[cap-talk] Concening entry "ambient authority" in Wikipedia
Matej Kosik
kosik at fiit.stuba.sk
Fri Jun 5 08:34:41 EDT 2009
Hi,
Toby Murray wrote:
> Any definition should avoid relying on the object-capability model, I
> think.
Why?
Would the term "ambient authority" make any sense if there were no
"object-capability security model"?
> The object-capability model is an object-oriented model of
> computation in which the second kind of ambient authority is (almost*)
> eliminated. All sane object-capability systems ensure that all ambient
> authority of the first kind above is benign.
Can you create (useful) software systems written in object-capability
languages that support the object-capability security model which do not
contain subsystems that have ambient authority?
More information about the cap-talk
mailing list