From: Bill Frantz <>
Replying To: David Wagner <>
Date: Sat, 7 Dec 2002 12:51:58 -0800
Subject: Re: [e-lang] "Capability Myths Demolished" (was: Software security workshop)

At 4:41 PM -0800 12/6/02, David Wagner wrote:
>  - the capability community has a jargon of its own that took
>    me a while to pick up (I could give dozens of examples);

Perhaps having been active in the capability community for on the order of
30 years, I'm the last one to try to grok the problems of newcomers,  but I
would like to see some examples of what terminology you consider jargon.
In many cases, making people understand the jargon is the fastest way to
get them to understand the field. daw

On a related subject, it seems to me that the model of ambient capabilities
is quite useful because,  if you can prove some security property of a
program using ambient capabilities, then you don't have to consider that
program's correctness.  You do have to consider the program's correctness
when you need to use object capabilities* in your proof.  Consider proving
that a program does not perform actions that fall into the confused deputy

* Thanks Dean, for this terminology. 

Cheers - Bill marcs 

Bill Frantz           | Sacred cows make the   | Periwinkle -- Consulting
(408)356-8506         | tastiest hamburgers.   | 16345 Englewood Ave. |         - David Wagner | Los Gatos, CA 95032, USA

e-lang mailing list