[cap-talk] Capability definition - What do we want?(was Framework)
Jed at Webstart
donnelley1 at webstart.com
Wed Mar 16 21:05:13 EST 2005
At 04:03 PM 3/16/2005, Nick Szabo wrote:
>If we want the language of network security, necessarily metaphorical,
>to be more clear, we should borrow these metaphors more explicitly and
>carefully. For example, we could map this legal definition of "right"
>as to network security as follows: "a claim enforceable by protocol
>against another that the other will or will not do a given act".
Hmmm. I believe the above definition differs from both common meaning
and generally used computer terminology (e.g. as a "file access right"),
so I don't think it helpful.
In terms of common meaning:
Right: an abstract idea of that which is due to a person...
When you receive a "right" something additional is now "due"
to you. That is, you have been further empowered, you have
additional "authority", etc.
>A capability or ACL is _not_ such a right, since said protocols do
>not force the grantor or anybody else to respond to an object invocation
>made via the capability or ACL.
Capabilities and entries on access lists both do convey additional
authority. I believe this common understanding of a "right" has
served us well. What I want to focus on is the ability to
*communicate* such rights - e.g. send them in messages.
I believe that any such mechanism acts essentially as a
traditional "capability" system does. I would therefore like
to use that term "capability" for the unit of "right" that is
communicated by any such mechanism.
Still, however the terminological wrangling ends up, if we
can at least define common (shared, standard, etc.)
means for communicating rights (YURLs or whatever,
whether called "capabilities" or now) then I will be
More information about the cap-talk