[cap-talk] Capability analogies

Stiegler, Marc D marc.d.stiegler at hp.com
Fri Oct 5 11:19:44 EDT 2007 

Jonathan is correct that the browser is trapped behind a capability
based mediator, so it is correct to say that DarpaBrowser is confined in
some sense. However, the confinement mechanism imposed on DarpaBrowser,
when configured during installation in the way we normally demonstrate,
explicitly allows through all messages to/from the Internet. So Jed is
correct too, because, in another sense, the DarpaBrowser has, in normal
usage, unconfined access to the Web :-)

--marcs  

> -----Original Message-----
> From: cap-talk-bounces at mail.eros-os.org 
> [mailto:cap-talk-bounces at mail.eros-os.org] On Behalf Of 
> Jonathan S. Shapiro
> Sent: Friday, October 05, 2007 5:37 AM
> To: General discussions concerning capability systems.
> Subject: Re: [cap-talk] Capability analogies
> 
> On Thu, 2007-10-04 at 21:25 -0700, Jed Donnelley wrote:
> 
> > I don't believe the DarpaBrowser is a capability browser in 
> the sense 
> > I described.  As I understand it, the DarpaBrowser can view 
> a URL like
> > 
> > http://www.google.com/
> > 
> > A confined capability browser could not because such a 
> string doesn't 
> > grant the permission to communicate on any network.
> 
> Nor does it do so in DarpaBrowser. The permission to 
> communicate over the network is conveyed by a capability 
> granting access to a filtered network subsystem. The string 
> above is interpreted by the filter. The enforceability of the 
> filtering mechanism is supported through use of capabilities, 
> but the filtering mechanism is not a capability mechanism per se.
> 
> >   I don't believe
> > the DarpaBroswer is confined - is it?
> 
> Of course it is. The access to the filtered network 
> connection agent is one of the authorized channels.
> 
> A word of caution: I may be confusing our own darpa browser 
> project with theirs, so anything MarkM and MarcS says is 
> certainly more accurate than anything I say above.
> --
> Jonathan S. Shapiro, Ph.D.
> Managing Director
> The EROS Group, LLC
> www.coyotos.org, www.eros-os.org
> 
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
>

More information about the cap-talk mailing list