Notes and capabilities

Tyler Close tyler@waterken.com
Tue, 9 Nov 1999 13:59:53 -0500


shapj wrote:
> I caught up with Alex Morrow of Lotus yesterday,
> so I want to close the
> loop on that discussion.
>
> It proves that the numbers encoded in Domino URLS
> are indeed capabilities.
> Domino allocates universally unique identifiers
> to all objects using a
> swiss number scheme or some comparably strong
> randomization strategy.  I
> can't speak to the strength of the randomness,
> but it is intended that
> these ID's be sufficiently random to be
> unguessable.  The resulting IDs are
> then directly encoded in the URLs.

I'll reiterate my concern that it doesn't seem correct to me
to say that using very large unique numbers makes an object
identifier a capability. Does IPv6 use capabilities, or just
a very large addressing space? When does a candlestick
become a murder weapon, or a list of invitees an ACL? As far
as I can tell, Domino relies solely on ACLs for access
control. It does not appear to me that Domino URLs are meant
to be passed between users as a sign of granting access.
There is certainly no information on the Domino web site to
indicate otherwise.

Tyler