[cap-talk] OCap directory discussion (was: Waterken Server

[James A. Donald]

Jed Donnelley wrote:
 > However, part of the reason I mention the above is
 > that such a mechanism is counter intuitive to most
 > computer users today, and may be a difficult "sell."
 > I didn't really understand how much of an issue this
 > might be until I discussed the above with David Wagner
 > in a conversation at Usenix.  As I recall that
 > discussion, David suggested that people might find the
 > thought of sharing through what amount to bags of
 > named capabilities uncomfortable. Perhaps this goes
 > back to the old "loose capability" concern?  Is there
 > more to such discomfort?

The solutions we need to address the security crisis
tend to be easier to use than describe - indeed this is
a general rule of good user interfaces.  They are what
they are, and it is very hard to talk about them without
having at least played with a prototype.

Researchers and hobbyists tend to write unix like tools
that do not even *have* user interfaces in any very
useful sense.  The petname tool makes Zooko's triangle
real, thereby making it possible to talk about and think
about using Zooko's triangle.  Just say "like petnames
in the petname tool"

The idea of sharing stuff by putting it in a shared
space (the present Microsoft interface for sharing
files) seems to be more intuitive, easier to use, and
harder to screw up, than the chmod model, in part
because users act by dragging and dropping, bringing
their physical intuitions for physical objects and human
control of physical spaces into play.