Notes on [Michael Doyle]'s dot''Nyet'' talk at [Tcl2008]. "Exploit a handful of uniquely Tcl-powered technologies to provide as simple yet powerful platform for the easy development and safe deployment of secure platform-agnostic distributed Tcl applications over untrusted networks." Tcl-powered technologies: * [PoliTcl] (inspired by the [Stargus] project) * [Cryptkit] * [Tequila] PoliTcl: * extracted and abstracted from the [Tcl plugin] * policies associated with mobile code * custom-tuned sandboxes (limit access to host computer) * host protected against malicious code (allow authenticated trusted code freedom to access resources) Crypkit: * Tcl binding to Cryptlib toolkit * allows dotNyet to tap into best-of-breed facilities for: file encryption, communication channel encryption, data integrity certification, user/code authentication Tequila: * developed by [jcw] * messaging and control layer for distributed processing * treats the network as a data bus * share data and computations transparently * client applications propagate [RPC]s and program events through pools dot''Nyet'' born of late night conversations between [Michael Doyle] and [Steve Landers]: * allows a safe and secure environment * applications span multiple locations * components move freely among locations * tap into selected resources across the network * Illustration: the Scatclogic approach Scatclogic (name proposed by [SEH]): * Scattered Tcl Logic (scatalogical references aside) * pull together teams without cross-vendor incompatibilities and tie-ins * leverage and build upon existing infrastructure investment * work with familiar tools Steps: 1. code snippet created in native app interface ("code snippet" refers to some piece of user created creative content, i.e., a paragraph in a word processor, formula in a spreadsheet, etc.) 1. snippet extracted into the Tcl application layer 1. signed by the appropriate cryptographic keys (via cryptkit) 1. multicast out to all attached clients (via tequila) 1. creator's public key is used to authenticate (via cryptkit) 1. policy (bound to creator's public key) is invoked: mediates who can see, edit or execute the code (via PoliTcl) 1. for authorized users, tcl code is pre-processed 1. remaining (or output) code inserted into each target user's native application interface 1. code executed by the native application Proof of Concept: "Tcl Between the Sheets": * 3 users * user 1 sets permissions for range cells * user 2 gets r,x permission and user 3 gets r,w,x * permission specs determine the ranges: a policy automatically generated (or modified) and stored on the server * users open the spreadsheet project * user 1 enters a formula into a cell * formula encrypted by user 1's private owner key, and the policy's group (public) key * server decrypts the formula via the group private key * authenticates code via author's public key * the server re-encrypts code via policy private key and the group's "r" sub-key * server signs code with remaining group subkeys (x,w) [["x but not r" treated specially]] * code multicast via the Tequila shared array * each client examines keys and signatures (to determine actions based on permissions) * actions performed on the code * result of any Tcl pre-processing inserted into spreadsheet [[this is where "x but not r" special handling would occur]] * spreadsheet executes the formula, and propagates recalculations throughout spreadsheet This design allows for cross-brand application synchronization. Could be easily generalized to allow many other application types, such as: * Poor man's grid computer * turn a native word processor into a wiki environment * marshal vast computing and visualization resources in a rich collaborative network environment Question about speed/performance; answer: The intent is to make it feel virtually realtime; achievable on the same subnet of a LAN, further research needed over wider Internet. ---- <> Tcl 2008 Conference Talks | Tcl Browser Plugin