[cap-talk] "Same" key
David Hopwood
david.nospam.hopwood at blueyonder.co.uk
Wed Feb 7 11:34:15 CST 2007
Jonathan S. Shapiro wrote:
> On Tue, 2007-02-06 at 18:44 -0800, Mark S. Miller wrote:
>>David Hopwood wrote:
>>
>>>Where is this "OS view" terminology coming from? I don't recognize it from
>>>the documentation associated with any particular capability OS.
>>
>>The terminological habits Shap keeps falling back into.
>
> Not so. The terminological habits that Shap has adopted (with the
> substitution of facet id for data byte) from the last 37 years of OS
> literature on capability systems, notably including Hydra,
In Hydra, objects are definitively *not* composites. They differ from the
obj-cap concept of an object only in having several access rights, rather
than just invocation.
<http://www.cs.virginia.edu/papers/p337-wulf.pdf>
> CAP,
CAP is similar to Hydra in this respect (although with some restrictions that
limit its support for abstraction, e.g. the fact that capabilities depend on
process-local structures and so cannot be passed easily between processes).
Its objects are segments and protected procedures. The latter may be facets
of a composite, but they are not composites.
<http://www.cs.washington.edu/homes/levy/capabook>
<http://www.cs.washington.edu/homes/levy/capabook/Chapter5.pdf>
> the papers on the Chicago Magic Number machine,
I'm not aware of this having used the term "object" at all. Section 3.4
of <http://www.cs.washington.edu/homes/levy/capabook/Chapter3.pdf> only
refers to "segments" and "process mailboxes".
> KeyKOS, and others.
On further investigation, the KeyKOS documentation does indeed appear to use
"object" to refer to composites (e.g. in
<http://www.cis.upenn.edu/~KeyKOS/agorics/KeyKos/principles/Keys.html>).
However, I don't think that this is sufficient for this usage to be considered
generally applicable to capability operating systems.
Note that "object" in the access control sense does not refer to a composite,
either. The access matrix model only considers direct permission to apply a
primitive operation on an object, and so composites are out of scope.
--
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>
More information about the cap-talk
mailing list