Archive of UserLand's first discussion group, started October 5, 1998.
Trusted vs. Untrusted Sites
Author: Paul Snively Posted: 8/20/1999; 12:53:43 PM Topic: Today's scriptingNews Outline Msg #: 9740 (In response to 9735) Prev/Next: 9739 / 9741
Jakob,Your points are very well-taken, and in fact there's a subculture within the computer security culture that deals almost exclusively with issues surrounding allowing interaction among mututally untrustworthy parties.
The general concept is known as "capability-based security," where a "capability" is essentially an object reference coupled with strong digital signatures and crypto technology--but that's an oversimplification; see the following references for details.
Some truly fascinating Java-based language-and-runtime support for the ideas can be found at <http://www.erights.org>.
An OS-level implementation of the ideas can be found at <http://www.eros-os.org>.
A college course "Future of Computing" final exam that asks pertinent questions that can be answered with the ideas (among others) can be found at <http://www.skyhunter.com/marcs/finalexam.html>.
I think we need to quit waving our hands every time the issue of "trust on the net" comes up and start taking advantage of the fact that there's a large body of research and development, particularly from the strong crypto community, that we can bring to bear on the subject.
Paul Snively
<mailto:psnively@earthlink.net>
This page was archived on 6/13/2001; 4:52:01 PM.
© Copyright 1998-2001 UserLand Software, Inc.