[cap-talk] Re: OS security discussion, restricted access
processes, etc. - DCCS
jed at nersc.gov
Thu Apr 29 16:43:14 EDT 2004
At 11:39 AM 4/29/2004, Charles Landau wrote:
>R.e. DCCS as first proposed distributed capability protocol:
>I also didn't then, and still don't, know of any earlier work on this. If
>there were any I think I would have run across it. It's probable that Norm
>(or even I) envisioned distributing capabilities this way earlier, but we
>didn't work out the scheme for collapsing multiple indirections, and we
I'm not sure if the date might be significant to anybody, but the first
publication on this topic was an LLNL report:
J. E. Donnelley, "DCAS" - A Distributed Capability Access System, Lawrence
Livermore Laboratory Report UCID-16903, August 1975.
that was substantively identical to the later DCCS publication:
J. E. Donnelley, A Distributed Capability Computing System, Proceedings of
the Third International Conference on Computer Communication, August 1976,
Since that first LLL report was my first publication I'm sure it took me
some months to get it published. When did you leave LLNL to go work for
Timeshare Charlie? Wasn't it in about that time frame (1975)? I know you
and I certainly discussed the DCCS (e.g. with regard to the problems
passing some RATS capabilities, like file capabilities, that couldn't be
emulated with Slave capabilities). Was that discussion after you left
LLNL? I'm a little surprised you weren't a co-author on the DCCS paper.
Norm, when did you start work on capability based systems? I'd be
interested to hear the story of how you and Charlie started working
together on such systems. Perhaps outside this list.
I do know that at the time I started thinking about that network sharing
mechanism for capabilities I was not aware of any previous thoughts along
those lines. For me at the time it was a "brain storm" that occupied some
long nights for a few days until I had worked out all the issues that I
thought were relevant.
I wonder if the Mach folks were the first to implement something like that
network sharing of descriptor based capabilities? I wonder if they
actually did fully implement the mechanism they described? (e.g.:
Of course at LLNL we did complete our NTLSS implementation:
of sharing capabilities (as data) across a network. That system was
running in a limited form by about 1980. However, it didn't go into
regular production service (with all the attendant support for backward
compatibility with LTSS - thanks Norm) at LLNL until about 1985. I'm sure
the capabilities as descriptors folks consider that implementation trivial,
not to mention inadequate. Still, I'd be interested to get more
information about network capability sharing implementations of any sort.
For the information of anybody who happened to read the DCCS paper, when it
refers to "An Implementation Note":
"The DCCS mechanisms defined in this paper are currently being implemented
on a CCS-like system  for use as an experimental protocol on the ARPA
computer network ."
They weren't implemented (over RATS as we intended - important RATS
capabilities couldn't be so shared and there was no funding to modify
RATS), though there was an ARPAnet RFC (712) issued on the topic - and:
"The DCCS protocol will also form the basis for a gateway between the ARPA
network and the Energy Research and Development Agency's CTR network ."
It wasn't so used. An entirely different mechanism was used. Overly
optimistic ;-) The enthusiasm of youth.
I'm particularly curious to know about any 'modern' implementations of
mechanisms to share descriptor or data based capabilities across a network
- e.g. to compare them with earlier concepts and to see how they
compare. Might anybody have any pointers? Might there be any sort of
index of such concepts and/or implementations? If not I might take some
time to work on such an index.
More information about the cap-talk