<< Previous << [Session1 Index] >> Next >>
Throughout this discussion we will treat all capabilities as base case capabilities, i.e., we will treat all object references as capabilities. With Java, this simple mapping of a capability as a reference can be made sufficient to handle all cases, as discussed later.
A key concept to wrap your mind around -- perhaps the key concept to wrap your mind around--to start thinking in the "Path Of True Security" is the concept of expressivity. You cannot tell someone to do something if you have no way of expressing the request. Capability Security frequently takes the form of never bothering to give the untrusted object the ability to express a dangerous request. If you get in the habit of thinking in terms of expressivity, you are over halfway to the goal of thinking in terms of capability.
Expressivity concepts allow you to get rid of "if" statements: if the object can't express an invalid request, you don't have to check to see whether or not it made the request. Because expressivity is so fundamental to capability-based thinking, we will look at a couple of examples.