[E-Lang] Other languages with secure capabilities

Peter Van Roy pvr@info.ucl.ac.be
Wed, 09 May 2001 10:13:20 +0200 

> I quite agree.  I'll go further.  If you allow yourself the shortcut of
> sometimes assuming mutually trusting nodes, you'll find it much harder to
> make yourself think about the issues raised by mutually suspicious nodes.
> Whereas if you engineer for the mutually suspicious case only, your
> solutions will be more elegant as well as more widely applicable.  As Polya
> (Mr "How to Solve It") says, "Sometimes it's easier to solve the harder
> problem."

I agree completely.  In fact, we used the same argument when designing
the protocols to make Oz network transparent.  Objects in Oz are mobile
by default (object state moves to process using it).  This made us think
seriously about using distributed algorithms to implement network
transparency right.  It turns out that mobile objects are simpler to
implement (e.g., exceptions are raised in correct thread, reentrant
locking is simpler, moving object state is simple than moving thread
state) than stationary objects, while keeping network transparency,
and they are more efficient for many applications.

The assumption of mutually trusting nodes is not a profound one; it is
part of our current plans of progressively introducing implementation
security in Mozart.  The very first step is allowing encrypted
communication.  This handles the mutually trusting nodes case, which is
actually an important special case.

> So back to
> 
> Ken wrote:
> > > I just think all these groups should be interacting more than they 
> > appear to
> > > be doing.
> 
> I quite agree.  We've had Oz folks participate on e-lang before, and they
> are always welcome.  Historically, we've made some effort to explain to them
> what we were doing wrt security, and it seems to have paid off.  I'd love to
> see them post an explanation of their approach and how it compares to ours.

Well, I do enjoy the discussions on the E list, even though I can't read
them all in detail.  Seif Haridi can probably respond better to your question
than I.

> Any other suggestions for how to proceed?
> 
> Btw, to whom should I send an invitation to put Oz on the Capability
> Security WebRing?

Send it to users@mozart-oz.org, the interested Mozart developers will
respond.

>          Cheers,
>          --MarkM

All the best,

Peter Van Roy

Département d'Ingénierie Informatique
(Department of Computing Science and Engineering)
Université catholique de Louvain
B-1348 Louvain-la-Neuve, Belgium

Email: pvr@info.ucl.ac.be
Tel: (+32) (10) 47.83.74
Web: http://www.info.ucl.ac.be/~pvr/
Mozart: http://www.mozart-oz.org