Posts Tagged ‘Transparency’
[DotSecurity2017] Collective Authorities: Transparency & Decentralized Trust
In the labyrinthine landscape of digital governance, where singular sentinels succumb to sabotage or subversion, the paradigm of collective oversight emerges as a bulwark of resilience and reliability. Philipp Jovanovic, a cryptographer and postdoctoral researcher at EPFL’s Decentralized and Distributed Systems Lab, expounded this ethos at dotSecurity 2017, advocating for cothorities—cooperative clusters that distribute dominion, diminishing dependence on solitary stewards. Drawing from his expertise in provable security and distributed systems, Philipp illustrated how such syndicates safeguard services from time synchronization to software dissemination, fostering proactive transparency that eclipses centralized counterparts in robustness and accountability.
Philipp’s exposition began with authorities’ ubiquity: time servers calibrating clocks, DNS resolvers mapping monikers, certificate issuers endorsing identities—each pivotal yet precarious, vulnerable to breaches that cascade into chaos. A compromised chronometer corrupts certificates’ cadence; a DNS defector diverts domains to deceit. Traditional transparency—audits’ afterthoughts—proves reactive and rife with risk, susceptible to suppression or subversion. Cothorities counter this: constellations of collaborators, each holding shards of sovereignty, converging via consensus protocols to certify collective conduct.
At cothorities’ core lies collective signing: a threshold scheme where k-of-n nodes must concur, thwarting unilateral usurpation. Philipp probed protocols like ByzCoin, blending proof-of-work with practical Byzantine fault tolerance—blocks bolstered by collective endorsements, thwarting 51% sieges. Applications abound: randomness beacons via verifiable delay functions, sharded secrets yielding bias-resistant beacons; decentralized updates where pre-releases procure co-signatures post-verification, ensuring binary fidelity. EPFL’s instantiation—CoSi’s cascade—scales signatures sans synchrony, enabling efficient endorsements for vast validations.
This framework fortifies federated fabrics: software sanctums where binaries bear blockchain-like blessings, users verifying via viewer tools. Philipp’s prototype: Update Cothority, developers dispatching drafts, nodes nurturing builds—collective attestation attesting authenticity. Scalability’s symphony: logarithmic latencies, sub-minute settlements—throughput trouncing Bitcoin’s bottleneck.
Cothorities’ creed: decentralization’s dividend, transparency’s triumph—authorities augmented, trust atomized.
Singular Sentinels’ Susceptibility
Philipp parsed perils: time’s tampering topples TLS; DNS’s duplicity dupes domains. Audits’ inadequacy: reactive, repressible—cothorities’ corrective: syndicates’ synergy, threshold’s thwarts.
Protocols’ Pantheon and Applications’ Array
ByzCoin’s blend: PoW’s prelude, PBFT’s pact—CoSi’s cascade, sharding’s shards. Randomness’ radiance: beacons’ bias-bane; updates’ utopia: co-signed sanctity.
Links:
[DevoxxFR2013] JCP & Adopt a JSR Workshop
Lecturer
Patrick Curran chairs the Java Community Process (JCP), overseeing membership, processes, and Executive Committee. With over 20 years in software, including 15 at Sun, he led Java Conformance Engineering and chaired related councils. Active in W3C and OASIS.
Arun Gupta directs Developer Advocacy at Red Hat, focusing on JBoss Middleware. A Java EE founding member at Sun, he drove global adoption; at Oracle, he launched Java EE 7.
Mike Seghers, an IT consultant since 2001, specializes in Java enterprise web apps using frameworks like Spring, JSF. Experienced in RIA and iOS, he engages developer communities.
Abstract
Patrick Curran, Arun Gupta, and Mike Seghers’s workshop guides joining the Java Community Process (JCP) and participating in Adopt-a-JSR. They explain membership, transparency, and tools for JUG involvement like hackathons. Focusing on Java EE 8, the session analyzes collaboration benefits, demonstrating practical contributions for standard evolution.
Understanding JCP: Membership and Participation Pathways
Curran outlines JCP membership: free for individuals via jcp.org, requiring agreements; paid for corporations/non-profits ($2,000-$5,000). Java User Groups join as associates, nominating representatives.
Adopt-a-JSR encourages JUGs to engage JSRs: review specs, test implementations, provide feedback. This democratizes development, ensuring community input.
Gupta details Java EE 8 focus: HTML5, cloud, modularity. Adopt-a-JSR aids via mailing lists, issue trackers, wikis.
Practical Engagement: Tools and Initiatives for Collaboration
Tools include mailing lists for discussions, JIRA for bugs, GitHub for code. JUGs organize hack days, building samples.
Seghers demos Belgian JUG’s app: uses JSF, EJB, JPA for urban travelers game. Source on GitHub, integrates WebSockets.
This hands-on approach educates, uncovers issues early.
Case Studies: Global Adopt-a-JSR Impact
Examples: London JUG’s multiple JSR contributions; SouJava’s CDI focus; Morocco JUG’s hackathons. Chennai JUG built apps; Egypt JUG presented at conferences.
These illustrate visibility, skill-building, influence on standards.
Broader Implications: Enhancing Transparency and Community
JCP 2.8 mandates open Expert Groups, encouraging participation. Adopt-a-JSR amplifies this, benefiting platforms via diverse input.
Curran urges minimal commitments: feedback, testing. Gupta highlights launch opportunities.
Workshop fosters collaborative ecosystem, strengthening Java’s future.