Talk:Object-capability model

From Wikipedia, the free encyclopedia

To do:

• Add etymology to introduction [done 2007-01-06T22:38]
  • The name comes from recognition of the fact that "pure" object-oriented programming constitutes the capability-based security model. [done 2007-01-06T22:38]
  • Touted advantages of objects (encapsulation, modularity) are precisely what we want for security (privilege separation, least privilege). [done 2007-01-06T22:38]

• Section: Advantages of object-capabilities
  • No such thing as ambient authority (explain what that is)
  • Only connectivity begets connectivity
  • Show the Granovetter diagram!
  • No fixed set of operations (read, write, etc.); everything is invocation
  • Section: Combining designation and authority
    • Solving Confused Deputy

• Section: Relationship to object-oriented programming
  • references are called "pointers"

• Section: Relationship to capability-based security
  • references are called "capabilities"
  • the term "capability"
  • object-capabilities versus password capabilities
  • explain distinctions as in Capability Myths Demolished

• Possible section: relationship to lambda calculus?

— Ka-Ping Yee 08:26, 6 January 2007 (UTC)

[edit] A few additional topics

• Synergy (can + can opener => contents)
• sealers/unsealers
• factory pattern
• membrane pattern (probably doesn't belong on front page)
• other systems to mention:
  • Joule [added 2007-01-06T22:38]
  • KeyKOS [added 2007-01-06T22:38]
  • Coyotos

— Dean Tribble 18:47, 6 January 2007 (UTC)

[edit] Concrete example

So far this page is pretty abstract. I think the first subsection after the introduction should give a practical example. — Ka-Ping Yee 23:59, 6 January 2007 (UTC)