Ka-Ping Yee wrote:
> He had not heard of EROS, E, or
> KeyKOS before. I am planning to send him some references (please
> suggest some good ones, and a good way to present them!)
I think MarkM's "Ode" is, by far, the best summary exposition of capability-based security ever. It focuses on the right things (the relations/transactions among entities), explicates the right things (that focusing on the right abstraction(s) allows the construction of both conceptual and software artifacts of astonishing generality), and addresses the right things (why specifically capabilities strictly have greater power than alternative approaches). All this in a very few pages, including the "money" and "covered call options" examples.
I also think the "posix.1e confused deputy" example would be extremely compelling.
Unfortunately, I'm finding that the barriers to acceptance of capabilities are indeed very high: I've spoken about them to the Los Angeles Java Users' Group to at best lukewarm and, at worst, outright hostile reception; I've urged respected professional technical journalists (Dan Gillmor at the San Jose Mercury News, Nicholas Petrely (sp?) at LinuxWorld, and Michael Swaine at Dr. Dobbs' Journal) to write about them and had only Dan Gillmor even go so far as to toss back a one-sentence response indicating that I "made good points..."
I'm curious, in general, as to what various members' take on the whole question of our public face is, as thus far I've found evangelism rather tough sledding.
One bright note: a client may be moving forward with a Droplets-based application. Stay tuned!
Best,
Paul
-- Please reply to <mailto:psnively@earthlink.net> using PGP. My public key can be found at <http://pgpkeys.mit.edu:11371>. PGP can be found at <http://web.mit.edu/network/pgp.html>. Beginning 11/1/1999, unenciphered e-mail will be immediately deleted unread. Thank you.