[cap-talk] POLA? Unix FDs as capabilities? Plash future + YURLs?
tyler.close at gmail.com
Sat Nov 19 12:19:59 EST 2005
On 11/17/05, Jed at Webstart <donnelley1 at webstart.com> wrote:
> At 04:19 PM 11/17/2005, Toby Murray wrote:
> >Jed at Webstart wrote:
> >>On the other hand, perhaps Tyler's YURLs and the Web can serve for
> >>the permanent management of resource access? Then if Plash could
> >>communicate "capabilities" to processes as open file descriptors
> >>that represent pipes to a local server that accesses the
> >>corresponding resources through YURLs ... Well, that is getting
> >>ahead of the game, but I could imagine it. Quite a hack and
> >>probably unworkable, but close to satisfying the basic needs.
> >This is quite interesting. I'm imagining (from your description)
> >YURLs as a sort of "universal" capability representation that is
> >machine independent (like E's sturdyref's I suppose), where on the
> >Unix implementation we use file descriptors to represent them
> >locally. YURLs are "resolved" to local file descriptors, like E
> >sturdyrefs are "resolved" to object references. (please excuse me if
> >I've got the terminology wrong here, I'm no E hacker).
As Jed wrote, I once implemented something very similar to this.
Instead of binding a YURL to a file descriptor, I bound a YURL to an
operation on a file descriptor. A single file therefore had a set of
YURLs bound to it, one for each exported operation. For example, there
was a YURL to fetch the current file contents, another to overwrite
the file and another to delete the file. There was a similar schema
for directory operations. The resulting application was quite useful
for remote file management through a web browser; however, people
mostly used it as a crude form of wiki. This lead me to build a less
crude wiki that you can find at <https://yurl.net/>. Reviving the file
management application might be fun and useful.
I never built the reverse mapping of turning operations on file
descriptors into HTTP requests on YURLs, though I lusted for it. Such
a mapping would enable use of vim for remote file management, which
may be preferable to the web browser for many tasks.
The web-calculus is the union of REST and capability-based security:
Name your trusted sites to distinguish them from phishing sites.
More information about the cap-talk