Ucan

User Controlled Authorization Networks

Developed at Fission by Brooklyn Zelenka. See Capabilities Adoption

User Controlled Authorization Networks (UCANs) are decentralized, capabilities model authorization tokens.

UCAN is a trustless, secure, local-first, user-originated authorization and revocation scheme. UCAN is designed to be very flexible: you can use it offline, online, fully P2P, federated, or with central servers.

Please see the specs for more detail on implementation.

If you're interested in contributing to the development of UCANs, check out the GitHub Discussions. Introduce yourself and your project, and what you're looking to do with UCANs, and join the next community call to meet others. The Discord server is low volume and high signal, feel free to drop in.

Spec

See https://github.com/ucan-wg/spec

Abstract

User-Controlled Authorization Network (UCAN) is a trustless, secure, local-first, user-originated, distributed authorization scheme. This document provides a high level overview of the components of the system, concepts, and motivation. Exact formats are given in sub-specifications.

Introduction

User-Controlled Authorization Network (UCAN) is a trustless, secure, local-first, user-originated, distributed authorization scheme. It provides public-key verifiable, delegable, expressive, openly extensible capabilities. UCANs achieve public verifiability with late-bound certificate chains and principals represented by decentralized identifiers (DIDs).

UCAN improves the familiarity and adoptability of schemes like SPKI/SDSI for web and native application contexts. UCAN allows for the creation, delegation, and invocation of authority by any agent with a DID, including traditional systems and peer-to-peer architectures beyond traditional cloud computing.