# [cap-talk] password capabilities & object capability model?

zooko zooko at zooko.com
Tue Aug 19 17:46:06 CDT 2008

I recently submitted the final version of this paper on Tahoe LAFS:

http://allmydata.org/~zooko/lafs.pdf

In an earlier draft, I had this text:

"""

Tahoe uses the \textit{capability access control model}
a capability is a short string of bits which uniquely identifies one
file or directory.  Knowledge of that identifier is necessary and
strings must be short enough to be convenient to store and transmit,
but must are long enough that they are unguessable (this requires them
to be at least 96 bits).

Such an access scheme is known as capabilities as keys'' or
cryptographic capabilities'' \cite{miller:demolished}.  (This is in
contrast to a related scheme, object capabilities''
\cite{RobustComposition}.) This approach allows fine-grained and
dynamic sharing of files or directories.

"""

For the final version I had to squeeze the text, so I removed the
parenthetical mention of object capabilities.