[cap-talk] Some good advice for disruptive technologies
James A. Donald
jamesd at echeque.com
Sun Jan 9 13:27:38 PST 2011
On 2011-01-09 7:40 PM, David Barbour wrote:
> But none of these principles are well served if we just reinvent the
> traditional desktop OS atop a capabilities system.
The core idea of cap desk and similar approaches is that a program
should be unable to access a file unless the user explicitly gives it
the file through the file open dialog - which is how end users naively
imagine the traditional desktop OS should work.
Which approach fixes most of the problems without "re-educating the
If you have to "re-educate the user" your UI deviates from the principle
of least surprise.
> In addition to making users more aware of security issues, we
> should leverage the greater composability of capabilities in order
> to offer a more flexible user experience - i.e. with support for
> service extensibility and application mashups, perhaps some
> ability to bookmark and share views, and so on.
> We might want to drop an icon representing some facet of a
> service and drop that into your little messaging application. The
> recipient could then interact with a service on your machine, at
> least until you revoke the authority or destroy the service.
A very good idea, but this, of course, requires secure messaging, and if
we provide people with secure messaging, we have already achieved much
without changing or adding to the user interface.
Secure messaging requires end to end encryption, which requires that
buddies represent cryptographic identities, such as a hash of a rule
identifying a public key, rather than representing supposedly human
readable names rooted in the DNS - so as with capdesk, this involves a
big change under the covers, with no substantial change in the UI, other
than that the messaging system starts to have the security properties
that the user naively expects it to have.
More information about the cap-talk