Re: VSTa - First Impressions

> >CVS. I have had some limited experience with CVS and I agree with those who
> >suggested it's use for the management of the project source. Andrew said he
> >was going to do this, did it happen? (this is more a bit of curosity than
> >anything I guess).
>
> CVS (remote version) requires rsh access, which is incompatible with
> firewalls.

Even if we cant use the distributed version of CVS, CVS should still
be used. It does everything RCS does (it uses RCS, so this is easy :)
and then a whole lot more.
I imagine it wouldn't be hard to change the rsh interface to a messaging
interface. Since VSTa will eventually have a network-proxy for
message passing this should be suitable.

> >Is this an official term? I have seen Andy refer to this as "VSTa protection"
> >and such too. I read one of the Plan9 papers which didn't make any mention
> >of Capabilites (as far as I remember). Is this a Plan9 term? It seems that
> >especially in the VSTa white paper, "Capabilities" seems to be almost a proper
> >term for the VSTa system of security.
>
> Nope, this is unique to VSTa.

If you're refering to the term "capability", this is a common term.
I've run across it several times before running across VSTa.
In _Operating Systems - Design and Implementation_ A. Tanenbaum
talks about a 2-dimensional table where the rows specify domains of
execution and columns specify various objects. The entries in the
tables are the rights. He first covers ACL's which are column slices
of the table. Then:

        "The other way of slicing up the matrix... is by rows. When
  this method is used, associated with each process is a list of
  objects that may be accessed, along with an indication of which
  operations are permitted on each, in other words, its domain.
  This list is called a capability list, and the individual items
  on it are called capabilities." Section 5.5.3, page 293.

He also gives some references which are pretty old (1966, 1974).
There are other systems which use capabilities including the
MACH microkernel (port rights). I have never seen it used
in quite the way that VSTa implements them. I think VSTa's
approach is quite nice, it easily allows processes to make
up their own capability definitions and still use the standard
library routines to manipulate them. It also has a convenient
mechanism for giving away weaker versions of a capability and
an easy mechanism for disabling priveledges that one has.
I think this system *could* be used to make VSTa a very secure
system. (I emphasize "could" because the primitives are just
a tool, putting them to work is still a lot of work).

> Andy
Received on Fri Dec 9 22:38:35 1994