[cap-talk] Wikipedia: Object-capability model
benl at google.com
Sat Jan 6 11:21:15 CST 2007
On 1/5/07, Ka-Ping Yee <cap-talk at zesty.ca> wrote:
> I think it's high time Wikipedia had an article entitled
> "Object-capability model". Here's what i think should go in the
> main definition of the term:
> - Objects access or designate other objects through unforgeable
> references (pointers).
> - Computation is performed by sending messages along these
> references to other objects.
> - One comes to have a reference to an object via (a) creation,
> (b) endowment, or (c) introduction.
> Is that enough for a precise definition?
I think you've missed a couple of points:
* Objects are opaque, apart from the "messages" that can be sent down them
* No globals with anything mutable in their transitive closure (I
think there are weaker [i.e. less restrictive] safe versions of this
but they're harder to check)
BTW, I'm not in love with the term "messages" since in many systems
these are really function calls.
> (The rest of the article, which i hope you will all help me write,
> can cite systems and papers and compare the specific meaning of
> "object-capability" to the usage of "capability" in security theory
> and the usage of "capability" in practice.)
This was essentially the thinking behind the (effectively dead through
inaction) capability book project. I think there's a much better
chance of it working the wikipedia way!
Perhaps I should dig out the list of essays people agreed to write for
that book and we can kick them until they do it for wikipedia :-)
More information about the cap-talk