On 7/9/24 18:29, Phillip Hallam-Baker wrote:
These are solvable problems, but not easily solvable problems. We could certainly create URIs for network-accessible file systems. We already have protocols (CIFS, NFS, sftp/sshfs) that at least approximate the necessary functionality. The hard problems: (a) making authentication work at scale, without using passwords or anything else that could be copied and reused at all, and with authenticating parties automatically knowing which credentials to use; (b) making access control work at Internet scale, and (c) arranging that when an app is launched to access some remote file, directory, or file system, that file or whatever is accessible to the application via whatever are the normal file access calls for that platform. (making concurrent access to such files work well at Internet scale is also difficult, but the facility would be useful even if such concurrency had to be limited somehow.)
If we are going to build anything new, go to the heart of the matter, Alice wants to share data with Bob, she sends Bob a message 'here have these files'. Now Bob has the access he needs. The only choice for Alice being whether Bob's access is read only or he can edit them.
One problem we have today is that attachments are gobs of data, we really don't have the concept of mailing someone a link that gives them the required access without the need to copy.
I can't open a URI in solidworks, inventor or Word. I can't save a URI to disk.
Why aren't we tackling problems like this? (I have guesses, but suspect it would be counterproductive to reveal them. And I'd actually like for my guesses to be wrong.)
Our present day technology is trapped by the legacy metaphors and assumptions.
Absolutely. I often think how unfortunate it is that the entire
industry is stuck in a 1960s file system and permissions model,
where the notion of "user" or "principal" is tied to a specific
piece of hardware, and there is no system of identities or
credentials that work at Internet scale.
One of the weaknesses of the Internet architectural model as insisted upon by many here is that insisting 'anything can talk to anything' makes it really hard to secure file servers locking them to only be visible to the local network.
Tying access rights to network topology has always been broken. But "anything can talk to anything" should assume "given adequate permissions and credentials".
Keith
