[cap-talk] Capability-based Projects - theory vs. practice

Jed Donnelley jed at nersc.gov
Thu Aug 2 14:59:24 EDT 2007 

Jonathan S. Shapiro wrote:
> Actually, I don't consider Mach a capability system either.
>
> One issue is that the unit named by descriptors in both systems is the
> server, not the object implemented by the server.
>
> On Thu, 2007-08-02 at 10:15 -0700, Mark Miller wrote:
>   
>> On 8/2/07, Jonathan S. Shapiro <shap at eros-os.com> wrote:
>>     
>>> Spring is not a capability system.
>>>       
>> Since the Spring folk seem to claim it is, it would be good to clarify
>> the matter. Could you elaborate? Thanks.
>>
>>     
Hmmm.  It's been a long time since I looked into this aspect of these
systems in detail, but as I recall this may (?) end up being more
a quantitative distinction than a qualitative distinction?

It's certainly true that Mach (and I believe DEMOS at least
falls into the same category, perhaps Chorus?) referred to
their protected objects as "port"s.  This suggests more of
a "network address" sort of use.  While one can imagine:

1.  Many objects being serviced through a single "port".
In the this case it seems that a request (invocation) would have
to contain 'designation' information that is either not protected
or is otherwise protected.  To me that would break the
object(capability) paradigm.

2.  One can also imagine using many 'ports' to the same
'server' to distinguish objects.  In this case it seems to
me the object(capability) model is intact.

I believe one could consider some systems such as
these object/capability systems in theory (case #2),
but perhaps not in practice (case #1)?  Of course one
could use any object in an object/capability system
as essentially a "port" and pass designation to it as
data.

Perhaps what is more important for such systems is
how they use their protected objects in practice.
I often use the file system as an important test case.
Does Mach (DEMOS, Chorus?) use separate "port"s
for each file or do they somehow use a smaller number
of ports and include designation information as data?

I'm sorry to say that I don't remember the answer to this
question for these systems and I don't have time at the
moment to investigate.  The answer to me would distinguish
between being capability systems in theory vs. in practice.

--Jed   http://www.webstart.com/jed/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20070802/5648d16b/attachment.html

More information about the cap-talk mailing list