"I have a mind like a steel... uh... thingy." Patrick Logan's weblog.

Search This Blog

Saturday, July 10, 2004

A world without... ACLs!

Marc Stiegler in the e-lang mail list...

It is possible to visualize a capability-based world in which the human being remembers one and only one pass phrase, the phrase that unlocks all his capabilities on his personal machine. This pass phrase would never be sent over the wire, never be shared with anybody. It would be used solely to to enable the human to authenticate himself to his computer. From there on, ACLs need not apply. Hallelujah.
Alan Karp's site password is an interesting approximation of this idea.

1 comment:

Julien Couvreur said...

Site password is an interesting way of working around password flood without requiring a single sign-in system.

But from what I understand (http://blog.monstuff.com/archives/000102.html) that's not what capabilities are about. Capabilities are not generated.

I think what Marc suggests is that you create a capability manager that stores all the caps for a given user. The cap manager needs to be unlocked (using a password) to give access to the caps it *holds*.
The cap manager is made public so that anyone (any program) can aquire it.

The only part that's analog to "site password" is that the cap manager is a capability "multiplier". You start with no capability and a password and you get access to more things.

Blog Archive

About Me

Portland, Oregon, United States
I'm usually writing from my favorite location on the planet, the pacific northwest of the u.s. I write for myself only and unless otherwise specified my posts here should not be taken as representing an official position of my employer. Contact me at my gee mail account, username patrickdlogan.