[E-Lang] Summary for Practical Programming
2 Feb 2001 00:51:16 GMT
Marc Stiegler wrote:
>4. We all agree that capability systems lend themselves more easily to code
>reuse than ACLs because you don't have to go back into the existing code to
>create new mechanism for new refactored forms of security, you can just wrap
>the existing system in a capability disciplined way.
Well, I'd like to see this one explained a little futher before
(If there's an existing essay that tries to advance this point,
feel free to point me to it and tell me to RTFM!)
>6. We all agree that POLA is an inherent characteristic in the nature of
I'm unconvinced, so far (but am open to supporting arguments). As far
as I can tell, the POLA seems to be in the way you use the protection
system; it's not a necessary consequence of using (say) capabilities.
If you phrased this a little more carefully -- e.g., "capabilities are
one way to enable programmers to follow the POLA" -- I would be more
inclined to agree.
>For an Practical Programmer reading this summary, then, I personally would
>draw the following conclusion: if you want to build a complex flexibly
>secure system starting this afternoon, the place to start is either with E
>or with EROS or with both. Starting with Unix and C++ is just a bad choice.
Heh, well, you probably won't be surprised if I say that I haven't yet
been convinced that this follows from your other claims.