[cap-talk] password capabilities & object capability model?

David-Sarah Hopwood david.hopwood at industrial-designers.co.uk
Tue Aug 19 11:41:55 CDT 2008

Rob Meijer wrote:
> I am writing a proposal article for a linux centered magazine on the
> subject of AppArmor & MinorFs and the access control model used and
> enabled by MinorFs.
> Currently I talk about MinorFs as a 'capability based' system.
> MinorFs in contrast with most recent capability based systems that
> advocate to be 'object capability' systems, uses password capabilities.
> I am not sure if the term object capability system is the general modern
> term for capability systems, or if password capability systems are
> excluded by this term.

An object-capability system supports authority confinement, which
requires that the only way to delegate authority is over capability
channels, not over data channels.

A capability system that represents capabilities as passwords that are
globally valid (i.e. can be passed as data between protection domains
and then used in the recipient domain) cannot support authority
confinement in this sense, and so it should not be called an
object-capability system.

David-Sarah Hopwood

More information about the cap-talk mailing list