Shaving beards (Was: [cap-talk] automatic policy ... enforcement
- hope? - master programmer)
list at waterken.net
Sat Sep 25 22:30:05 EDT 2004
Jed Donnelley wrote:
> At 09:22 AM 9/23/2004, Tyler Close wrote:
>> I suspect a causal relationship between those you have not acquired
>> these abstraction and composition skills, and those you don't 'get'
>> capabilities. I think you have to be a master programmer before you
>> can design an access control model for software.
> Gosh, I hope not. If that's true then I am afraid our efforts at finer
> grained access control may be doomed. Of course again I'm not sure what
> is meant my "master programmer", but it sounds pretty exclusive. As
> noted in the libraries reference above I believe there are many ways to
> hide complexity, and they don't all require master programmer status.
I was talking about "design" of an access control model, not use of one.
By "design" I mean activities like building a capability OS or
language, or writing papers critiquing them.
I suspect that many of the grey beards who don't get capabilities also
don't get programming. They just don't have the abstraction skills that
a master programmer must have. This hypothesis is the only way I can
make sense of things like the myth that capabilities do not support
revocation. Even a novice programmer should be able to reinvent the
Caretaker pattern. These grey beards apparently can't. Despite our
attempts to cover up their failure through the introduction of terms
like "object capability system", they really have no excuse. The DVH
paper that coined the term 'capability' describes a system that supports
all the primitives needed to implement the Caretaker pattern. If they
don't get programming, I submit that they have no business doing design
work on an access control model for programming.
Ah well, at least the term "grey beard" implies that time is on our side. ;)
Just to be on the safe side, I want to emphasize that I am aware that
there are some grey beards, such as yourself, who clearly do possess
expertise worthy of consultation.
The web-calculus is the union of REST and capability-based security.
More information about the cap-talk