What applications or services should I target for object-capabilities lobby?

Question

Object-capabilities are an amazing solution/paradigm to provide security, both flexibly and robustly. Ever since I discovered them and got to understand them, I'm bothered that there are pretty much no widely used tool using or providing them, and I'd like to lobby a bit for their adoption, possibly by either designing a system with them or porting a system to them.

As the Web is the platform to make newly produced applications easily visible and usable by numerous users, I'll probably go for a Web application. It also has the benefit that if I want to provide a service more than an easily deployed application, I don't have to worry about the programming language and tools I use, as long as they can answer HTTP requests (standalone server, CGI, FastCGI, whatever).

Now, one perfect fit for ocaps is some publication system, where you can edit and publish documents and use ocaps to restrict or delegate rights on the documents, and I'm already working on this. But are there other systems that would be an interesting target for an ocaps implementation? (because they are popular, because their security is praticularily a mess or a joke, because they would make a perfect match for ocaps, etc...)

That is, what web services do you use where you'd wish it could be more secure and could enable you to share more and delegate more or in an easier way than is currently possible?

Answer 1

Pretty much everything! I'd like to be able to send people a link to a particular Twitter update of mine, without letting them see all the Twitter updates. Similarly so for Facebook information, my emails, and on and on. I'd like to be able to write JavaScript to upload directly to twitter.com which will choose who gets to see a particular tweet or not depending on the contents - and for it to be safe for twitter to do this even in the face of maliciously written javascript being uploaded.

There is some good news on the whole obj-cap for the web thing. Mark Miller (who wrote a really outstanding thesis on object-capabilities and concurrency, I highly recommend it), is now at Google Research and is working on Caja which is an obj-cap constrained version of JavaScript which will allow exactly the sort of interactions you're looking for. To quickly quote the first paragraph of the Caja description:

Caja allows websites to safely embed DHTML web applications from third parties, and enables rich interaction between the embedding page and the embedded applications. It uses an object-capability security model to allow for a wide range of flexible security policies, so that the containing page can effectively control the embedded applications' use of user data and to allow gadgets to prevent interference between gadgets' UI elements.

Another interesting system using capabilities is Tahoe-LAFS, which is not really a web app but rather a distributed storage system that has a web API - I expect many useful things could be written using Tahoe as a backend, though.