Torge Husfeldt jean-jacques.gelee@gmx.de writes:

I'd like to hear from every effort that has been made recently in this direction, any active projects or any thoughts you have on this topic.

Yes, I'm very interested in this. I'll get more interested when squeak networking seems more solid (with the next Flow release I imagine).

I work on a zope(python)-based wiki which supports embedded scripting. In the extreme (preferred :) case this means anonymously-editable server-side code which gets executed at every page view.

This sounds dangerous, but I think the most pressing risks have been alleviated in an interesting way by zope's security model. In fact the latter evolved into it's present form to address the former. It sounds like the issues explored here might be of interest to you.

-Simon

A lot of documentation on capability-based security, which these systems often base on, can be found at www.erights.org, which describes the E language. IMHO, it's a must read if you're interested in these topics.

I've done some work on building sandboxes *inside* a Sqeak image, based on capabilities. I got the basic system working, but never got a practical system going. Specifically, I had a very good sandbox, but didn't write wrappers for very many useful facilities. I did get a bouncing atoms morph working once, albeit very slowly.

Unfortunately, Sqeak has shifted and my stuff doesn't file in any longer. I keep meaning to get it working again, but it's been over a year now, and there never seems to be enough time. Since there is suddenly so much interest on this topic on the list, I'll post the writeup and the changesets just so people can see them, even though it's not immediately useful right now.

http://minnow.cc.gatech.edu/squeak/2074

The writeup, at least, may give people some ideas. It seems to me that, once you latch on to the basic idea that an object is a privilage, all other problems can be solved directly, without much imagination. Perhaps others will agree.

-Lex