[cap-talk] A question on capabilities
Tyler Close
tyler.close at gmail.com
Mon Jun 12 10:17:40 EDT 2006
On 6/11/06, David Wagner <daw at cs.berkeley.edu> wrote:
> - Can you mix capability-style code with non-capability style code?
> For instance, can you mix some new code written in the capability way
> with old legacy code not written in the capability way? (My view: You
> can, and you can get some partial benefits, but to be honest, there are
> some real limitations on how much this can help you, and the boundary
> between the capability and non-capability world is often a source of
> both frustration, because of the impedance mismatch, and security holes.
For code that shares a process space, this is often true, but for code
in separate process spaces you can very frequently reuse
non-capability style code. Since there is no shared memory, all
references must be explicitly passed between process spaces. If the
processes are communicating over an encrypted and authenticated
channel, it can be very easy to turn their network protocol into a
capability-based protocol. There are still some pitfalls here, but not
nearly so bad as when there is shared memory.
Tyler
--
The web-calculus is the union of REST and capability-based security:
http://www.waterken.com/dev/Web/
Name your trusted sites to distinguish them from phishing sites.
https://addons.mozilla.org/extensions/moreinfo.php?id=957
More information about the cap-talk
mailing list