Jens Finkhaeuser

REST, the architecture underlying the web's protocols, has proven its benefits in creating a globe-spanning, decentralized information network. However, REST is showing its age - it was designed when surveillance capitalism, identity theft, information warfare, and other threats were largely hypothetical concerns. Unavoidably, REST leaves many of these issues unaddressed. Best practices fill some gaps, but may not be universally adopted.

The Interpeer Project has been awarded a grant from the Internet Society Foundation for research and development into a next generation architecture that addresses current and future Internet user needs. Such an architecture needs to embrace the strengths of REST, incorporate known best practices, but ideally make worst practices impossible.

This talk presents the issues with REST in some detail and lays out proposed solution sketches. The ideal is to invite participation, however. The 'net needs a wide range of view points to be fixed.

In 2000, Roy Fielding published his dissertation on Representational State Transfer. Fielding had been actively working on the HTTP standards, which were guiding by informal design principles that REST formalizes. The talk will revisit this architectural style to disambiguate it from how the REST term has become applied since.

Much as software freedoms exist, we need to address "internet user freedoms", and their relationship to human rights. Existing internet technology must be evaluated in this light, in how it supports or hinders human rights.

In this presentation, architectural properties and constraints in the REST architectural style will be analyzed, with regards to the previous discussion as well as technical requirements. We will explore additional properties, and their effect on the architectural style.

The talk will also provide background on concrete work already done or underway on this and adjacent topics.

Finally, we'd like to briefly introduce the non-profit organization created to support work on this project. If we are to create a better digital world, we'll need patience and all the help we can get.

The Interpeer Project attempts to provide the technical underpinnings for a human centric next generation internet.

As sensors and compute nodes are now (close to) ubiquitous, it follows that there is no longer a static or traceable relationship between ownership of a physical processing unit and the personal identifiable data it processes.

A future internet architecture must take this into account, whilst respecting and protecting user's privacy and data protection concerns, also from a regulatory point of view. At the same time, sharing data in this proliferation of processing units also favours distributed approaches over the web's decentralised architecture.

This session outlines the future the Interpeer Project envisions, and reports on achieved outcomes to date.

The Web has was designed with sharing of textual information in mind, and has by now outgrown this purpose. In the academic context in which it was conceived, and considering the technical constraints of the time, it made sense to design a centralised protocol for up- and downloading documents to a server managed by an institution or company. The Web has long evolved away from this, and added authentication, authorization and encryption as natural afterthoughts to the original design.

Nowadays, we share more than documents. Our concept of sharing has evolved (for better and worse) from only adding to the public domain to selectively trusting groups or individuals with specific pieces of information.

While services built on web protocols can and have modelled this new concept, it remains difficult to do well. This and financial incentives combined push developers to instead adopt half measures, whereby a central instance - the webserver and its legal owners - act as intermediaries to the process, weakening the sharing model to commercial, state or criminal exploitation.

There are excellent organisations fighting to amend legislations to close such loopholes. The Interpeer Project recognizes that aside from the legal struggles, the practical consideration remains that it is much simpler for developers to build centralised, vulnerable products than those safe by design.

It aims at making safe data sharing applications as easy or easier to build by starting from the ground up, and embedding the security and synchronization concepts for a highly distributed network directly into a new and open protocol stack.

Empowering users in the context of this project means enabling them to do everything they're currently used to and more, but safely and without the strict need for centralised infrastructure.