[cap-talk] Definition of a capability

David Hopwood david.nospam.hopwood at blueyonder.co.uk
Fri Dec 30 22:18:25 EST 2005


Jed at Webstart wrote:
> At 05:28 PM 12/5/2005, Karp, Alan H wrote:
> 
>> We have been saying that a capability combines designation with
>> authorization.  However, "Paradigm Regained" teaches us that permissions
>> are the rules as written down, while authorizations include the behavior
>> of other reachable objects.  A capability doesn't depend on the behavior
>> of any other object.  Hence, it seems more precise to say that a
>> capability combines designation with permission.
>>
>> Comments?
> 
> I agree completely.  After touching on that issue in an exchange with
> Mark M on a related topic I've been trying to be consistent in using the
> term "permission" when describing what a capability grants.

Yes. Specifically, what it grants is the permission to invoke (send a message
to) the designated object. In a pure object-capability system, that is exactly
and only the permission that it grants.

-- 
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>



More information about the cap-talk mailing list