[cap-talk] Security and languages talk

Baldur Johannsson zarutian+cap-talk at gmail.com
Sat May 3 22:37:57 CDT 2008 

Two urls turn up from my bookmarks that could fit your criteria:

http://www.skyhunter.com/marcs/capabilityIntro/index.html
http://www.eros-os.org/essays/capintro.html

the latter one I found rather concise and illuminating when I first read it.
What piqued my intrest was I felt that static policies were too
acidential complexe. That and the need for easy delegation
 (I seen this first hand) leads cooperating people to share passwords
and/or complete
access to everything.

But I guess that "the Mashup proplem"* might be more intresting to more people.

What you must absolutly cover is than an capability is an unforgable**
reference/token
 that both designates the object and the authority to use that object.
 That an capability doesnt care who uses it and (this often asked) how
an capability can be rescinded using the forwarder pattern.

I am sure other cap-talk list members have more to add.

Thoughts? Comments? Need for clarification?
-Baldur Jóhannsson

* http://www.youtube.com/watch?v=V13wmj88Zx8 found at
http://wiki.erights.org/wiki/Documentation

** in OS or language based system that is usually forbids that an
program fabricating
the capabilities it holds from bits. An exception to this are password
capabilities which
generally are big random bit strings. (An adage to "Knowledge is
power!" and "Knowing the name of an demon gives control over that
demon" ;-)

Þann 4. maí 2008 ritaði Ivan Krstić <krstic at solarsail.hcs.harvard.edu>:
> I'm directing much of my recently-gained spare time[0] towards a few
>  things I've wanted to work on for a while, but haven't had the time in
>  the course of my breakneck two years with OLPC. One such thing is,
>  after giving a bunch of high-profile talks about systems security,
>  writing a short one about security and programming languages.
>
>  The Boston Lisp folks invited me to give the talk[1] on May 27th, so
>  the audience is a fairly clueful programming crowd without any
>  necessary prior exposure to language security and capability ideas.
>  I'll be talking for 25 minutes: covering the basic ideas and looking
>  briefly at things like E, Joe-E, Caja and CaPerl.
>
>  Questions for this crowd:
>
>  * Have you seen any _great_ short introductory capability and
>    language security talks before? What made them great?
>
>  * What do you think are things that I absolutely must cover?
>
>  * If this was your first brush with the relevant topics, what could
>    I say that would really pique your interest?
>
>  Cheers,
>
>
>
>  [0] <http://radian.org/notebook/maintaining-clarity>
>  [1] <http://radian.org/notebook/talk-language-security>
>
>  --
>  Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org
>

More information about the cap-talk mailing list