At 08:07 AM 11/12/99 , Ralph Hartley wrote:
>This is an assumption that you hadn't stated before. It is a strong
>assumption, which rules out much of what people use computers for.
>
>If your security model can't deal with real locks and doors what good
>is it? Must we have another security model for securing non
>computational things? If so that model needs to include computational
>security as a proper subset.
Ralph, this is a fascinating point, and approaches the issue from an angle I haven't encountered before. I think it's a real contribution. If it's alright with you, may I forward our conversation to date to the e-lang list, and continue the conversation on that list? There are many bright minds on that list, some of whom have their own challenges to the capability view -- some from a crypto perspective, some from an OS perspective, but none so far from an interfacing-with-the-physical-world perspective. There are also bright minds on that list who defend the capability view from perspectives different from mine. I think it would be a fascinating discussion. Even if you say no, thank you for raising a fascinating issue.
The ongoing archives of the list are at http://www.eros-os.org/~majordomo/e-lang/index.html . To subscribe to the list, send a message to majordomo@eros-os.org whose body consists of "subscribe e-lang".
Now that you've raised it, in retrospect it's a bit surprising that we hadn't seen it. Our starting vision in many respects is Nick Szabo's Smart Contracts http://www.best.com/~szabo , and Nick has also been explaining & promoting a close cousin: Smart Property. This latter is Smart Contracts embodied in the behavior of physical objects, like a car that refuses to start if the owner misses too many payments. While I was aware of this, until your note, it hadn't struck me that there might be security architecture issues in supporting it.
Cheers,
--MarkM