[cap-talk] Definition of a capability

David Hopwood david.nospam.hopwood at blueyonder.co.uk
Fri Dec 30 22:18:25 EST 2005

Jed at Webstart wrote:
> At 05:28 PM 12/5/2005, Karp, Alan H wrote:
>> We have been saying that a capability combines designation with
>> authorization.  However, "Paradigm Regained" teaches us that permissions
>> are the rules as written down, while authorizations include the behavior
>> of other reachable objects.  A capability doesn't depend on the behavior
>> of any other object.  Hence, it seems more precise to say that a
>> capability combines designation with permission.
>> Comments?
> I agree completely.  After touching on that issue in an exchange with
> Mark M on a related topic I've been trying to be consistent in using the
> term "permission" when describing what a capability grants.

Yes. Specifically, what it grants is the permission to invoke (send a message
to) the designated object. In a pure object-capability system, that is exactly
and only the permission that it grants.

David Hopwood <david.nospam.hopwood at blueyonder.co.uk>

More information about the cap-talk mailing list