[cap-talk] What sustained interest in capabilities

[Charles Landau]

Please clarify a couple of points:

Mitsu Hadeishi wrote:
> other programs can't access the service via the ACL-based  
> interface unless they breach the security layer.  

 > If the
 > *layer* is not breachable, then from the POV of clients of the layer
 > it is a "top to bottom" capability world.

Assuming the layer is implemented without bugs, is it breachable or not?

> and thus the capability  
> security picture can be and is quite total, from the point of view of  
> entities interfacing with the service through the exposed interfaces  
> of the layer.  

Through the actually exposed interfaces, or just the intentionally 
exposed interfaces?

 > For example, consider using the approach we're discussing to present
 > an external web interface to underlying backend systems.  Many of the
 > backend systems may be built, internally, using legacy ACL-based
 > technology, but the external interface uses capability security to
 > control access.

I think you'll find considerable support for that approach on this list.

> However, what makes this different from approaches  
> which attempt to put capabilities all the way down to the OS is that  
> the backend does not have to be based on capability security, 

I see the approaches as similar. Capability OS's are built on a platform 
(hardware) that is not based on capability security, just as you are doing.