May 26th, 2004

eyes black and white

Capabilities vs Principals

I've just been pointed to an article by Kragen Sitaker: The Three Security Architectures. A bit simplistic, but an adequate problematic. With this in mind, we see that at the language level, strong typing is the correct, capabilities-based approach to security, whereas memory protection is the braindead, principals-based approach.

PS: also seen, Capability-based Financial Instruments.