[cap-talk] SCOLL : A Language for Safe Capability Based Collaboration

Mark Miller markm at cs.jhu.edu
Tue Jul 19 18:26:02 EDT 2005

Yves Jaradin wrote:
> SCOLL : A Language for Safe Capability Based Collaboration 

This is very exciting! Some quick comments:

In the introductory material, you use the terms "mandatory" and
"discretionary" several times. What do you think these terms mean? As used by
the computer security literature, I don't think they mean anything coherent.
If you agree, then you should drop these terms from the paper.

Btw, if we use Saltzer & Schroeder's definition of "discretionary":

> Our discussion [...] rested on an unstated assumption: the principal that
> creates a file or other object in a computer system has unquestioned authority
> to authorize access to it by other principals. [...] We may characterize this
> control pattern as discretionary.

but substitute "subject" for "principal", then object-capabilities are clearly
*not* discretionary. I think your paper implies that they are.

What's the "LP Calculus"? It's mentioned for the first time on p7 with no

> The SCOLL language is a subset of the LP calculus extended with search.

Text by me above is hereby placed in the public domain


More information about the cap-talk mailing list