[cap-talk] Derivative rights

ross mcginnis ross_mcginnis at hotmail.com
Mon Feb 4 22:25:38 EST 2008

> Date: Mon, 4 Feb 2008 18:30:48 -0800
> From: jed at nersc.gov
> To: cap-talk at mail.eros-os.org
> Subject: Re: [cap-talk] Derivative rights
> On 2/4/2008 5:43 PM, David Hopwood wrote:
>> ross mcginnis wrote:
> ...
>>> This is the crux of the matter. To me it
>>> appears that *any* reference is a cap.
>> 'To be sure I was!' Humpty Dumpty said gaily...
> Heh. If it's a token that is intended to be
> unforgeable and:
> 1. It grants access to something via an "invocation"
> operation, and
> 2. It can be communicated in messages that result
> from "invocation"s
> then I would say it qualifies as a "capability"
> Of course one of the points of the "object capability"
> term is that this notion is very similar to that
> of an object reference in an object oriented
> language.
> A vital aspect of a capability is that both the
> designation (what sorts of access operations the
> capability provides) and the authority to carry
> out those operations are bundled into a single
> "token" that can be communicated in a capability
> enabled message.
> Now perhaps we should consider references that
> aren't capabilities:
> 1. A pointer in C isn't a capability because
> it can be forged (in C).
> 2. mysystem:/etc/shadow isn't a capability
> because it isn't bundled with the authority
> to operate on the designated object.
> 3. This:
> https://wiki.nersc.gov/bin/view
> isn't a capability because it isn't bundled with
> the authority to operate on it (e.g. read or write)

I believe that I could challenge you on most of these points, but I shall just concentrate on point 3) since this is very relevant to my previous argument:

You are saying the https://wiki.nersc.gov/bin/view isn't a cap because it doesn't bundle authority to read or write. I agree completely with you here, BUT: it does bundle me an authority- the derived authority to *attempt* to read/write (In fact I just did attempt it- it came up with dialog box asking me for username and password).  The fact that I couldn't read or write doesn't mean that couldn't attempt to read or write.  The attempt is a definite and distinct right that I have and can exercise at will.


Overpaid or Underpaid? Check our comprehensive Salary Centre

More information about the cap-talk mailing list