[cap-talk] Capability-based Projects - theory vs. practice
jed at nersc.gov
Thu Aug 2 14:59:24 EDT 2007
Jonathan S. Shapiro wrote:
> Actually, I don't consider Mach a capability system either.
> One issue is that the unit named by descriptors in both systems is the
> server, not the object implemented by the server.
> On Thu, 2007-08-02 at 10:15 -0700, Mark Miller wrote:
>> On 8/2/07, Jonathan S. Shapiro <shap at eros-os.com> wrote:
>>> Spring is not a capability system.
>> Since the Spring folk seem to claim it is, it would be good to clarify
>> the matter. Could you elaborate? Thanks.
Hmmm. It's been a long time since I looked into this aspect of these
systems in detail, but as I recall this may (?) end up being more
a quantitative distinction than a qualitative distinction?
It's certainly true that Mach (and I believe DEMOS at least
falls into the same category, perhaps Chorus?) referred to
their protected objects as "port"s. This suggests more of
a "network address" sort of use. While one can imagine:
1. Many objects being serviced through a single "port".
In the this case it seems that a request (invocation) would have
to contain 'designation' information that is either not protected
or is otherwise protected. To me that would break the
2. One can also imagine using many 'ports' to the same
'server' to distinguish objects. In this case it seems to
me the object(capability) model is intact.
I believe one could consider some systems such as
these object/capability systems in theory (case #2),
but perhaps not in practice (case #1)? Of course one
could use any object in an object/capability system
as essentially a "port" and pass designation to it as
Perhaps what is more important for such systems is
how they use their protected objects in practice.
I often use the file system as an important test case.
Does Mach (DEMOS, Chorus?) use separate "port"s
for each file or do they somehow use a smaller number
of ports and include designation information as data?
I'm sorry to say that I don't remember the answer to this
question for these systems and I don't have time at the
moment to investigate. The answer to me would distinguish
between being capability systems in theory vs. in practice.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cap-talk