From: Tyler Close <tyler@waterken.com>
Replying To: David Wagner <daw@cs.berkeley.edu>
Date: Wed, 11 Dec 2002 08:39:53 -0400
Subject: Re: [e-lang] Naming Capability Systems
 

On Monday 09 December 2002 04:17, David Wagner wrote:
> Tyler Close wrote:
> >Do you have any evidence that a group has written you off because
> >they thought capabilities are the same as ACLs?
>
> My fear is that the majority of the security community might have
> this reaction.  Do you consider this unlikely?

Fear is a useful thing, but we cannot act on fear alone.  I
understand your fear, but I think we have to have evidence that it
is well-founded before acting on it. So far, we only have MarkM's
story that involved Lampson himself. I think additional stories
are a prerequisite. Without evidence, we can't really understand
the problem. We can hardly expect to solve a problem that we don't
understand.

Personally, I have never had difficulty communicating that my
software is very unlike an ACL design.  I have given presentations
to a wide variety of audiences: academic, industry, and the
average programmer. To date, my presentations have been highly
successful. I would like to better understand the failure others
have experienced before trying to fix anything. alan_karp

> >How can I explain that Lampson simply misunderstood the term
> >"capability" if you go and define his use to be correct?
>
> You misunderstand the proposal.  The proposal never was to define the
> bare term "capability" to refer to the kind of system Lampson described.
> Rather, the proposal was to use the term "ambient-authority capability
> system" (or "ambient authorities", or some other such adjectivized term)
> to refer to the kind of system Lampson described.

My impression is that making these distinctions surrenders the
word "capability" to mean whatever it is that people currently 
think it means. If this is not the case, then I don't see the
purpose of this whole exercise. We can no more expect people to
switch from "capability" to "ambient-authority capability system"
than we can expect to teach them the actual meaning of
"capability". If the latter is not feasible, so is the former.

Allowing people to believe that an ACL design is some subset of
capability definitely changes the intended meaning of the word 
"capability".

Tyler 
_______________________________________________
e-lang mailing list
e-lang@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/e-lang