[cap-talk] Unestos paper notes (was: Re: More Heresey: ACLs not inherently bad)
Jed Donnelley
capability at webstart.com
Mon Sep 1 02:55:50 CDT 2008
At 08:56 PM 8/31/2008, John Carlson wrote:
> >
> > I found this paper interesting enough that I'll share some notes
> > from reading (sequential and loosely edited - be forewarned):
> >
> > 1. "A first approximation of a POLP-friendly system is one based on
> > capabilities, discussed in Section 3. Though capabilities have
> > historically flummoxed application designers, we present a more
> > familiar interface, based on the Unix file system."
>
>I was on IRC the other day on a channel discussing the development of
>OGP,
Is "OGP" the Open Graphics Project?
>and one of the people there was moaning about caps.
Can you check to see if that person was somebody who had done (or
anticipated doing) programming with some capability interface?
If so I'd be quite interested to learn what interface in what
system.
>I'm not sure if they were an application designer, but they
>seemed mildly annoyed at the "complexity."
In the abstract any POLA mechanism seems more complex until you
consider that it's simply parameter passing. The capability
aspect is to simply block access to ambient authority (e.g.
global variables).
>Proxies are annoying, perhaps.
Were proxies (i.e. insertion/virtualization) discussed? If
so I'd be interested to hear the context. It certainly seems
to me that having the option to do insertion (e.g. replace a
file with a pipe) is a value, though having to program the
inserted code (e.g. handle the pipe communication) can of
course cost additional code.
--Jed http://www.webstart.com/jed-signature.html
More information about the cap-talk
mailing list