[cap-talk] Re: "capabilities" as data vs. as descriptors - OS
security discussion, restricted access processes, etc.
iang at systemics.com
Thu May 6 15:04:12 EDT 2004
David Hopwood wrote:
> I have to ask: why is another definition of capabilities needed?
> Aren't the definitions in
> - Paradigm Regained <http://www.erights.org/talks/asian03/index.html>,
That paper seems to define *a* model of object
capabilities. For capabilities itself, it seems
to refer to DVH.
> - the "Ode" <http://www.erights.org/elib/capability/ode/index.html>,
Can you point to the definition of capabilities
in that paper? The impression I get from reading
that paper is that anyone who understands what
capabilities are will understand very well what
the paper is talking about. But, to someone
coming in from the cold, there is a feeling of
too much inner knowledge needed.
> - or on the C2 wiki <http://c2.com/cgi/wiki?CapabilitySecurityModel>,
All I could see there was:
"A capability is similar to an object reference in
ObjectOrientedProgramming, an actor name (or mailbox)
in the ActorsModel, or a closure in the LambdaCalculus
(with local state), provided that any deviations from
pure object, actor, or lambda calculus computation
That's not a definition, that's a reference to
> This is not meant as a criticism: it would be really useful to know why
> "the capabilities people (them) and the nym people (us) haven't really
> seen eye to eye on the lucidity of each other's documentation."
I can't get much of a picture reading the above
papers. I can't sink my teeth into the words
that come out. I can't sit down and build it.
(I've actually read them a few times each, I
Jed's definition was clear, simple and something
that I know that your average programmer could
deal with. Those papers mentioned above are for
academics who are prepared to start at DVH and
then read every paper thereafter 3 times. I'm
stuck in the world of average programmers,
That's for my part, but I know that others in
the caps world have felt the same about us. At
least, the criticism that I raise is often
levelled against my writings.
More information about the cap-talk