OWASP Resource Securitization Language Project

=Main=



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.

OWASP Resource Securitization Language (R/E)
R/E is a version of E, an influential language to model/afford secure programming practices and designs, based on a Lisp E implementation. R/E uses a recent embedded Lisp dialect and is intrinsically oriented to modern (and "semantic") web patterns.

Description
The R/E (Resource Securitization Language) is envisioned as a modern adaptation of the E programming language and is intended to extend the Common Lisp implementation of E. E is one of the oldest "security" languages, as a language specifically designed for secure coding and to promote good security practices through language affordances. Originally implemented in Java, a Common Lisp version of E was developed (beginning 2008) by Kevin Reid (it should be noted that regardless of implementations in Lisp, E itself has a C-style syntax arguably easier for most programmers to use; however Common Lisp integration can support powerful Lisp-based extensions). The new R/E dialect is based on Clasp, a very recent Common Lisp implementation created by Christian Schafmeister of Temple University, which itself is based on Embedded Common Lisp and is designed for efficient embedding and integration with C++ applications and, in particular, with LLVM (a compiler and development toolkit whose initials originally stood for "Low Level Virtual Machine", which despite being officially obsolete is a good four-word summary). By being based on a Lisp intended for embedding, R/E as a dialect of E is suitable for embedded programming in which it integrates into applications primarily written in a different language: R/E can be used just for components which provide certain sensitive capabilities, like database and filesystem access (by fortuitous coincidence, the name Clasp is also used by the OWASP Comprehensive, Lightweight Application Security Process Project, and conceivably E-based code can be used to implement parts of CLASP-informed applications). Aside from using Clasp as a back-end, R/E is concerned to adapt Clasp to be easier to use as a cross-platform language environment and foundation for other languages. In particular, extending both Lisp and E implementations, R/E is based on a Semantic Networking or Semantic Web style compilation model which separates source-level syntax from canonical syntax, and uses Semantic Web compatible data structures to express pre- (or partly-) compiled code. This allows R/E components to be coded in extended (or alternate) syntaxes which may be more readily integrated into existing projects, based on the languages and data structures they favor. Semantic Network models of source code also allow for Semantic Web tools to gather and process information about code projects, documentation, requirements, and policies. In addition to the core language, this project will provide simple examples of a database, http client and server, and GUI integration that can be used for prototyping applications which may use R/E components. Finally, R/E will provide an OWL ontology (likely published in RDFa) to model the concepts relevant to creating, compiling, using, and evaluating R/E code and the components or applications which use it, with links as appropriate to other ontologies/taxonomies/vocabularies in the code security, privatization, and trust-description domains.

Licensing
Boost Software License (amended)


 * valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

Project Resources
This is where you can link to the key locations for project files, including setup programs, the source code repository, online documentation, a Wiki Home Page, threaded discussions about the project, and Issue Tracking system, etc.

Project Leader
[mailto:osrworkshops@gmail.com Nathaniel Christian]

Related Projects
This is where you can link to other OWASP Projects that are similar to yours.

Classifications

 * valign="top" style="padding-left:25px;width:200px;" |

News and Events
This is where you can provide project updates, links to any events like conference presentations, Project Leader interviews, case studies on successful project implementations, and articles written about your project.


 * }

=FAQs=

Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. The point of a document like this are the answers. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'

= Acknowledgements =

Volunteers
The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project. Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project. Be sure to provide a link to a complete list of all the amazing people in your project's community as well.

The first contributors to the project were:


 * [mailto:osrworkshops@gmail.com Nathaniel Christen]

= Road Map and Getting Involved =

Roadmap
The first priority is simply to port E-on-Common-Lisp to the embedded Clasp platform. Whereas E-on-Common-Lisp relies on the original (Java) version of E for some core functionality, R/E will completely replace these components with Lisp or C++ equivalents. In particular, the existing ANTLR-based parsing mechanism has been replaced by a Semantic-Network grammar engine which allows R/E code and components to be integrated with Semantic Web tools and concepts. With a new working E dialect in place, the next step is to ensure cross-platform consistency by solidifying the Clasp base itself (since Clasp in turn is a very new language, R/E is being built with/alongside a modified version that is easier to use in different contexts; for example, one which builds on 64-bit platforms). Finally, as outlined in the Additional Comments, R/E will provide sample components, expected to use the Qt and UnQLite libraries, demonstrating how the language may be used to provide components isolating sensitive capabilities, such as database/filesystem access and http networking, integrated into other projects. At this stage R/E will also provide a mechanism for developing alternate grammars that may be more suited for integrating into existing projects, as well as related Semantic Web resources such as an Ontology of R/E coding constructs and concerns; the R/E compiler will be guaranteed to compile any source whose internal representation conforms to the ontology, even if its surface syntax differs considerably from the E foundation. By way of illustration, R/E will provide a version of the language with a syntax adapted for ready integration into Lisp and/or C++ contexts.

Feedback
=Minimum Viable Product= R/E (the Resource Securitization Language) is a modern adaptation of the E programming language (one of the first and most influential languages specifically designed to address security concerns and "Capability-Oriented Programming"), intended to extend the Common Lisp implementation of E, by using a very recent embedded version of Common Lisp, called Clasp. R/E will be available in source code form and in the form of binaries for platforms for which Clasp itself is also available (or perhaps additional platforms as well, since R/E can be configured to use a simplified subset of Clasp/Lisp to focus on building components for sensitive capabilities like database, networking, and filesystem access, which are then embedded into application written in other languages).