[cap-talk] cap-talk Digest, Vol 57, Issue 14

Steve Witham sw at tiac.net
Mon Dec 29 12:32:14 EST 2008 

>From: Mitsu Hadeishi <mitsu at syntheticzero.com>
>
>[W]e found that it was quite
>possible to implement capability security just at a specific layer of 
>a system, so that one can combine ordinary ACL-based security with 
>capability security principles to gain many of the benefits of cap 
>security without having to make every cooperating system capability
>secure.

Mitsu and Monty, to the extent you're able to talk about it,

I'm curious what this looks like: how the cap layer is accessed by
users or software making use of it, what sorts of plumbing go on
within it, and how (and by what authorities) it in turn reaches out to
things like disk files and internet connections.

How does a user divide up his power on the outside, so that
he's giving only limited powers to agents on the inside?

I thought the benefit of cap security was in the ability to construct
and connect things with components.  That wouldn't seem very helpful
if the layer within which you use capabilities is thin, static, or
very simple.  Do the layers you're thinking of involve significant
constructability or plugability?

Capability security means a safer framework for plugging new
chunks of software together in.  You don't get
the benefit if one component works within one framework, but
another component only works within an incompatible framework,
right?  So the tendency is to want larger & fewer frameworks.

Conversely, doesn't any
capability framework start to look like a language or OS?
For instance, in the layer you're talking about, how can you
implement objects within it such that bad code
can't break out of its box?  Each object its own OS process?
A bytecode interpreter?

  --Steve
P.S. "Deputy" is a good word.
deputee, someone who's been deputed ("deputize" is newspeak)
depute -- authorize, delegate
impute -- attribute cause to, but also credit with a property
dispute
computation -- combining imputations
repute -- reputation
putative -- supposed or believed (of a quality)
"From Latin putare, to prune, think, recon."
http://en.wiktionary.org/wiki/puto#Latin :
    1. I clean, cleanse.
    2. I arrange, settle.
    3. I value, esteem, deem, regard.
    4. I judge, suspect, suppose.
    5. I ponder, consider.

More information about the cap-talk mailing list