[cap-talk] membrane challenge - an Attack! - discussion

Karp, Alan H alan.karp at hp.com
Thu Nov 18 16:50:33 EST 2004

Jed Donnelley wrote:
> I'm struggling a bit with the seemingly e-speak specific terminology,
> but I think I understand the basic idea.  However, even with 
> that limited
> understanding the notion of the "copy binding" capability is a bit
> difficult for me.  Is "copy binding" essentially an access right for
> what you refer to as a "name frame" (sounds like a directory to me)?
> I'm also puzzled by the term "repository".  What is a "repository"?
Ignore what I wrote.  I was misremembering how we ended up doing things.
What I wrote is how we first described the process, but we discovered
that it doesn't work.  We ended up using a different mechanism.

In case you're interested, each logical machine had a core and a
repository (database).  Each e-speak resource had a repository entry.
The c-lists were bindings in name frames accessible by the clients.
Each entry in a name frame bound a name to a repository handle.  Using a
name to send a request resulted in the core using the handle to look up
the corresponding repository entry.  The core did a bunch of stuff,
including using a field in the entry to determine the recipient for the

This structure gave two ways to revoke a privilege.  One would be to
remove the binding from the name frame, assuming you had that capability
on that name frame.  The other would be to remove the repository entry.
The former is similar to the caretaker pattern.  The latter is analogous
to deleting the object.
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029

-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 433 bytes
Desc: Karp, Alan H.vcf
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20041118/1e2bd7ab/KarpAlanH.vcf

More information about the cap-talk mailing list