[cap-talk] "ACLs don't" paper rejected from Oakland 09
David-Sarah Hopwood
david.hopwood at industrial-designers.co.uk
Tue Feb 3 09:57:36 CST 2009
David-Sarah Hopwood wrote:
> Toby Murray wrote:
>> On Tue, 2009-02-03 at 13:18 +0000, David-Sarah Hopwood wrote:
>>> In any capability system, capabilities can be independently designated,
>>> regardless of whether the system is type-partitioned or whether it is
>>> an object-capability system.
>> Iguana and Mungi are counter-examples to this claim. See
>> http://archives.devshed.com/forums/development-94/pola-and-mungi-iguana-style-apis-520706.html
> [...]
>> This doesn't stop them being cap systems, unless you want to narrow the
>> definition of a cap system as well.
>
> I do. Considering them to be capability systems weakens the definition
> of a capability system too far. I suggest referring to systems in which
> permissions can be reified, but that don't follow the same rules as
> capability systems in how those permissions are designated and propagated,
> "reified permission systems". Capability systems would then be a subset
> of reified permission systems.
Rereading my original message in that thread:
<http://osdir.com/ml/capabilities.general/2005-05/msg00086.html>,
my position on Iguana and similar systems hasn't changed at all.
--
David-Sarah Hopwood ⚥
More information about the cap-talk
mailing list