From: marcs <>
Replying To: Karp, Alan <>
Date: Mon, 9 Dec 2002 15:58:34 -0700
Subject: Re: [e-lang] Naming Capability Systems

On Monday 09 December 2002 10:31 am, Karp, Alan wrote:
> I've seen the demo, and I believe it is a dramatic demonstration of the 
benefits of POLA.  However, the distinction between ambient and object 
capabilities is not as clear.  That's probably as it should be.   If the 
authorities were to be more visible, the user interface would appear to be 
too awkward to gain acceptance.

Yes, you are correct, and it does point to a difference in the ah-ha 
experience Tyler is reaching for, and the one I am reaching for.  I am trying 
to get an ah-ha experience from an audience that usually does not have a 
security expert in the room, while I think on reflection that Tyler, in this 
email thread, is focused on getting the ah-ha from a room full of security 
experts. I do not immediately know what the ramifications are of this 
variation, but there may be some. I will observe, however, that markm did get 
an ah-ha experience using the demo for a roomful of security experts in 
Monterrey Naval PostGrad School, so it is still useful in that context (I 
think markm added more technical discussion, including discussion of 
designation with authority, in that talk, is that correct?).

I also believe that markm sometimes does a quite successful shorter pitch that 
explains the difference between ambient authority capability systems and  
object capability systems that is based on the Granovetter diagram. He does 
this for security experts who have been confused by the literature. If I 
recall correctly, just about every person markm has met who has learned about 
capabilities from the Lampson thread of history has been thusly confused and 
needed to be Granovetter-ized. We have put the Granovetter diagram on our 
business card so markm can whip it out at a moment's notice :-)


e-lang mailing list