[cap-talk] Concening entry "ambient authority" in Wikipedia

Mark Miller erights at gmail.com
Tue Jun 9 14:07:09 EDT 2009

On Tue, Jun 9, 2009 at 4:25 AM, Marcus
Brinkmann<marcus.brinkmann at ruhr-uni-bochum.de> wrote:
> So an object-capability system with capabilities that are widely held is not
> an object-capability system?

If authority bearing capabilities happen to be widely held, you may
still have an object-capability system.

If authority bearing capabilities are necessarily widely held, i.e.,
if A loading and instantiating code B cannot deny such capabilities to
B, then you don't have an object-capability system.

> That I can formulate the question this way
> already seems to preclude the answer in my favor.

Depends on which answer you favor ;).

> A close analysis will reveal that the situation is not so simple.  For
> example, the wikipedia page "Object-capability_model" cites Java global
> variables as a different way to access resources.  But in a capability system
> memory load/store instructions are *modeled* as messages to memory pages that
> are part of the processes page table, where the relevant capabilities are
> named implicitely through the architectures process model. [...]

Yes, the issue is indeed tricky. My first attempt to state the
object-capability model with some precision, in Paradigm Regained,
stated a model which did not preclude modeling Java as an
object-capability system whose globals were simply widely held
capabilities, just as you suggest. I fixed this in Chapter 10 of my
thesis, "The Loader", which remains perhaps the worst and most
confusing chapter in there. (This chapter also makes the connection
with virtualizability you suggest.) Help explaining this better would
be greatly appreciated.

I do not consider the wikipedia page to be accurate. Unfortunately, it
cites Paradigm Regained rather than my thesis. After my two attempts
at revising this citation were both anonymously reverted, I tired of
playing reversion wars and gave up. (Btw, I do not know the motivation
of these reversions, but I doubt it was anything hostile since the
reverted page does cite Paradigm Regained. Mysterious.)

Text by me above is hereby placed in the public domain


More information about the cap-talk mailing list