Shaving beards (Was: [cap-talk] automatic policy ... enforcement - hope? - master programmer)

Tyler Close list at waterken.net
Sat Sep 25 22:30:05 EDT 2004 

Jed Donnelley wrote:
> At 09:22 AM 9/23/2004, Tyler Close wrote:
>> I suspect a causal relationship between those you have not acquired 
>> these abstraction and composition skills, and those you don't 'get' 
>> capabilities. I think you have to be a master programmer before you 
>> can design an access control model for software.
> 
> 
> Gosh, I hope not.  If that's true then I am afraid our efforts at finer 
> grained access control may be doomed.  Of course again I'm not sure what 
> is meant my "master programmer", but it sounds pretty exclusive.  As 
> noted in the libraries reference above I believe there are many ways to 
> hide complexity, and they don't all require master programmer status.

I was talking about "design" of an access control model, not use of one. 
  By "design" I mean activities like building a capability OS or 
language, or writing papers critiquing them.

I suspect that many of the grey beards who don't get capabilities also 
don't get programming. They just don't have the abstraction skills that 
a master programmer must have. This hypothesis is the only way I can 
make sense of things like the myth that capabilities do not support 
revocation. Even a novice programmer should be able to reinvent the 
Caretaker pattern. These grey beards apparently can't. Despite our 
attempts to cover up their failure through the introduction of terms 
like "object capability system", they really have no excuse. The DVH 
paper that coined the term 'capability' describes a system that supports 
all the primitives needed to implement the Caretaker pattern. If they 
don't get programming, I submit that they have no business doing design 
work on an access control model for programming.

Ah well, at least the term "grey beard" implies that time is on our side. ;)

Tyler

PS

Just to be on the safe side, I want to emphasize that I am aware that 
there are some grey beards, such as yourself, who clearly do possess 
expertise worthy of consultation.

-- 
The web-calculus is the union of REST and capability-based security.
http://www.waterken.com/dev/Web/

More information about the cap-talk mailing list