[cap-talk] [e-lang] A Taxonomy of Current Object-Cap Systems

Toby Murray toby.murray at comlab.ox.ac.uk
Thu Mar 5 04:33:37 EST 2009

On Thu, 2009-03-05 at 01:09 -0800, Jed Donnelley wrote:
> At 03:21 AM 3/4/2009, Toby Murray wrote:
> >..
> >The list omits caps-as-data systems in which objects can handle the bits
> >of a cap-as-data directly, such as the E sturdyref part and Webkeys.
> Just for my curiosity, why did you make the above choice?  It seems
> odd to me.  What does the implementation of the capability mechanism
> mean to you for the purposes of this taxonomy?

The choice was in pure self-interest. I expect to include the taxonomy
in an introductory chapter of my thesis at which point I'll be using it
to explain the wide diversity of current object-capability systems,
motivating the reader as to why they should care about this
object-capability idea.

I would be more than happy to include other systems on the list,
however, and then just put a subset of the total list in my thesis. 

> >Partitioned password-capability systems (like Annex) are, however,
> >included.
> Again, why?

Because they are object-capability systems as far as I'm concerned --
Mark Miller might quibble here so perhaps I should limit my comments to
the local (i.e. non-distributed) case in which the entire system shares
a common TCB. That keeps it squarely object-capability.

> Why not simply include all current capability systems? 

Because I'm focusing on object-capability systems only. Anything not
object-capability is not relevant to my thesis because my thesis is
about object-capability security, not capability-based security in
general (which is harder to define).



More information about the cap-talk mailing list