Rendered at 21:03:19 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
als0 23 hours ago [-]
Good work. I'm happy to see this for Redox. There are numerous implementations of capabilities now, and they confirm that the concept really does simplify access control and sandboxing.
ambicapter 20 hours ago [-]
Could I get some examples? I'm interested in learning more.
But the platform has used caps internally all along. Cloudflare makes heavy use of Cap'n Proto (https://capnproto.org/), a capability-based RPC protocol, and recently released Cap'n Web (https://capnweb.dev/), a JavaScript-oriented version of the same idea. The "Cap'n" in both is short for "Capabilities and". (Dynamic Workers sandboxing is based around Cap'n Web capabilities.)
Most successful sandboxes use capabilities, though it's not often something you hear about. Android's IPC system, Binder, is a capability system. And Chrome has a capability-based IPC system called "Mojo".
Implementations include seL4, Barrelfish, Google Fuchsia OS, Capsicum, and a slew of research systems too long to list. It's also worth checking out tangential things like the E programming language and Google's old Caja project.
The recently released Dynamic Workers directly provides an API for capability-based sandboxing: https://developers.cloudflare.com/dynamic-workers/usage/bind...
But the platform has used caps internally all along. Cloudflare makes heavy use of Cap'n Proto (https://capnproto.org/), a capability-based RPC protocol, and recently released Cap'n Web (https://capnweb.dev/), a JavaScript-oriented version of the same idea. The "Cap'n" in both is short for "Capabilities and". (Dynamic Workers sandboxing is based around Cap'n Web capabilities.)
Most successful sandboxes use capabilities, though it's not often something you hear about. Android's IPC system, Binder, is a capability system. And Chrome has a capability-based IPC system called "Mojo".
Capabilities really shine when used for sandboxing, but here's a blog post I wrote that tries to explain the benefits beyond sandboxing: https://blog.cloudflare.com/workers-environment-live-object-...
(I am the lead developer of Cloudflare Workers, and the creator of Cap'n Proto and Cap'n Web.)
https://files.spritely.institute/papers/spritely-core.html
https://github.com/kaniini/capsudo