Ian Bicking: the old part of his blog


Jim: There was a good, ad-hoc roundtable discussion at PyCon DC 2003 about capabilities, in which Ka-Ping Yee participated (drove, really :-) ) to help get other people up to speed on the basic notions. I think your hopes about seeing capabilities in Python are definitely justified.

A google search for "python capabilities" yields several meaty threads from python-dev and the like, as well.

Ian: To follow up on Jim's comments, capabilities are a very powerful mechanism for managing access to resources (whether the resources are objects, methods, what have you). It's not clear that you can make them completely safe within Python right now if you allow arbitrary code execution (hence the removal of the restricted execution tools), but if you're controlling the code side of things, and you're mainly looking for internal mechanisms of managing access, take a look.

You should also check out EROS, a capabilities-based operating system. There are many good design notes and background papers on capabilities-based security there.
Comment on Security Models
by Tripp Lilley


thx for good solution :>

# WeReL