[cap-talk] Scope/span of capability systems (esp. as data), network reach

[Jed Donnelley]

I believe most of the current form of the:

"Re: [cap-talk] Confused Deputies in Capability Systems - not"

has actually taken up responding to the claim below, so I think
that perhaps a different subject name for the thread is appropriate:

At 08:36 AM 2/26/2009, Marcus Brinkmann wrote:
>...
>Capabilities can only survive in an isolated, homogeneous environment.  I
>think that this is a serious limitation, which in my opinion severely
>restricts the applicability of capability theory.
>
>Of course, it is possible to be more or less optimistic about the reach of a
>particular capability regime.  My personal estimation is that the safe bubbles
>within you can enforce a single capability regime are overall pretty small,
>roughly the size of a single application.
>
>In any case, unless you believe that all interacting systems can be subjected
>to the same (world-wide?) capability system,

I do!  That is where my view about capabilities as data such as
YURLs/Web keys becomes most relevant.  As I've noted my best hope
for advancement of IT systems via getting closer to least privilege
sharing comes through such networked capability systems.

>there are going to be interfaces
>where the confused deputy problem probably can crop up.  That's why I think
>that the capability community has essentially defined the problem away by a
>sheer act of imagination: Either by limiting imagination to a single
>subsystem, or by expanding imagination to include everything there is to be
>within the subsystem.

I believe this is the issue that the:

"Re: [cap-talk] Confused Deputies in Capability Systems - not"

is now focusing on, e.g. as with my most recent:

http://www.eros-os.org/pipermail/cap-talk/2009-February/012296.html

I hope we can switch to this new subject for any further discussion 
on this thread.

--Jed  http://www.webstart.com/jed-signature.html