dpranke at chromium.org
Thu Mar 4 10:42:36 PST 2010
My concerns with trying to promote "object-oriented security" as a new term are
that (a) it's certainly possible to have OO systems that aren't
(e.g., Java APIs that grant ambient authority) and (b) it's possible to have
non-OO designs that are compatible with capability systems (e.g. functional
designs that don't use mutable state or refer to ambient authority).
In addition, I don't know that all the young trendy kids consider
be particularly good (compared to functional or message-passing, for example),
and so I actually think that having a separate name is a good thing.
In my experience, there are far more people that have no idea what capability-
oriented design than people who have a negative opinion of it.
Further, the people
who do have a negative opinion of it usually have one because of legitimate
concerns and complaints (e.g., the lack of large scale real world usage) rather
than false academic ones, so you're better off convincing them rather
to dodge around them by changing the name.
On Thu, Mar 4, 2010 at 5:39 AM, Kenton Varda <kenton at google.com> wrote:
> For the record, I talked to MarkM and other cap fans at Google before
> setting this up, all of whom liked the idea.
> I'm very interested in hearing about problems people have encountered with
> the term "capability-based security". I'm not sure I see why
> "object-capability security" is any better -- it seems like neither of these
> terms would mean anything to someone who doesn't first understand what is
> meant by "capability". "Object-oriented security", on the other hand, has a
> good chance of being correctly interpreted even by someone who has never
> heard of capabilities.
> I completely agree that we need more infrastructure. As it happens, I'm
> working on that too.
> On Thu, Mar 4, 2010 at 4:22 AM, Kevin Reid <kpreid at mac.com> wrote:
>> On Mar 3, 2010, at 23:42, Kenton Varda wrote:
>> > And then it occurred to me: What if we called it "object-oriented
>> > security" instead?
>> My first reaction is that we don't need more different terms for the
>> same thing. Every time you change terms you lose what progress you
>> have -- people can't see what you're talking about and realize it's
>> the same as something they heard about that was also possibly
>> Insofar as we've made progress by not saying "capability security",
>> it's by almost not calling it by another name either -- ask Alan Karp,
>> particularly, and MarkM about their experiences in this area.
>> Now, on the other hand, using "Object-Oriented Security" as the name
>> of a particular *site* advocating *object-capability security* (not
>> "capability-based security"; the short form promoted by MarkM is
>> "ocap"), sounds pretty good to me.
>> ...On somebody else's hand, I think that in the current situation,
>> much more than marketing materials, we need APPLICATIONS and LIBRARIES
>> and other forms of RUNNING CODE and LIVE DEMOS that *demonstrate* the
>> effectiveness of capability design. We've had far too much talk about
>> “this problem can be solved cap-ishly this way” and not enough of
>> *actually implementing* those designs.
>> Kevin Reid <http://switchb.org/kpreid/>
>> cap-talk mailing list
>> cap-talk at mail.eros-os.org
> cap-talk mailing list
> cap-talk at mail.eros-os.org
More information about the cap-talk