[cap-talk] Cap OS question
Toby Murray
toby.murray at comlab.ox.ac.uk
Mon Aug 3 03:42:48 EDT 2009
2009/8/2 Charles Landau <clandau at macslab.com>:
> Ben Kloosterman wrote:
>> I was considering whether the capability should also have
>> methods to match the method on the named object.
>
> A capability is a reference to an object. It is not an object itself,
> and doesn't have methods.
Ben, I would suggest having a look at the E and Joe-E languages.
These are "object-capability" languages, meaning that they are
object-based languages (similar to e.g. Java or C#) but that the rules
for how object references can propgate within an application
correspond to the rules for how capabilities can propagate in a
capability-based system like e.g. EROS.
Joe-E is interesting because it is based on Java. More precisely, it's
a subset of Java. Joe-E code is ordinary java code but some parts of
the standard Java language are outlawed like mutable static members of
classes. Also, the rules for accessing most of the Java standard
libraries are altered so that arbitrary objects can't e.g. open an
arbitrary File ala new File("/home/user/secrets.txt").
You might consider adopting Sam's suggestion that you allow any object
reference in C# to be a capability that simply refers to the object
being referenced. You might need to outlaw some of the C# features in
the way that Joe-E does for Java in order to ensure that the rules for
how object references propagate match the rules for
capability-propagation.
More info about Joe-E can be found here http://code.google.com/p/joe-e/
More info about E can be found at http://www.erights.org
Feel free to keep asking questions on this list.
Cheers
Toby
More information about the cap-talk
mailing list