[cap-talk] What sustained interest in capabilities

Mark Miller erights at gmail.com
Sun Jan 11 23:49:17 EST 2009 

On Sun, Jan 11, 2009 at 12:46 AM, ross mcginnis
<ross_mcginnis at hotmail.com> wrote:
>
> Are there actually any top-to-bottom projects out there?
> By that I mean a single project that claims it is going to integrate or produce everything from a kernel all the way to a user's desktop environment based on caps with at least all the lower system level being verified.

I'm curious why you're tying the top-to-bottom security question to
verification. AFAIK, Coyotos is the only low level ocap system that
has verification as an explicit goal. However, I would also consider
CapROS and Tamed Pict suitable low level starting starting points for
a high confidence (as opposed to "high assurance") secure system.


> I'm aware that Coyotos team aim to produce a kernel with system libraries, a graphics system and even a linux compatibility environment, but as far as I understand they don't explicitly claim that they are going to produce the full stack all the way up to a cap based desktop environment that includes the standard top level user apps such user authentication, configuration controls, tex editor, webbrowser, etc.
>
> If this doesn't exist, shouldn't we create such a project?

AFAIK, both CapROS and Coyotos are still committed to describing their
ocap APIs with capIDL. If so, then many (most?, all? at least, E,
Joe-E, and Caja) of the object-capability languages currently in
development, when run on a CapROS or Coyotos system, will be able to
invoke OS capabilities as if they were normal language-level objects.
If this is indeed true, I would encourage these language efforts to
remain independent of capIDL, CapROS, and Coyotos, but also to remain
compatible with them.

Of course, this alleged compatibility is untried. When we try it,
we're sure to get some rude surprises.

The big open design effort that no one has yet taken on: the design of
a denovo UI toolkit around ocap and POLA principles. All the ui
tookkit efforts to date for ocap systems have been efforts to tame
existing toolkits, like SWT of the horrors of the w3c browser API.
Perhaps eMonkey comes closest.

-- 
Text by me above is hereby placed in the public domain

    Cheers,
    --MarkM

More information about the cap-talk mailing list