Notes on Michael Doyle's dotNyet talk at Tcl2008.
"Exploit a handful of uniquely Tcl-powered technologies to provide as simple yet powerful platform for the easy development and safe deployment of secure platform-agnostic distributed Tcl applications over untrusted networks."
Tcl-powered technologies:
PoliTcl:
- extracted and abstracted from the Tcl plugin
- policies associated with mobile code
- custom-tuned sandboxes (limit access to host computer)
- host protected against malicious code (allow authenticated trusted code freedom to access resources)
Crypkit:
- Tcl binding to Cryptlib toolkit
- allows dotNyet to tap into best-of-breed facilities for: file encryption, communication channel encryption, data integrity certification, user/code authentication
Tequila:
- developed by jcw
- messaging and control layer for distributed processing
- treats the network as a data bus
- share data and computations transparently
- client applications propagate RPCs and program events through pools
dotNyet born of late night conversations between Michael Doyle and Steve Landers:
- allows a safe and secure environment
- applications span multiple locations
- components move freely among locations
- tap into selected resources across the network
- Illustration: the Scatclogic approach
Scatclogic (name proposed by SEH):
- Scattered Tcl Logic (scatalogical references aside)
- pull together teams without cross-vendor incompatibilities and tie-ins
- leverage and build upon existing infrastructure investment
- work with familiar tools
Steps:
- code snippet created in native app interface ("code snippet" refers to some piece of user created creative content, i.e., a paragraph in a word processor, formula in a spreadsheet, etc.)
- snippet extracted into the Tcl application layer
- signed by the appropriate cryptographic keys (via cryptkit)
- multicast out to all attached clients (via tequila)
- creator's public key is used to authenticate (via cryptkit)
- policy (bound to creator's public key) is invoked: mediates who can see, edit or execute the code (via PoliTcl)
- for authorized users, tcl code is pre-processed
- remaining (or output) code inserted into each target user's native application interface
- code executed by the native application
Proof of Concept: "Tcl Between the Sheets":
- 3 users
- user 1 sets permissions for range cells
- user 2 gets r,x permission and user 3 gets r,w,x
- permission specs determine the ranges: a policy automatically generated (or modified) and stored on the server
- users open the spreadsheet project
- user 1 enters a formula into a cell
- formula encrypted by user 1's private owner key, and the policy's group (public) key
- server decrypts the formula via the group private key
- authenticates code via author's public key
- the server re-encrypts code via policy private key and the group's "r" sub-key
- server signs code with remaining group subkeys (x,w) ["x but not r" treated specially]
- code multicast via the Tequila shared array
- each client examines keys and signatures (to determine actions based on permissions)
- actions performed on the code
- result of any Tcl pre-processing inserted into spreadsheet [this is where "x but not r" special handling would occur]
- spreadsheet executes the formula, and propagates recalculations throughout spreadsheet
This design allows for cross-brand application synchronization. Could be easily generalized to allow many other application types, such as:
- Poor man's grid computer
- turn a native word processor into a wiki environment
- marshal vast computing and visualization resources in a rich collaborative network environment
Question about speed/performance; answer: The intent is to make it feel virtually realtime; achievable on the same subnet of a LAN, further research needed over wider Internet.