Good work. I'm happy to see this for Redox. There are numerous implementations of capabilities now, and they confirm that the concept really does simplify access control and sandboxing.
Implementations include seL4, Barrelfish, Google Fuchsia OS, Capsicum, and a slew of research systems too long to list. It's also worth checking out tangential things like the E programming language and Google's old Caja project.
Good work. I'm happy to see this for Redox. There are numerous implementations of capabilities now, and they confirm that the concept really does simplify access control and sandboxing.
Could I get some examples? I'm interested in learning more.
Implementations include seL4, Barrelfish, Google Fuchsia OS, Capsicum, and a slew of research systems too long to list. It's also worth checking out tangential things like the E programming language and Google's old Caja project.
https://www.cl.cam.ac.uk/research/security/capsicum/
http://habitatchronicles.com/2017/05/what-are-capabilities/
https://files.spritely.institute/papers/spritely-core.html
Cloudflare's developer platform uses them. That's what their "bindings" are.
there's also capsudo by kaniini
https://github.com/kaniini/capsudo