless, secure, local-first, user-originated authorization and revocation scheme. UCAN is designed to be very flexible: you can use it offline, online, fully P2P, federated, or with central servers.
15> 
16> Please see the [specs](https://github.com/ucan-wg/spec/) for more detail on implementation.
17> 
18> If you're interested in contributing to the development of UCANs, check out the [GitHub Discussions](https://github.com/ucan-wg/spec/discussions). Introduce yourself and your project, and what you're looking to do with UCANs, and join the next community call to meet others. The [Discord server](https://discord.gg/zSfgeHhKxA) is low volume and high signal, feel free to drop in.
19
20## Spec
21
22See <https://github.com/ucan-wg/spec>
23
24### Abstract
25
26User-Controlled Authorization Network (UCAN) is a [trustless](https://blueskyweb.xyz/blog/3-6-2022-a-self-authenticating-social-protocol), secure, [local-first](https://www.inkandswitch.com/local-first/), user-originated, distributed authorization scheme. This document provides a high level overview of the components of the system, concepts, and motivation. Exact formats are given in [sub-specifications](https://github.com/ucan-wg/spec#sub-specifications).
27
28### Introduction
29
30User-Controlled Authorization Network (UCAN) is a [trustless](https://blueskyweb.xyz/blog/3-6-2022-a-self-authenticating-social-protocol), secure, [local-first](https://www.inkandswitch.com/local-first/), user-originated, distributed authorization scheme. It provides public-key verifiable, delegable, expressive, openly extensible [capabilities](https://en.wikipedia.org/wiki/Object-capability_model). UCANs achieve public verifiability with late-bound certificate chains and principals represented by [decentralized identifiers (DIDs)](https://www.w3.org/TR/did-core/).
31
32UCAN improves the familiarity and adoptability of schemes like [SPKI/SDSI](https://theworld.com/~cme/html/spki.html) for web and native application contexts. UCAN allows for the creation, delegation, and invocation of authority by any agent with a DID, including traditional systems and peer-to-peer architectures beyond traditional cloud computing.