[cap-talk] Google Chrome - web browser with sandboxed rendering

[Raoul Duke]

> Personally I'm going for 4a where the computer system manages its own
> security settings for resources, occasionally getting it wrong but
> able to recover from errors with a bit of feedback on how the system
> is performing from the user.

your point about "getting it wrong" is a great one to make; i would
assume there is no way any system will get "it" right all the time, so
if one is going to properly do one's job the question of: uhm, gosh,
what do we do when things fail or the wrong choice is made? is very
important.

(in fact, if one could answer it in such a way that there was no
danger when things do go wrong because recovery was always an option,
then that could free up the rest of the system to be more
loosey-goosey. although of course, if things are going wrong and the
user needs to "undo" all the time, even if it ends up being a safe
result, it would quickly chafe. so that extreme is more just an
ultimate fall-back / worst-case scenario.)