[cap-talk] keeping discussion on cap-talk - network capabilities,
ben at algroup.co.uk
Thu Nov 4 17:37:29 EST 2004
Jed at Webstart wrote:
> Finally, with regard to Toby's:
>>> NOTE: this also means that any caps given to this process can't be
>>> (usefully) passed on, since they won't be usable to any other process
>>> (since keys are randomly generated by the system).
> and Ben's response:
>>The argument I would use,
>>then, is that the process doesn't, in this
>>case, have the capabilities, it merely has keys to them. This is exactly
>>how capabilities work in EROS.
>>So, this isn't really a "caps-as-data"
> I believe that the most useful way of using the term "capability" is as
> anything that grants the right to use a resource. The particular
> form and associated mechanisms used for communicating capabilities
> are part of the capability protocol - whether partitioned as in classical
> c-list systems, tagged architectures, or more open ended capabilities
> as data.
> How then can I interpret the above statement that a process "doesn't ...
> have the capabilities, it merely has keys to them."?
> Does it have the right to access the resource? If so
> then it has the "capability." If not, then not.
Indeed, I would agree with this. The distinction I was trying to draw
was whether it had capabilities as data or access to capabilities
through some other mechanism. I used the term "keys" to indicate that
what the process holds is a designator for the capability, interpretable
by the OS, and confined to the process (should the OS so choose).
> I hope I'm not isolating myself on a terminological
> limb. If there isn't general agreement on this point
> then it seems to me the whole notion of things like
> "password" capabilities or capabilities as data, etc.
> must be oxymorons to those who demand a more limited
> definition of the term "capability."
I was being imprecise. I thought it was obvious what I meant from the
context, but clearly I was wrong.
I think we all agree with the terminology. I certainly hope so!
ApacheCon! 13-17 November! http://www.apachecon.com/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
More information about the cap-talk