[cap-talk] [e-lang] A Taxonomy of Current Object-Cap Systems
Toby Murray
toby.murray at comlab.ox.ac.uk
Thu Mar 5 04:33:37 EST 2009
On Thu, 2009-03-05 at 01:09 -0800, Jed Donnelley wrote:
> At 03:21 AM 3/4/2009, Toby Murray wrote:
> >..
> >The list omits caps-as-data systems in which objects can handle the bits
> >of a cap-as-data directly, such as the E sturdyref part and Webkeys.
>
> Just for my curiosity, why did you make the above choice? It seems
> odd to me. What does the implementation of the capability mechanism
> mean to you for the purposes of this taxonomy?
The choice was in pure self-interest. I expect to include the taxonomy
in an introductory chapter of my thesis at which point I'll be using it
to explain the wide diversity of current object-capability systems,
motivating the reader as to why they should care about this
object-capability idea.
I would be more than happy to include other systems on the list,
however, and then just put a subset of the total list in my thesis.
> >Partitioned password-capability systems (like Annex) are, however,
> >included.
>
> Again, why?
Because they are object-capability systems as far as I'm concerned --
Mark Miller might quibble here so perhaps I should limit my comments to
the local (i.e. non-distributed) case in which the entire system shares
a common TCB. That keeps it squarely object-capability.
> Why not simply include all current capability systems?
Because I'm focusing on object-capability systems only. Anything not
object-capability is not relevant to my thesis because my thesis is
about object-capability security, not capability-based security in
general (which is harder to define).
Cheers
Toby
More information about the cap-talk
mailing list