Notes and capabilities
Tue, 9 Nov 1999 13:59:53 -0500
> I caught up with Alex Morrow of Lotus yesterday,
> so I want to close the
> loop on that discussion.
> It proves that the numbers encoded in Domino URLS
> are indeed capabilities.
> Domino allocates universally unique identifiers
> to all objects using a
> swiss number scheme or some comparably strong
> randomization strategy. I
> can't speak to the strength of the randomness,
> but it is intended that
> these ID's be sufficiently random to be
> unguessable. The resulting IDs are
> then directly encoded in the URLs.
I'll reiterate my concern that it doesn't seem correct to me
to say that using very large unique numbers makes an object
identifier a capability. Does IPv6 use capabilities, or just
a very large addressing space? When does a candlestick
become a murder weapon, or a list of invitees an ACL? As far
as I can tell, Domino relies solely on ACLs for access
control. It does not appear to me that Domino URLs are meant
to be passed between users as a sign of granting access.
There is certainly no information on the Domino web site to