[cap-talk] Rsa podcast on Why Identity Doesn't Matter
Stiegler, Marc D
marc.d.stiegler at hp.com
Thu Apr 9 20:00:19 EDT 2009
> I noticed the effort you put into not saying the c-word.
> Are you going to say the c-word in the actual presentation? ;-)
> (Frankly I don't think that avoiding saying "capability" helps at all.
> Is there *any* technical difference between "self-authorizing
> and "capability"?)
I still hold the c-word as taboo. It has 2 problems:
-- for traditional security geeks who think they know what it is, it
invites beside-the-point argument
-- for people who have no idea what it is, it conveys no information
I actually think expunging "capability" in favor of "ocap" is a generally good idea, and have been moving in that direction. However, I was looking for something that would be helpful in my explanations to less-techno-geek people, i.e., a name that was also descriptive. "Self-authorizing reference" is an experiment in seeing if I can convey Norm's "bundle that combines designation with authority" in a way that people will kinda grok right off -- I have noticed that, alas, the definition "a bundle combining designation with authority" is succinctly beautiful and informative only for people who already understand what it is. "Self authorizing reference" may not be any better, but I figured it was worth a try. If it seems to work, I'll let you know :-)
More information about the cap-talk