[cap-talk] Understanding capabilities in a web-desktop setting

[tsr]

Hi,

(I'm sorry to say this is quite a fuzzy mail - it's the best I can
produce at the moment. I have a lot of thinking to do, it helps me to
write things down and for other to read it and comment, if this kind of
behavior is unacceptable on this list pleas just ignore the message.)

I've finally decided to really get to work on one of my dream projects
of the last couple years: An online open-source multi-user
PIM+/web-desktop with exceptional security.

All these years I've been thinking about implementing it like a
UNIX-system regarding access, but while doing some basic research I
found out about capabilities. It looks hot!

I'm having trouble finding positive information on capabilities so I
can't really say if it's feasible to implement it at this level.

I mean, there is a lot of information on how it's not like UNIX oga+rwx
or Windows (whatever they use), but I can't find information on what it
is, how you'd go about implementing it, etc. I've skimmed the archives
for the past year and also tried to search it but without success,

At least not on a level I can understand (something short about myself:
although quite intelligent and fast learner I'm not that into CS. I've
taken some introductory University courses some years ago but now it's
actually been a while since I thought about these things and/or
designed/built anything myself, I am prepared to start small, refactor
often, etc, but the overall goal is that I wrote above.)

The basic system (that will in function somewhat like a wiki) will have
the following components and have a browser-based interface:
- superuser
- useradministration (create, delete)
- groupadministration (create, delete, adduser, removeuser)
- texteditor (create, view, append, edit)
- filebrowser (traverse the filetree, open a file/component [using
another component]
- linker (create, edit, delete - links between textfiles as in a wiki)
- fileadministrator (creaye file/directory, move, copy, delete, change
access rigths/capabilities/ownership)

Later more components will get added to deal with other types of
information than users, groups, textfiles and directories like for
example email, calendar, lists, images, audio, video, spreadsheets,
rss-feeds, etc, etc. Also other interfaces will get implemented.

I'm still pretty much working from top of my head, but I think I've got
the basics covered.

Now to what I think is m question how do I implement this in a
capabilities kind of way? I might be able to get access to bare server
but I think that in the beginning it will have to do with my desktop
comp and some generic webhosting (php, ruby, mysql) How much determines
the environment/programming language in regards to the possibility of
doing it? If I decide to not use capabilites-based filesystems and
languages how would I go about implementing capailities, say in a rdbms?

Ok, I think this is it for now, feel free to take a look, answer some
question, give some pointers, direct me to other information sources or
something else that you deem more fruitful for me.

Thanks for your time, Tomas