[cap-talk] Re: OS security discussion, restricted access processes, etc. - DCCS

[Jed Donnelley]

At 11:39 AM 4/29/2004, Charles Landau wrote:
>R.e. DCCS as first proposed distributed capability protocol:
>
>I also didn't then, and still don't, know of any earlier work on this. If 
>there were any I think I would have run across it. It's probable that Norm 
>(or even I) envisioned distributing capabilities this way earlier, but we 
>didn't work out the scheme for collapsing multiple indirections, and we 
>didn't publish.

I'm not sure if the date might be significant to anybody, but the first 
publication on this topic was an LLNL report:

J. E. Donnelley, "DCAS" - A Distributed Capability Access System, Lawrence 
Livermore Laboratory Report UCID-16903, August 1975.

that was substantively identical to the later DCCS publication:

J. E. Donnelley, A Distributed Capability Computing System, Proceedings of 
the Third International Conference on Computer Communication, August 1976, 
pp. 432-440.
http://www.webstart.com/jed/papers/DCCS/

Since that first LLL report was my first publication I'm sure it took me 
some months to get it published.  When did you leave LLNL to go work for 
Timeshare Charlie?  Wasn't it in about that time frame (1975)?  I know you 
and I certainly discussed the DCCS (e.g. with regard to the problems 
passing some RATS capabilities, like file capabilities, that couldn't be 
emulated with Slave capabilities).  Was that discussion after you left 
LLNL?  I'm a little surprised you weren't a co-author on the DCCS paper.

Norm, when did you start work on capability based systems?  I'd be 
interested to hear the story of how you and Charlie started working 
together on such systems.  Perhaps outside this list.

I do know that at the time I started thinking about that network sharing 
mechanism for capabilities I was not aware of any previous thoughts along 
those lines.  For me at the time it was a "brain storm" that occupied some 
long nights for a few days until I had worked out all the issues that I 
thought were relevant.

I wonder if the Mach folks were the first to implement something like that 
network sharing of descriptor based capabilities?  I wonder if they 
actually did fully implement the mechanism they described?  (e.g.:

ftp://ftp.cs.cmu.edu/project/mach/doc/unpublished/netmsgserver.ps
from:
http://www-2.cs.cmu.edu/afs/cs/project/mach/public/www/doc/publications.html

Of course at LLNL we did complete our NTLSS implementation:

http://www.webstart.com/jed/papers/Components/

of sharing capabilities (as data) across a network.  That system was 
running in a limited form by about 1980.  However, it didn't go into 
regular production service (with all the attendant support for backward 
compatibility with LTSS - thanks Norm) at LLNL until about 1985. I'm sure 
the capabilities as descriptors folks consider that implementation trivial, 
not to mention inadequate.  Still, I'd be interested to get more 
information about network capability sharing implementations of any sort.

For the information of anybody who happened to read the DCCS paper, when it 
refers to "An Implementation Note":

"The DCCS mechanisms defined in this paper are currently being implemented 
on a CCS-like system [4] for use as an experimental protocol on the ARPA 
computer network [9]."

They weren't implemented (over RATS as we intended - important RATS 
capabilities couldn't be so shared and there was no funding to modify 
RATS), though there was an ARPAnet RFC (712) issued on the topic - and:

"The DCCS protocol will also form the basis for a gateway between the ARPA 
network and the Energy Research and Development Agency's CTR network [10]."

It wasn't so used.  An entirely different mechanism was used.  Overly 
optimistic ;-)  The enthusiasm of youth.

I'm particularly curious to know about any 'modern' implementations of 
mechanisms to share descriptor or data based capabilities across a network 
- e.g. to compare them with earlier concepts and to see how they 
compare.  Might anybody have any pointers?  Might there be any sort of 
index of such concepts and/or implementations?  If not I might take some 
time to work on such an index.

--Jed http://www.nersc.gov/~jed/