[cap-talk] request for comments on capability design
Stiegler, Marc D
marc.d.stiegler at hp.com
Thu May 17 13:10:46 EDT 2007
> -----Original Message-----
> From: cap-talk-bounces at mail.eros-os.org
> [mailto:cap-talk-bounces at mail.eros-os.org] On Behalf Of Peter Amstutz
> Sent: Wednesday, May 16, 2007 2:25 PM
> To: cap-talk at mail.eros-os.org
> Subject: [cap-talk] request for comments on capability design
>
> Hello everyone. I am in the process of designing a security
> model for a distributed object middleware I am working on
> called the Virtual Object System (VOS,
> http://interreality.org). The present implementation uses an
> ACL-based security model which I am not satisfied with. I've
> been looking into capability systems and I believe it to be a
> good fit for my design. I should note that while I'm very
> interested in borrowing ideas from E, for various reasons
> actually using E in my application isn't practical (beginning
> with the fact that I'm using C++...)
I presume that, since you're using C++, you are only interested in
security between machines, not within a machine.
I do not know how expensive it would be to build a capability-secure
networking stack in C++, but my fear is that the cost would be
substantial. If you do decide to do this, you might want to think about
making it compatible with the waterken protocol, which may be less
expensive anyway since you should be able to find good building block
libraries for it.
If you could switch to Java, there are 2 object-capability protocols
that fall into your hands very cheaply: the waterken protocol (if it
makes sense to build on a web server, namely, the waterken web server),
and the E protocol using the Elib library package (if the waterken
protocol doesn't make sense).
--marcs
More information about the cap-talk
mailing list