[cap-talk] Understanding capabilities in a web-desktop setting
Karp, Alan H
alan.karp at hp.com
Thu Aug 7 18:38:46 CDT 2008
Ivan Krstic wrote:
> Capabilities are currently hand-waving. Nothing more. They're mostly
> undocumented and unexplained. My calls on this list for a single
> cogent, coherent writeup with good non-hypothetical examples such as
> those from the Tahoe FS, went unanswered. Interested developers are
> reduced to joining an obscure and often exasperating mailing list to
> ask what the capability approach even means. Against this backdrop,
> ACLs and their known deficiencies look pretty damn good.
E-speak was a commercial product offered by HP from December 1999 until HP exited the middleware business in 2001. At that time, five companies, including the HP supply chain organization, ran at least part of their businesses on the e-speak platform. In fact, in April 2002 I got a message that said, in part,
"... the eTicketSlovenia project is finally going live on May 6th. For those of you not familiar with this project, this is going to be one of the largest web services deployments in the world in which mobile phone users will be able to search for, select, and pay for cinema tickets all via mobile web services. Believe it or not, Slovenia has one of the highest ratios of mobile phones per person in the world. ... this deployment will be using e-Speak ..."
The entire framework is described in a book "Web Services: A Java Developer's Guide Using E-speak" by Naresh Apte and Toral Mehta, ISBN 0-13-062338-5. Chapter 8 covers the security model. Although the word "capability" doesn't show up in the index or the glossary, E-speak used SPKI certificates as capabilities.
Virus Safe Computing Initiative
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
More information about the cap-talk