[cap-talk] OCap CORBA, anyone?

David Chizmadia (JHU) chiz at cs.jhu.edu
Tue Jun 12 16:38:14 EDT 2007 

Jed,

    I'll add what info I can to clarify CORBA...

Jed Donnelley wrote:
> David Chizmadia (JHU) wrote:
>>     As a long-time OMG security participant, I can assure you 
>> that the people who are actually using CORBA for new development
>> - i.e.,the military-industrial complexes in the US and Europe 
>> who are, in fact, most interested in embedded systems) are very 
>> interested in a credible, robust, and scalable network security 
>> story for CORBA. The major constraint at this point is that at 
>> least 30% of the players will assume that the underlying OS is 
>> based on the MILS architecture.
>
> Thanks for jumping in David!
> 
> I wonder if for those of us less familiar with CORBA you could 
> explain to us why CORBA isn't capability/POLA. If you have an 
> object request model, e.g. as I mentioned:
> 
> http://www.omg.org/images/logos/diagram-orb_to_orb.gif
> (from http://www.omg.org/gettingstarted/corbafaq.htm )
> 
> Isn't it a natural needing to be able to send object references 
> as parameters in messages?  At that point don't you have 
> capabilities?

    You *might* have capabilities, but the normative CORBA
specification doesn't ensure that you have object capabilities
(OCaps). The major problem is that the CORBA specification does not
require that the object key in the Interoperable Object Reference
(IOR) be part of a sparse key space, so the possibility exists that
an acceptable object-key generation algorithm would be predictable
enough for an attacker to manufacture a valid IOR. This goes against
my understanding of both capabilities and OCaps

> Is there some sort of struggle between the ambient authority 
> model ("user" defined access control, ambient) and the object 
> model of authority (capabilities)?
> Doesn't it seem like a relatively minor "push" could at least 
> make the capability model an option of some sort with CORBA?

    Absolutely. On the occasions when I've considered trying to go
down this path, my usual conclusion is that adopting an OCap basis
for CORBA would actually simplify the architecture, but whether this
is true is a detail issue.

>>     I've actually been trying to figure out how to phrase a 
>> proposal to this list to take an aggressive lead in reworking 
>> CORBA so that it is more closely aligned with the Web Calculus 
>> (or whatever petname it currently uses)
>
> Woo Ha!
>
>> thanks Shap, for providing the opening.
>> A major advantage in this area is that one of the most respected
>> people in OMG (Jishnu Mukerji) represents HP, so it would be 
>> very easy for HP Labs to insert itself into the dialogs.
>> 
>
> Time perhaps for Alan Karp to speak up?

    I would like to hear from Alan on this topic, snce it would be
him or someone in his management chain that would authorize the
participation of the appropriate people.

>>     It also turns out that the last OMG meeting of this year 
>> (10-14 Dec) will be in Burlingame, CA. So it would be very local
>> for many of the object capability community's major players. 
>> The following meeting is in Washington, DC.
>>
>>     If there is any real interest in using OMG as a venue for 
>> public specifications of OCapCORBA,
>
> Where did the name "OCapCORBA" come from?  Is that your invention 
> David?

    Yes, its easier than spelling everything out :-D

>> I would be very willing to lobby for time on the joint MARS 
>> (Middleware And Related Services) and Real-time task force 
>> agendas.
>>
>>     Another interesting opportunity is to start formalizing some
>> of the lessons learned in creating OCap dialects of legacy 
>> languages as a Platform-Independent Model of an OCap programming 
>> language platform. This would then allow for (semi-)automatic 
>> code generation based on OCap-based system models.
>>   
> This sounds like opportunity knocking to me.  I'll be quite 
> interested to hear the views of others on this topic.
> 
> --Jed  http://www.webstart.com/jed/

-DMC

More information about the cap-talk mailing list