[cap-talk] Re: "capabilities" as data vs. as descriptors - OS
security discussion, restricted access processes, etc.
alan.karp at hp.com
Mon May 3 14:27:29 EDT 2004
Jed Donnelley wrote:
> Even in a "system" that supports such restricted communication
> I believe there is a need to provide essentially open services. How
> do you imagine Web services will be provided in such a system?
In CU and e-speak, we used the fact that sending a message to the server involves two steps, contacting the machine hosting the server and getting the message to the server. In order to use any service, open or otherwise, you'd first contact the "Connection Manager" on the machine hosting the server. The Connection Manager did all the authentication, protocol negotiation, etc. It then started a proxy to forward requests from the remote user. All requests to the server passed through the proxy.
This approach addressed denial of service attacks in two ways. First of all, you couldn't bang away on the service itself without first authenticating with the Connection Manager. Second, many denial of service attacks would crash the proxy, not the server. We couldn't do anything about attacks against the IP stack or some attacks against the Connection Manager.
Technical Computing Research Group
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Alan H Karp.vcf
Size: 774 bytes
Desc: not available
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20040503/3779e77d/AlanHKarp.obj
More information about the cap-talk