Why Capabilities and Persistence are Essential

Paul Snively psnively@earthlink.net
Thu, 11 Nov 1999 10:57:29 -0800


Hi again folks!

> Paul, thank you very much for that.  An occasional note like that can do
> wonders for one's motivation.  I really appreciate it.
>
> But I do have to point out...
>
> At 09:19 AM 11/11/99 , Paul Snively wrote:
>>MarkM's efforts, the best example of which I feel is the Ode
>
> that the Ode is also the work of my co-authors, Bill Frantz and Chip
Morningstar.

Mea culpa! Thanks also to Bill and Chip, whose recent contributions to the
list I've also been following avidly.

Incidentally, I'd also like to point out that my previous message may have
seemed "anti-expert." That's certainly *not* my intention; clearly we all
benefit tremendously from the involvement of experts like Jonathan, and I'm
most anxious to see an EROS JVM so that we can see an effective marriage of
EROS and E. To that end, I've recently unearthed a Java class
dependency-auditing tool that I'll be using on E 0.8.4 to ascertain
precisely what its dependencies on the Java platform are, with an eye
towards ensuring that they don't exceed a dependency upon Personal Java and,
ideally, the newly-formed J2ME (Java 2 Micro Edition), possibly augmented
with the java.security hierarchy, e.g. from the CLASSPATH project, which is
LGPL'ed. This would mean that E could reasonably be expected to run on the
beefier PDAs such as the Palm III or better. I think this is going to be
especially important in the era of wireless networked personal devices such
as the Palm VII, the Qualcomm pdQ phone, and the forthcoming Nokia
PalmOS-based phone.

One of the other security notions that's been kicking around in my woefully
uninformed head is that of "have something + know something," e.g. a smart
card and a separate private key, an ATM card and a pin, etc. Have we/are we
contemplating what this means in the context of E? As soon as the Java Ring
2.0 becomes available I'd like to get one. Can I store my (E) capabilities
on my ring? Can they somehow be associated with (one or more) keys that I
must memorize? Should I be reading up on Bruce Schneier and crew's research
into private key protection and personal entropy?

I guess I'm kinda gung-ho about the fact that EROS is small and (as an
educated guess) E, at least in the form of kernel-E, is small too, which to
me bode well for a future of very small wireless-but-connected devices.

Hmmm. That reminds me: do we have/need/want a Jini story?

That's enough rambling from me for now. Thanks for your patience!

>
>          Cheers,
>          --MarkM

Best,
Paul
--
Please reply to <mailto:psnively@earthlink.net> using PGP. My public key can
be found at <http://pgpkeys.mit.edu:11371>. PGP can be found at
<http://web.mit.edu/network/pgp.html>. Beginning 11/1/1999, unenciphered
e-mail will be immediately deleted unread. Thank you.