XML/X - part IV - The Bridge

R. A. Hettinga rah@shipwright.com
Tue, 2 Apr 2002 09:46:14 -0500

--- begin forwarded text

Status:  U
Date: Tue, 2 Apr 2002 09:11:59 -0500 (EST)
From: Ian Grigg <iang@systemics.com>
To: xml-api@intertrader.com
Subject: XML/X - part IV - The Bridge
Cc: dbs@philodox.com, dgcchat@goldmoney.com
Reply-To: iang@systemics.com
Sender: <dbs@philodox.com>
List-Subscribe: <mailto:dbs-on@philodox.com>

Consider these two factoids:

   * The insider has total access to your metal system.

   * Over half of all fraud is conducted by insiders.

Users thusly have a vested, desparate, financially acute
interest in knowing in detail what their insiders (those
who have access to the computer system) are up to.

There are some things that can be done to slow down the
enterprising insider.

But, let's skip the hyperbole and cut to the chase.
There is actually very little that can be done to put
together a really good web system that monitors the
accounts, the transactions and the float and protects

Unfortunately (for web money systems), the mantle of
strong electronic governance belongs to digital cash,
a.k.a. DBS, a.k.a., financial cryptography.

The reason for this is simply that the web browser
simply doesn't have the grunt to be able to audit
the server.  And never will, it's just a task beyond
it.  As web-based systems assume the web browser, they
are rather stuck with the governance capabilities of
the web:  nothing worth writing home about.

The only way you can properly govern any server is to
push the information out in cryptographically strong
terms to a skeptical public of unpaid auditors (a.k.a.
users and programs).  That means using a downloaded
program, a digital cash protocol, and a trusted platform
of some sort to run the audit calculations.

But here's the dilemma: as the market dictates that
web-users do not download programs, such power systems
are rather stuck with being locked out of the market.
And the market is stuck with being locked out of a
well governed system.  This dilemma has befuddled the
brightest and bestest in the field for some time.

We now have a solution.  At least, in the sense of
the planning of Rome rather than the building of it.

XML/X (as we discussed in previous rantlets) allows
a backend to serve up web-style payments and account
management in a nice programmable interface.  An XML/X
server concentrates on not losing transactions and
leaves the pretty parts of the business to someone
with the right image.

The XML/X server doesn't by itself provide any more
governance than another web-based server solution.
Unless that is, the XML/X server deals in an underlying
digital money directly.  In which case, it outsources
large parts of its governance equation into the strong
world of financial cryptography.

Here is how we can do it.  The website, or XML/X
frontend, stays the same as before, it just packages
up user commands into XML/X.

The XML/X server takes those commands and interprets
them not as a series of double entry accounts to be
kept, but as instructions to pass onto an underlying
digital cash system.

In slightly more technical terms, the XML/X server
can create an account within the digital cash world
when told to do so, and can transfer from one of
its captive accounts to another, mirroring the
instructions of the user.  The underlying cash system
is the one that keeps the accounts, not the XML/X
server, which is now "relegated" to the role of an
intermediate or middleware server.

Perhaps a picture will help.  This one is refined a
little more than the above, because it assumes a
particular digital cash system, but ignore that for

           BrowserLand                    Power Users
           Alice and Bob                  Dave and Carol

          O     0      O      0           (___)    (___)
          +     |      +      |             |WebFunds|
          +     v      +      v             |        |
       +---------------------------+        |        |
       |  +----+   +----+   +----+ |        |        |
       |  |SSL |   |Web |   |Site| |        |        |
       |  +----+   +----+   +----+ |        |        |
       |                           |        |        |
       |-XML/X--XML/X--XML/X--XML/X|        |        |
       |                           |        |        |
       |     middleware server     |        |        |
       |                           |        |        |
       |  (_)  (_)  (_)        (_) |        |        |
       |   | SOX|    | Accounts |  |        |        |
       +---|----|----|----------|--+        |        |
           |    |    |          |           |        |
           |    |    |          |           |        |
           |    |    |          |           |        |
    ||                                                 ||
    ||                Digital Cash Layer               ||
    ||                                                 ||

What does all this achieve?

The server can now be audited by the users *and* by
the digital cash operator.  The user may not be able
to cryptographically audit the middle, but the bottom,
if well constructed, can provide a view as to what
the middle is doing.  (One of the requirements of a
good digital cash system is that the server can prove
what its users are up to, in the case of dispute.)

Alongside the "squeeze" that our new middleware server
finds itself in is the phalanx of power users at the
side, those users who have both the downloaded program
and accounts at the middle.  With sufficient integration,
it is possible for Dave and Carol to move funds in and
out of the XML/X server and thus provide a check on the
ability of the server to respond.  It's even possible
for the server to offer a migration and backup path
so that users can at any time run auditing on their
own accounts, if they desire.

This arrangment doesn't *solve* the fundamental
governance failure of web money systems, but it
goes a long long way towards putting in place an
infrastructure that helps.  As there is not a lot of
competition in web money governance to date, such a
plan does in fact result in a quantum leap in safety
of your money.

Which just leaves implementation, and the minor issue
of what this all has to do with XML/X.

The solidity of the XML/X innovation, as discussed at
length previously, makes this middleware architecture
workable.  If it wasn't for the availability of this
interface, we would have a lot more difficulty in
defining how to build the new governance architecture
described above.

The interface has allowed us to carve out the job and
hand it out to the teams.  A demo website is more or
less complete, and we can now contract quality teams
to turn that unpretty blueprint into a work of art.  For
the underlying digital cash mechanism, we (of course)
are using Ricardo.  The middleware XML/X system is being
worked on by WebFunds programmers with a clear mission:
turn XML/X into SOX.

Once complete, we will have bridged the digital currency
world with the web-money world.  And, hopefully, created
a hybrid that brings the best of both together:  the
convenience of the web money world married to the strong
governance of the digital cash world.

I think that this is an extraordinarily good idea.  If
you have lasted this distance in reading these 4 parts
of a rant on XML/X, then I'm hoping you agree!

X - X - X - X - X - X - X - X - X - X - X - X - X

More info on XML/X              http://www.xml-x.org/

Financially Interested:
1st Penguin to use XML/X?:      http://www.1mdc.com/
CashBox aims to do them all:    http://www.intertrader.com/
Another XML transfer interface: http://www.goldmoney.com/
A Prime Beneficiary:            http://www.cambist.com/

Vaguely Relevent:
What is Financial Cryptography? http://www.iang.org/papers/fc7.html
Ricardo, a digital cash system: http://www.systemics.com/docs/ricardo/
WebFunds, downloadable auditor: http://www.webfunds.org/

--- end forwarded text

R. A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA

The IBUC Symposium on Geodesic Capital
April 3-4, 2002, The Downtown Harvard Club, Boston
<mailto: rah@ibuc.com> for details...

"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'