[cap-talk] Announcing "Analysing Object-Capability Security" Paper and Authodox v. 0.2.0
Toby Murray
toby.murray at comlab.ox.ac.uk
Fri May 30 10:24:06 CDT 2008
On Fri, 2008-05-30 at 11:03 -0400, Jonathan S. Shapiro wrote:
> On Fri, 2008-05-30 at 15:35 +0100, Toby Murray wrote:
> > The OCap model differs significantly from the earlier work cited in that
> > it is an informal model....
>
> I wasn't trying to take away from the OCap model, and I apologize for
> not citing your work and Fred's. I should have. I also agree that an
> informal model is a tremendously useful thing to have.
[This is why I just /love/ email as a medium for discussion -- it leads
to all sorts of hilarious over-corrections.]
No apology necessary. I thought that not citing Fred's and my work was
perfectly sensible, given that neither preceded the development of the
OCap model. Citing it in this context seems, if anything,
inappropriate.
>
> All I was trying to say is that the OCap model -- and your work, and
> Fred's, and mine, and Larry's, sits in an extended context of formal and
> semi-formal models, and to some extent can be seen as an outgrowth of
> the work that preceded it.
I would definitely say that my work is an outgrowth of e.g. Fred's,
yours, MarkM's, Snyder's, Bishop's, etc etc. In citing it, I was not
trying to indicate that the OCap model wasn't an outgrowth of the formal
models that preceded it, including yours, Take-Grant and others, or that
my work ought to be cited in this context, since I believe it shouldn't.
I cited my work only because its the work with which I'm most
familiar ;), in terms of work that deals with reasoning about OCap
systems by formalising the OCap model within a base formalism.
[One can't help but think of two people approaching each other in the
street. One moves left to avoid the other at the same point the other
moves in the same direction also trying to avoid the other. The result
is that neither avoids the other and the process, more often that not,
iterates, leading to further corrections from both parties and
ultimately a slightly embarrassing and funny encounter.]
As has happened before, after all this, I think you and I have agreed
totally here from the beginning. This has been obscured by the lack of
decent signals available in 7-bit ASCII ;)
More information about the cap-talk
mailing list