[cap-talk] Capability analogies
Jonathan S. Shapiro
shap at eros-os.com
Fri Oct 5 08:36:41 EDT 2007
On Thu, 2007-10-04 at 21:25 -0700, Jed Donnelley wrote:
> I don't believe the DarpaBrowser is a capability
> browser in the sense I described. As I understand
> it, the DarpaBrowser can view a URL like
>
> http://www.google.com/
>
> A confined capability browser could not because
> such a string doesn't grant the permission to
> communicate on any network.
Nor does it do so in DarpaBrowser. The permission to communicate over
the network is conveyed by a capability granting access to a filtered
network subsystem. The string above is interpreted by the filter. The
enforceability of the filtering mechanism is supported through use of
capabilities, but the filtering mechanism is not a capability mechanism
per se.
> I don't believe
> the DarpaBroswer is confined - is it?
Of course it is. The access to the filtered network connection agent is
one of the authorized channels.
A word of caution: I may be confusing our own darpa browser project with
theirs, so anything MarkM and MarcS says is certainly more accurate than
anything I say above.
--
Jonathan S. Shapiro, Ph.D.
Managing Director
The EROS Group, LLC
www.coyotos.org, www.eros-os.org
More information about the cap-talk
mailing list