Ask HN: Suggestions for a Capability Based Security rebranding push?

10 points

3 years ago

It's obvious to me that we need a completely new set of words to describe capability based security[1]. Even here on HN, every time it comes up, people assume they know what it is from smartphones and "apps".

--- Explaining it here to cut off tangents

A capability is like a $5 bill.... a stand alone one time access to resources. You can't accidentally give away your house, or drain your bank account when you hand someone that single piece of cotton bond paper. It doesn't require trusting the recipient.

We have no equivalent in Linux, Mac, Windows, etc. Genode might get there soon, and GNU Hurd was supposed to get there in the 1980s.

We need a simple and easy way to run code we never, ever want to trust with a file or folder of our choosing, as users, at run-time, as easily as the wallet example above.

My hope currently is pinned on WebAssembly and WASI[2], which actually implements capabilities correctly (for now, let's hope they can resist calls to make it "developer friendly" or "more efficient", etc.)

See [3] for a way to use WebAssembly/WASI to run x86_64 Linux binaries in the browse.

--- Call for action

What new/different words could we use, to refer to capabilities based security?

[1] https://en.wikipedia.org/wiki/Capability-based_security

[2] https://en.wikipedia.org/wiki/WebAssembly#WASI

[3] https://news.ycombinator.com/item?id=34367767

13 comments