Miller addresses a central tension in decentralized systems: how to maintain safety while remaining open to strangers. He recapitulates the object-capability model (only connectivity begets connectivity), then builds beyond it with the Horton protocol, which adds accountability for requests, responses, and introductions without modifying the underlying capability system. He presents a four-level intermediation taxonomy – from bilateral logging through three-party vouching to multi-attestor corroboration – as a design space for trust architectures. The talk is honest about remaining problems: pure capability systems cannot welcome strangers, and the cold-start trust problem remains open.
Safety and openness are architecturally opposed defaults. Centralized identity-based systems (Access Control Lists) enable reactive safety through naming and permission revocation but are vulnerable to censorship. Object capabilities enable proactive safety through reference-graph scoping but are inherently anonymous. Miller argues these are incompatible starting points, not complementary tools – you must choose a foundation and layer the other on top.
Only connectivity begets connectivity. The object-capability model’s central invariant: two objects with no reference path between them cannot affect each other. New authority enters the system only through introduction (an existing participant passes a reference), parenthood (a creator holds the sole initial reference), endowment (a creator shares its own references), or initial conditions. This invariant makes security analysis tractable because the reference graph is the access graph.
The car key analogy grounds capability intuition. A physical key simultaneously designates a car, provides the means to operate it, and confers the right to operate it. It transfers without involving any central authority. It can be revoked by changing the locks. Possession is sufficient; identity is not required. This is the capability model in physical form – and it illustrates both the strength (proactive safety) and the limitation (no inherent accountability) that Horton addresses.
Four levels of intermediation form a trust design space. Two-party: bilateral logging, no tiebreaker. Three-party: a platform vouches for both sides (Uber model), but platform independence is questionable. Four-party: multiple independent attestors achieve name integrity through corroboration (Secure Scuttlebutt model), resisting censorship. Horton: a protocol layer that holds participants accountable for requests, responses, and introductions, combining capability-based authority with identity-based responsibility.
Horton separates authority delegation from responsibility delegation. Existing capability systems support delegating authority (Alice gives Bob the car key). Existing identity systems support assigning responsibility (the DMV records who owns the car). Horton combines both: the car key transfers with accountability metadata so Bob becomes responsible for how he uses the authority Alice delegated. The protocol is interposed between existing capability objects without modifying either the objects or the underlying capability foundations.
Federated systems need proactive safety more than centralized ones. A centralized platform can impose reactive measures (banning, content removal) globally. A federated system cannot – there is no single operator. This makes structural prevention of unauthorized actions (the capability model’s strength) the primary defense mechanism for federated architectures. Miller argues this is why ActivityPub and similar protocols should adopt capability patterns rather than relying on instance-level blocking.
The cold-start problem remains unsolved. Pure capability systems cannot welcome strangers. “Only connectivity begets connectivity” means outsiders have no path into an existing trust network. Publicly open inboxes reintroduce spam. Cost mechanisms (CAPTCHAs, proof-of-work) are partial mitigations. Miller does not claim to solve this; he identifies the boundary of what capabilities can achieve and what requires additional mechanisms.
The Granovetter diagram bridges social and computational analysis. Miller adapts Mark Granovetter’s sociological tool for analyzing how interpersonal introductions change network topology to the analysis of capability reference graphs. The same notation describes both human social networks and computational authority relationships, supporting cross-domain reasoning about trust and authority.
“So today, let’s talk about architectures for creating decentralized social networks that are both robust against attacks and open to strangers.”
“Object capabilities have the slogan: only connectivity begets connectivity. If you have two isolated subgraphs, they remain forever isolated because no one can introduce them.”
“What we need to do is separate the granularity at which we grant permission – which wants to be as fine-grained as possible – from the granularity at which we assign responsibility for bad actions.”
“The key thing about identity-based access control is all access decisions are rooted in the question, ‘Who are you?’ […] The strength of this paradigm is its support for reactive damage control, but the problems make it very poor at proactively building safe arrangements.”
“A smart contracting fabric can enable those benefits at tiny costs, at incredibly tiny costs – by eight orders of magnitude.”
This talk is Miller’s only recorded presentation of the Horton protocol applied to federated social networks. It influenced the Spritely project’s adoption of object capabilities for the fediverse, with the Spritely Goblins framework implementing Horton-style accountability layers. The intermediation taxonomy provided a design framework for comparing trust architectures in decentralized systems. Within the garden’s Agentic Architecture domain, the talk extends the foundational capability work of Miller (2006) and Miller, Tulloh, and Shapiro (2005) into the domain of social trust and multi-party accountability – directly relevant to how human-agent delegation should handle accountability for autonomous actions.
The talk covers decades of capability research in 77 minutes, necessarily compressing some arguments. The cold-start problem is identified but not resolved. The practical challenge of retrofitting capability patterns onto ActivityPub’s existing HTTP-based server federation model is not addressed.