[cap-talk] Capability begginer questions

James A. Donald jamesd at echeque.com
Tue Oct 2 22:26:45 EDT 2007


Matheus Morais wrote:
 > 1 - A short question about the terminology. The
 > correct translation for capabilitie in portuguese is
 > 'potencialidade' which means 'quality of the
 > potential'. Books like Operating Systems Design and
 > Implementation for example, treat capabilitie as
 > 'capacidade' which stands for 'quality to satisfaction
 > some end; qualification'. First I started to use
 > 'potencialidade' because is the correct translation
 > for the word capabilite, after read carefully a
 > portuguese dictionary I decided to change that for
 > 'capacidade' but I'm still lost about what is the best
 > translation for the word capabilitie. Should I keep
 > with 'capacidade' on documentation or change again to
 > 'potencialidade'?

Capability based systems are not in wide use, are more
imagined than real.  Thus terminology cannot be
definitive yet.

Some of the opinions on this list are in inappropriately
confident in stating facts about a technology that is as
yet largely nonexistent, and whose past implementations
have failed.

The great insight for creating secure systems is that
user actions *should* be authorizations, as many user
actions as possible - that more trusted modules should
continually harvest from the user's actions information
about what less trusted modules should be permitted to
do.  This concept is the key to dealing with the storm
of attacks that trouble us today. Capabilities are a
technology that assists in architecting systems that do
this.



More information about the cap-talk mailing list