docs: closely held vs widely held

Agoric · Oct 23, 2024 · ca459c3 · ca459c3
1 parent 6e2685c
commit ca459c3
Showing 1 changed file with 18 additions and 4 deletions.
diff --git a/main/guides/js-programming/hardened-js.md b/main/guides/js-programming/hardened-js.md
@@ -79,6 +79,20 @@ e.g., only giving the `entryGuard` the ability to increment the counter.
 
 This limits the damage that can happen if there is an exploitable bug.
 
+### Widely Shared vs. Closely Held
+
+#### Widely Shared Resources
+
+In the context of Agoric's object capability model, "widely shared" refers to resources or capabilities that are accessible to a large portion of the code within a system. For example:
+
+- **agoricNames**: This component serves as a read-only name service, which means it can be accessed by most parts of the system. Since it only allows data to be read and not modified, it poses minimal risk and can be safely made widely available.
+
+#### Closely Held Resources
+
+On the other hand, "closely held" resources are restricted and only accessible to specific parts of the system that require them to function effectively:
+
+- **agoricNamesAdmin**: Known as the write facet of the name service, this component allows modifications to the data in `agoricNames`. Given its capability to alter critical system data, access to `agoricNamesAdmin` is limited to only those parts of the system that have a legitimate need for write access. This precaution helps to prevent potential misuse or errors that could compromise the system.
+
 ::: tip Watch: Navigating the Attack Surface
 to achieve a _multiplicative_ reduction in risk. _15 min_<br />
 
@@ -322,7 +336,7 @@ const makeCounter = init => {
     incr: () => {
       value += 1;
       return value;
-    }
+    },
   };
 };
 ```
@@ -388,7 +402,7 @@ const makeMint = () => {
   const ledger = makeWeakMap();
 
   const issuer = harden({
-    makeEmptyPurse: () => mint.makePurse(0)
+    makeEmptyPurse: () => mint.makePurse(0),
   });
 
   const mint = harden({
@@ -406,11 +420,11 @@ const makeMint = () => {
           const newPurse = issuer.makeEmptyPurse();
           newPurse.deposit(amount, purse);
           return newPurse;
-        }
+        },
       });
       ledger.set(purse, initialBalance);
       return purse;
-    }
+    },
   });
 
   return mint;