[cap-talk] Web-calculus "garden" re WebCVOS (was: Re: "capabilities" as data vs. as descriptors)

Thu Jul 19 16:36:33 EDT 2007

Tyler,

Sadly I just got around to looking more closely for the "garden"
web-calculus example that you mentioned below.  When I
checked for the http://www.waterken.com/garden/  content
I got a not found error.  Did things move or ...?

I'd be quite interested to hear your thoughts about the
"WebCVOS" notion that I've been tossing about with
others on cap-talk, e.g. starting with:

http://www.eros-os.org/pipermail/cap-talk/2007-July/008316.html

If something like that was to move forward, it would be important
to specify what sort of Web/Internet capabilities as "data" it
could accept (e.g. options) and of course how they would
be invoked (data and capabilities sent and received).  At that
point it seems YURLs per web-calculus would be attractive,
though I think also a more optimized RPC mechanism
(e.g. over UDP - perhaps something like the Delta-t
protocol that Mach used ;-) might be a useful addition
if things started to move forward along with a local
form supported more efficiently by the WebCVOS but
still suitable for communication over the 'invoke' interface
(maybe YURLs also??).

I'd also be interested in your thoughts on what I might
call the "What can network capabilities as 'data' do?",
discussion, specifically with regard to capability protection
and confinement.  I know we've discussed this some before,
but I think you might find some interest in the discussion
that JonathanS and I had recently on this topic, particularly
as it applies to something like the WebCVOS.
Unfortunately the discussion takes a bit of time to
creep up on this topic, but you might be able to
pick it up at:

http://www.eros-os.org/pipermail/cap-talk/2007-July/008296.html

or perhaps a bit later at:

http://www.eros-os.org/pipermail/cap-talk/2007-July/008307.html

--Jed   http://www.webstart.com/jed/

Tyler Close wrote:
>
> Jed Donnelley wrote:
>> Even such a mechanism just for limiting access to Web URLs I think
>> would be wonderful!  Can you imagine the value of being able to 
>> (essentially)
>> just copy and paste a "capability" into, say, an email and communicate
>> not just information, but also a right?  Even that much (avoiding all 
>> the
>> crusty to the max password and other such access control mechanisms)
>> seems almost beyond my wildest dreams.
>
> You might enjoy the example web-calculus application at:
>
> http://www.waterken.com/garden/
>
> That page contains a capability URL that carries the authority to edit 
> the pages served from the /garden/ part of the www.waterken.com site.
>
> There also exists a capability URL for the root of the 
> www.waterken.com site. I use this capability to update configuration 
> files for the server software, and other such tasks. I am keeping this 
> capability URL secret.
>
> All the protocols involved in this application are documented at:
>
> http://www.waterken.com/dev/Web/
>
> The File Manager interface is specified at:
>
> http://waterken.com/file/
>
> Full source for the implementation is also available. The project home 
> page is:
>
> http://www.waterken.com/dev/Server/
>
> The Waterken Server can also be used to build much more compelling 
> applications.
>
> I am having trouble keeping up with the volume of messages, and so am 
> way behind in my reading. I'll comment more when I've caught up, but I 
> couldn't resist sending this message now.
>
> Sweet dreams,
> Tyler
>
--Jed  http://www.webstart.com/jed/  --Still dreaming...