AskemosProtection

The rights system is the heart of Askemos. We will reason here about one of the two basic axioms.

As always with axioms, the reasoning can't be done "inside" the system (otherwise we would try to violate Gödel's completeness theorem). The first section gives a brief summary of this reasoning, which is expanded in AskemosBackground. The second section introduces a formal (set theoretic) notion of rights, and a formal criterion to sort rights systems into corruptible and incorruptible. Then we argue that "traditional" capability theory is a special case of the Askemos rights system and derive some practical consequences to show the utility.

The principle of inalienable rights

There is a set of rights associated which each individual. (Here an individual might be a person or even a thing).

It is impossible (illegal) to transfer the whole set of rights of one individual to other individuals.

It is immediately clear to human understanding, that there are inalienable rights. At the end of the day nobody can lie to his/her own consciousness. It always tells you the truth even though you might yourself lie to others. Telling you the truth is the very right of your own consciousness and you can't sign that right off at all. Therefore the idea of inalienable rights irrevocably exists in any persons understanding.

In AskemosBackground we will trace back the insight of this anthropological fact in various cultures to proof it being a common ground of mankind, independent of political and cultural differences. For instance Rousseau reasons "The Social Contract Or Principles Of Political Right" (RousseauSocialContract) about the construction of self preserving systems of rights.

The Rules

The principle of the inalienable right and a very basic set theory is the design principle behind the protection handling system of Askemos. No further assumptions which could introduce cultural or historical dependencies are made.

These rules have not yet been translated into web pages. Please see the section "distributed authority" in the paper here for a concise, formal description. (TODO the rule set in the paper should start with the definition of the element/set relationship. This is a stylistic mistake, it doesn't change anything.)

Comparison

The general protection system of Askemos overcomes deficiencies of traditional protection systems as found in operating systems at the market today.

Basically all those protection systems are based on a super power, which can overrule everything, like a king. These hierarchical systems where historically followed by democracies in history, which rely on the logical inversion of the super power, the public right. A public right is mathematically spoken a system invariant. There exists no individual power, which can overrule the public right.

At the other hand an administrative power is often needed for efficiency and it is provided as well, just restricted to a domain rooted in the administrator user.

The protection system layed out here is structured as a set of hierarchies, which can sign their parts off among each other.

A distributed system, where each point of operation is assumed to fail with some probability, requires a protection mechanism which is based on a system invariant. As a welcomed side effect it is impossible to overtake the system in the "traditional" style, where individuals can break into the administrative account of systems and destroy or steal all data.

Capability based schemes (see for instance http://cap-lore.com/CapTheory/index.html ) are sort of a special case of the Askemos protection system. A capability is usually an opaque bit pattern, which are undivisible objects. This leave those systems with the problem of the transfer. To transfer indivisible rights between objects a higher right is required, which eventually contradicts the axiom of the existence on inalienable rights. Except for this transfer problem, which is solved by the replacement of opaque bit patterns through sets, that is divisible objects, all rules apply.

The public right or common code and the taboo

To facilitate communication (i.e., to get any trusted contact between two individuals started first time), a special right is needed, which all individuals do have.

But there is a difference between the public right and the right of the individual. The individual has the right to change it's mind at any time. The public right can not. Therefore the set of rights the place - which represents the public right - has is represented by the difference of this very places (so called "full") right and it's counterpart: the right of the individual.

Within Askemos programs, these two rights are the only well known rights. The function public-oid yields the OID representing the public right, while my-oid yields the symbol for "private".

At any Askemos installation the place with the public oid shows the rules of use under which the particular installation participates in the Askemos. It is always a constant object, or in the context of program execution, it is used as the symbol for "constant".

The counterpart, the right of the individual is the taboo. It is never possible to access that object.

Software Requirements

• there is a separate value space for rights
• robust against known attacks (with possible exemption for denial of service attacks)
• it's impossible to extend rights or derive rights from other values spaces
• work like humans beings assign capabilities among each other
• Detailed design notes.