[cap-talk] In defense of Object Capabilities (was: Non-Delegatable Authorities in Capability Systems)
Jonathan S. Shapiro
shap at eros-os.com
Sat Dec 22 22:07:34 EST 2007
On Sat, 2007-12-22 at 00:15 -0800, Mark Miller wrote:
> On Dec 19, 2007 12:08 PM, Jed Donnelley <jed at nersc.gov> wrote:
> > Try to imagine non-delegatable objects in
> > a language like Joe-e. I believe you simply
> > can't do it.
>
> Jed, they are not doing "non-delegatable objects" or permissions. They
> are doing non-delegatable *authority*.
Taking off my cloak of invisibility, I reviewed this paper for JCS. Toby
and Duncan no doubt figured that out for themselves from my comments,
and I don't believe in blind reviews in any case.
I had some mixed feelings as a reviewer, partly because I expected that
people would mis-read the paper in exactly the way Jed did (and, for
that matter, the way *I* did my first time through).
I think that the paper is important, because it is yet another nail in
the coffin of "things capabilities cannot do".
shap
More information about the cap-talk
mailing list