Subject: [e-lang] "Capability Myths Demolished" (was: Software security workshop)

From: David Wagner <daw@cs.berkeley.edu> · Date: Sat, 7 Dec 2002 19:15:26 -0800 (PST)

Bill Frantz wrote:
>Perhaps having been active in the capability community for on the order of
>30 years, I'm the last one to try to grok the problems of newcomers, but I
>would like to see some examples of what terminology you consider jargon.

I went through the exercise of trying to write down the worst offendors,
and in retrospect it's probably not quite as bad as I made it out to be, 
but here are some examples.

The bits that most noticeably got in the way for me were the following: 
"authority", and "ambient authority"; "designation", and "designation
without authority"; "POLA", instead of the standard "principle of
least privilege"; "capability discipline"; and last, but not least ...
"Granovetter diagrams" (sorry, Mark!).

Some of these terms are evocative and worth having new names for. 
For instance, I think the term "confused deputy" may have also been new
to me, but that's probably a name worth having.

On the other hand,  some of these terms were arguably a little closer
to redundant in view of existing terminology in the security community,
or at least, may not have been necessary for the purposes of conveying
the benefits of (E-style) capabilities.

The above is intended to focus on terms that I had to learn before
I could grok the insights of the capability community,  and it is not
an exhaustive list of new words that I've heard from capability folks.
There were other terms that I hadn't heard before: e.g., "wallbanging",
"bit confinement", etc.  Also, there was some object-oriented language
I wasn't fully familiar with, not knowing much about OO: e.g., "facets",
"factories", and the like.  However, these classes of jargon don't seem
problematic; they're secondary, and I see no reason why they should need
to get in the way of communicating the main ideas behind capabilities.

Anyway, there's nothing wrong with jargon.   Rather, my point was that,
if you have to learn new terms before you can understand the ideas
behind capability community, that incurs a certain cognitive cost.
In an introductory paper, it might make sense to see how much of this
cognitive cost can be avoided.
_______________________________________________
e-lang mailing list
e-lang@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/e-lang