As described elsewhere, Evlan uses capability-based security to allow users to manage the permissions granted to individual programs. After learning how capability-based security works, you might be worried about the complexity it presents to the user. The user needs some way to manipulate a program's capabilities. But, if this manipulation is too difficult to perform, users will likely avoid it by just agreeing to default settings or even giving up on Evlan altogether. So, how do we avoid this? Allow me to present my answer, and then show you how my answer can be extended to allow some truly amazing possibilities.
Think about the processes of hooking up a VCR, and compare it to capability-based security. When you hook up your VCR to your TV, you are giving your VCR the capability to output video to your TV. When your hook up your VCR to your stereo, you are giving it the capability to output audio through your stereo.
Now imagine installing a program which plays videos. This program needs the capability to output video somewhere. So, you hook it up to your GUI. The program also needs the capability to output audio somewhere. So, you hook it up to your audio card driver.
These steps could be done as part of the installation process. The ideal way to represent it in a GUI would be through drag and drop. The installer will say "I need a video device and an audio device." Meanwhile, the Evlan system will provide a panel somewhere which contains draggable icons representing the main system GUI, the main audio device, etc. You then drag these components into the installer to "hook them up". Now you can play videos!
(Of course, to make the process easier, there should be a way to quickly assign the default system services. Since the installer will be controlled by the Evlan system, not by the program being installed, this will be safe.)
Having solved the original problem, let's look a little bit closer at the possibilities it presents.
Back to the VCR. Normally you would hook up a VCR to a TV and a stereo. But, sometimes you might want to hook it up to something else. For example, say you run a TV station and you want to broadcast your tape on the air. You would then hook the audio and video cables from your VCR to your broadcasting equipment. There is no need to purchase any sort of specialized VCR designed for broadcasting, because they all use the same types of cables (or capabilities).
OK, so now how do you get your video player program to broadcast over the internet? And here's where it gets really interesting: On modern operating systems, this is simply not possible. You can't make just any old video playing program output to an internet broadcast. You have to find special software to do it. The problem is, on modern operating systems, programs like video players just assume that they should use the system's default GUI and the system's default audio device.
Now, on a capability-based system, the program can't make such an assumption. The only way the program can get access to said devices is if you give it the capabilities. Meanwhile, other programs on your system can export their own capabilities. For example, you might have a piece of software which, given raw video and audio feeds, can broadcast them over the internet. This piece of software would export video and audio output capabilities, which you could then drag and drop into the installer of your video player program. Voilà, your video player now broadcasts to the internet.
Now, think of what we have done here. What would have required massive changes made to the source code of a piece of software on any other system required only a small change in configuration under Evlan. Granted, we still needed a separate program which handles broadcasts, but we were able to make the two programs interact trivially.
If you think about it, using techniques like this, many types of software could be assembled visually from smaller components. Want a VOIP program? Open a network connection, then hook it up to your audio device. This could easily be done visually. Want to add compression and encryption to that? Each could be added as an adapter placed between the audio device and the connection. All through drag-and-drop.
Once a system like this becomes reality, computers will become more powerful to the average user than they ever have been before. Most people can figure out how to hook up their VCR's. Eight-year-old kids can hook up VCR's. And they will be able to hook up their own custom broadcasting solutions and internet phones just as easily. Meanwhile, the real programmers can focus on much larger and more interesting problems.