[cap-talk] "ACLs don't" paper rejected from Oakland 09

zooko zooko at zooko.com
Sat Jan 31 09:20:53 EST 2009 

Dear David Wagner:

Thank you for thoughtful and honest writing about an important topic  
from a true expert.

I really hope that Tyler presses on with this.  It turns out that the  
top conferences such as Oakland are not reliable showcases of the  
best and most important ideas.  Bad ideas sometimes slip in.  Good  
ideas are often left out.  That may be disappointing if you thought  
otherwise.  But nonetheless getting these ideas peer-reviewed and  
published in a widely recognized scientific forum is vitally important.

Without that step, the ideas are just completely invisible to a large  
population of good thinkers.  They're just off the radar.  They never  
happened.  If you can't cite a peer-reviewed article about the ideas,  
then the ideas can't be part of certain conversations.

The papers of Mark Miller, Jonathan Shapiro, Ping Yee, et al. from  
the early 2000's allowed capability access control to become part of  
the conversation.  For example, it was after those papers were  
published that David Wagner started including those ideas in his  
courses at Berkeley.  Please tell me, David, if there's any truth to  
my assumption that the publication of those papers in peer-reviewed  
conferences was necessary for you to teach the ideas at Berkeley!

However, that research is mostly in the field of programming  
languages (and of course the field of operating systems where  
capabilities were already a part of the conversation).

If Tyler gets some variant of "ACLs don't" approved by expert  
reviewers for inclusion in a serious academic forum such as New  
Security Paradigms or the others mentioned in this thread, then  
hopefully that will make capabilities a valid subject of the  
conversation that is carried on in new papers by web security and app  
security researchers.  That could open up vast opportunities for  
future invention.

I should also point out that the values flow both ways -- by  
publishing those ideas in a form and a forum that security  
researchers recognize, Tyler will make it easy for them to think  
critically about ths ideas, identify flaws in the approach and to  
communicate such issues effectively to the rest of us.

Regards,

Zooko
---
Tahoe, the Least-Authority Filesystem -- http://allmydata.org
store your data: $10/month -- http://allmydata.com/?tracking=zsig

More information about the cap-talk mailing list