User Controlled Authorization Network (UCAN) is a trustless, secure, local-first, user-originated authorization scheme. It enables users to delegate permissions without requiring a centralized authority, putting control back in the hands of users while providing cryptographically verifiable, delegable, and openly extensible capabilities.
UCAN was built with the belief that authorization systems should empower users without compromising privacy or requiring trust in central authorities. UCAN's approach ensures that users maintain complete control over their permissions and data through public-key verifiable, delegable authority chains — no matter the connectivity status or network conditions.
User Control: Users maintain complete control over their authorizations. All permissions are user-originated and can be revoked at any time.
Cryptographic Security: All authorizations are cryptographically signed and verifiable, ensuring that permissions cannot be forged or tampered with.
Decentralized: No central authority is required for authorization verification. The system operates in a completely distributed manner with partition tolerance.
Local-First: UCANs are self-validating and work without an internet connection, enabling authorization even in disconnected or eventually consistent environments.
Composable: UCANs can be delegated and attenuated to create complex authorization flows while maintaining security guarantees through cryptographic proof chains.
UCAN leverages proven cryptographic primitives and standards to ensure maximum security and interoperability:
UCAN is designed to be standards-compliant and interoperable with existing web and distributed systems technologies. It builds on established protocols including CBOR, DIDs, and content-addressed data structures, and can be integrated into traditional cloud systems as well as peer-to-peer architectures.
UCAN is developed and maintained by a working group of security experts, cryptographers, and distributed systems engineers. The specification is open-source and community-driven, ensuring transparency and broad adoption.
We welcome contributions from the community and are committed to making UCAN the standard for decentralized authorization. If you're interested in contributing or have questions, please visit our GitHub repository or join our community discussions.