[cap-talk] Selling capabilities programming
Marcus Brinkmann
marcus.brinkmann at ruhr-uni-bochum.de
Thu Jul 26 09:58:07 EDT 2007
At Thu, 26 Jul 2007 04:51:48 -0000,
"Karp, Alan H" <alan.karp at hp.com> wrote:
>
> Shap wrote:
> > > >
> > > > At boot time there should be no capabilities, and
> > > > capabilities created during operation should always have
> > > > inherent limits on their session lifetimes - each
> > > > capability should be associated with a program instance
> > > > and incapable of enduring when the program is closed.
> > > >
> > > I'm not sure this description is complete. I start Word
> > and pass it r/w
> > > capabilities to a document and a spreadsheet. Word then launches a
> > > process running Excel, passing it the capability to the
> > spreadsheet. I
> > > then close Word. According to your explanation, Excel will lose its
> > > rights to the spreadsheet. That can't be right. What did I miss?
> >
> > This question reveals a fairly fundamental point that Marcus Brinkmann
> > made in passing earlier: should capabilities pass by "copy" (i.e. the
> > received capability is co-temporal) or by "map" (received
> > capability is
> > destroyed when the send capability is destroyed).
>
> But James is talking about capabilities as data, so there is no place to
> stand to implement this distinction.
I don't think that's quite correct. Usually either semantic can be
emulated with the other. To emulate map semantics in a copy model,
you create a wrapper process for each capability.
Thanks,
Marcus
More information about the cap-talk
mailing list