[cap-talk] Announcing "Analysing Object-Capability Security" Paper and Authodox v. 0.2.0
lists at notatla.org.uk
lists at notatla.org.uk
Thu May 29 17:09:18 CDT 2008
Toby Murray <toby.murray at comlab.ox.ac.uk> wrote:
> One assumption is that Fred is an object supporting the both read() and
> write() operations/methods. Any (direct) reference to Fred will thus be
> a {read, write} capability. ... A capability
> is just a reference to an object that allows you to invoke (all of) its
> methods. If you want a capability that allows invoking only a subset of
> the methods, you need to create a proxy (or /AttenuatingForwarder/ as
> the paper describes it) that forwards only that subset.
OK.
> [The OCap model is totally Mark Miller's creation, btw. Hopefully he'll
> chime in if I've messed up any of the above.]
So that only dates from ~2006 and is totally different from the work
in KeyKOS etc?
> Possibly. I was purposely trying to leave it ambiguous as to who might
> be creating these abstractions.
> While the text tends to suggest that Alice would create these
> abstractions since they serve her interest, this need not necessarily be
> the case. Alice and Bob might have signed a contract that governs the
> terms of their collaboration.
I don't think it does really - that was me reading into it background
info from this list.
Thanks for the clarifications.
More information about the cap-talk
mailing list