[Cap-Talk] RE: Is there a capability RFC?

[Roland H. Alden]

> Can you define "capability" better, please? I don't follow 
> what you want it for.

Capabilities are one of the seminal building blocks of computer science,
dating back to the Cambridge Ring and Multics, if not even earlier. 

A capability is a hard-to-forge/tamperproof "pointer like" "token" which
provides the bearer with a certain set of rights ("capabilities") over a
resource. Some pioneering hardware architectures, like the Symbolics Lisp
Machine and Intel 432 actually gave memory pointers capability-like
characteristics (like read or execute only) and made them tamperproof and
unforgeable through hardware. The Cambridge Ring had a distributed file
system addressed by capabilities that were tamper resistant through early
cryptographic means (randomness). 

Capabilities can be interesting in certain security architectures because
they combine an access path with implicit (bearer) permission, and since
they offer indirection they can be revoked and expired. With today's
cryptographic science it is relatively easy to implement secure capabilities
in software and the application space of capabilities is certainly
wide/varied and interesting.