[cap-talk] Capability begginer questions
Jed Donnelley
jed at nersc.gov
Wed Oct 3 19:32:15 EDT 2007
On 10/3/2007 3:33 PM, Stiegler, Marc D wrote:
> Your cap-like references are useful, but they probably don't quite
> qualify as capabilities in that, for it to be a capability, it should
> probably be delivering an authority that the recipient can only get by
> receiving such a capability. In C++, everything already has all the
> authority it can eat. Your cap-like references are delivering authority
> that the recipients already have ambiently. So they are useful for
> modular OO design, but not for object-cap work.
>
> --marcs
>
>> -----Original Message-----
>> From: cap-talk-bounces at mail.eros-os.org
>> [mailto:cap-talk-bounces at mail.eros-os.org] On Behalf Of Rob Meijer
>> Sent: Wednesday, October 03, 2007 7:09 AM
>> To: General discussions concerning capability systems.
>> Subject: Re: [cap-talk] Capability begginer questions
>>
>> On Wed, October 3, 2007 15:24, Kevin Reid wrote:
...
>> I've been using function objects as such in C++, but never
>> really considered them to be true capabilities, but maybe they are?
The raison d'être for capabilities is that they convey as
communicated parameters both designation and authorization.
To meaningfully do so it seems necessary to have a
domain boundary (separate authorities) between the
communicating entities. Unfortunately this doesn't
exist between C++ objects - one of the (main?)
justifications for the object/capability "safe" languages
like E and the Java subset Joe-E.
--Jed http://www.webstart.com/jed/
More information about the cap-talk
mailing list