[cap-talk] Understanding capabilities in a web-desktop setting
David-Sarah Hopwood
david.hopwood at industrial-designers.co.uk
Sat Aug 9 14:58:07 CDT 2008
James A. Donald wrote:
> Ivan Krstić <krstic at solarsail.hcs.harvard.edu> wrote:
> > Capabilities are currently hand-waving. Nothing more.
> > They're mostly undocumented and unexplained. My calls
> > on this list for a single cogent, coherent writeup
> > with good non-hypothetical examples such as those from
> > the Tahoe FS, went unanswered. Interested developers
> > are reduced to joining an obscure and often
> > exasperating mailing list to ask what the capability
> > approach even means. Against this backdrop, ACLs and
> > their known deficiencies look pretty damn good.
>
> Therefore I recommend that one instead says "The
> powerbox user interface pattern"
> <http://jim.com/security/safe_operating_system.html> -
> which pattern is related to using capabilities, and
> related to the principle of least authority, but not the
> same thing.
Whether I am designing a capability system, teaching about
them, or promoting them, I have no idea why I would want
to talk about "the powerbox user interface pattern"
*instead of* the more general principles that the pattern
supports. As *an example of* how one can realize those
principles, yes. But the pattern on its own isn't sufficient
to secure a user interface, never mind a complete system.
--
David-Sarah Hopwood
More information about the cap-talk
mailing list