[cap-talk] Objects and Facets

Toby Murray toby.murray at dsto.defence.gov.au
Sun Aug 6 22:58:43 EDT 2006 

Charles Landau wrote:

>This definition of facet in terms of an object interface raises the 
>question, what is an object?
>
>Neal and many others associate an object with some state. Consider 
>then a stateless capability such as the Discrim key in KeyKOS 
>(http://www.cis.upenn.edu/~KeyKOS/agorics/KeyKos/Gnosis/43.html#discrim) 
>and EROS (http://www.eros-os.org/devel/ObRef/kernel/Discrim.html). 
>Does it refer to an object?
>  
>
[As a side note to the above]

The Discrim key is an interesting implementation detail of both KeyKOS 
and EROS. From my understanding of its function, the Discrim key is used 
to enable introspection on other capabilities.

Because EROS and KeyKOS represent this notion using another capability 
type, I can see how Discrim could be conceived as a rather strange sort 
of object. Other systems have avoided this sort of strangeness by not 
representing this same notion as a capability, which doesn't confuse the 
debate about "what is an object".
 
For example, the Password-Capability System from Monash, included the 
notion of "system permissions" that correspond to globally defined 
"system operations". My understanding of these operations is that they 
have an unambiguous interpretation and tend to refer to operations that 
are performed on the capability itself, rather than on the object to 
which the capability refers. They included the DERIVE operation that was 
used to derive a less poweful capability from the capability that was 
invoked. In a modern implementation, I expect one would have system 
permissions such as GET_TYPE and EQ and that the Discrim operations 
could be implemented as system operations.

Of course, this introduces its own confusions because we could now 
debate about the semantics of an invocation on a capability, rather than 
the semantics of an object. It is interesting to contrast the various 
ways of representing this notion in different capability operating 
systems though.


-- 
Toby Murray
Advanced Computer Capabilities Group
Information Networks Division
DSTO, Australia

IMPORTANT: This e-mail remains the property of the Australian Defence
Organisation and is subject to the jurisdiction of section 70 of the
Crimes Act 1914. If you have received this e-mail in error, you are
requested to contact the sender and delete the e-mail.

More information about the cap-talk mailing list