Archive of UserLand's first discussion group, started October 5, 1998.

Trusted vs. Untrusted Sites

Author:Paul Snively
Posted:8/20/1999; 12:53:43 PM
Topic:Today's scriptingNews Outline
Msg #:9740 (In response to 9735)
Prev/Next:9739 / 9741

Jakob,

Your points are very well-taken, and in fact there's a subculture within the computer security culture that deals almost exclusively with issues surrounding allowing interaction among mututally untrustworthy parties.

The general concept is known as "capability-based security," where a "capability" is essentially an object reference coupled with strong digital signatures and crypto technology--but that's an oversimplification; see the following references for details.

Some truly fascinating Java-based language-and-runtime support for the ideas can be found at <http://www.erights.org>.

An OS-level implementation of the ideas can be found at <http://www.eros-os.org>.

A college course "Future of Computing" final exam that asks pertinent questions that can be answered with the ideas (among others) can be found at <http://www.skyhunter.com/marcs/finalexam.html>.

I think we need to quit waving our hands every time the issue of "trust on the net" comes up and start taking advantage of the fact that there's a large body of research and development, particularly from the strong crypto community, that we can bring to bear on the subject.

Paul Snively
<mailto:psnively@earthlink.net>





This page was archived on 6/13/2001; 4:52:01 PM.

© Copyright 1998-2001 UserLand Software, Inc.