[cap-talk] Bee Eyes (was: "ACLs don't" paper rejected from Oakland 09)

Mark Miller erights at gmail.com
Mon Feb 2 10:41:40 EST 2009 

On Mon, Feb 2, 2009 at 1:51 AM, Matej Kosik <kosik at fiit.stuba.sk> wrote:

> If we compare ACLs to faceted eye of a bee
> and capabilities to the eye we ourselves use
> these two organs also serve *somewhat the same goal*. There are many
> ways in which one as well as the other organ could be improved by
> evolution. But on the evolution landscape, they are on *completely
> different "mountains"*. By evolution one cannot evolve into the other.
> It would mean going downwards towards valley of blindness and this is
> not what happens by evolution.
>

A wonderful analogy. And your conclusion may be right. But I hope not. The
computer field already has trillions invested in the bee eye. If we can't
find an incremental evolutionary path from the status quo towards
capabilities, where both can co-exist during the transition, then I doubt
there will be any transition. On the web especially, the entire game is
finding incremental adoption paths.

I will take this opportunity to re-raise the topic of so-called "hybrid
capability systems" (HCS) like Gong's ICAP, Karger's SCAP, most of Kain and
Landwehr's taxonomy, and the "unauthorized capabilities" of the IBM
System/38 aka AS/400 aka iSeries. The basic idea of an HCS is that an access
is allowed iff it is allowed by ACL rules *and* it is allowed by cap rules.
In an HCS, the principal id of the immediate requestor is still presented to
the reference monitor, for checking against an ACL as an additional
requirement beyond the normal ocap rules. In one form of HCS, the ACL to be
checked is associated with the designated object. In another, the ACL may be
associated with the capability on which the request is made.

These have come up before on this list, and we've always concluded
(correctly IMO) that HCSs have no technical advantage over pure ocap systems
used with the Horton pattern. However, HCSs may provide the path through the
valley of blindness that allows us to reach the higher hill.

-- 
Text by me above is hereby placed in the public domain

   Cheers,
   --MarkM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20090202/dbd787ac/attachment.html

More information about the cap-talk mailing list