[cap-talk] Object-Capability Patterns: An Historical Overview

[Jed Donnelley]

On 3/19/2008 3:56 PM, Toby Murray wrote:
> On Wed, 2008-03-19 at 15:12 +0000, Toby Murray wrote:
>> Hi cap-talk,
>>
>> I'm trying to gather together a list of common object-capability
>> patterns that have consistently reappeared in various object-capability
>> systems throughout the past few decades. 
> 
>> One goal here would be to archive this information on wiki.erights.org
>> in a sensible place. Once the list reaches a fixed-point, I'd be happy
>> to do that.
> 
> A rough first cut is now at
> http://wiki.erights.org/wiki/Object-Capability_patterns
> 
> PLEASE take a quick look to make sure that I haven't missed or
> miscredited anyone or any system here or included something where it
> otherwise shouldn't be.

Regarding the above patterns page, I think it would be helpful
to have a brief, modern, and comparable set of descriptions
for each of the patterns noted.  For example (if I have
the terminology right):
_____________
Membrane: A membrane is a pattern much like the Revocable
Forwarder except that any capability that would otherwise
pass "out" through one of the revocably forwarded
capabilities is itself transformed into a revocable
forwarder in such a way that the collection consisting
of the initial revocable capability and all such capabilities
derived from it can be revoked together via a common
mechanism (state change).

This membrane pattern is particularly useful for
"serializing" descriptor-based capabilities across
a network because without shared memory and mixed
trust it isn't possible to directly forward
descriptor-based capabilities across a network.
_______________

Perhaps it would be helpful to include reference
E implementations (collected capability algorithms?)?

--Jed  http://www.webstart.com/jed/