Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Capabilities based Operating Systems will replace containers. WASM is a stepping stone to help the world better impedance match them conceptually.

If someone tacks on file system access to WASM, the whole system becomes worthless.



A while back someone claimed to me that WASI was structured as capabilities. True/false?


True

  WASI Design Principles

  Capability-based security
  WASI is designed with capability-based security principles, using the facilities provided by the Wasm component model. All access to external resources is provided by capabilities.

  There are two kinds of capabilities:

  Handles, defined in the component-model type system, dynamically identify and provide access to resources. They are unforgeable, meaning there's no way for an instance to acquire access to a handle other than to have another instance explicitly pass one to it.

  Link-time capabilities, which are functions which require no handle arguments, are used sparingly, in situations where it's not necessary to identify more than one instance of a resource at runtime. Link-time capabilities are interposable, so they are still refusable in a capability-based security sense.

  WASI has no ambient authorities, meaning that there are no global namespaces at runtime, and no global functions at link time.
Source: https://github.com/WebAssembly/WASI/blob/main/README.md




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: