[cap-talk] A Taxonomy of Current Object-Cap Systems

Mark Miller erights at gmail.com
Thu Mar 5 17:24:15 EST 2009

On Thu, Mar 5, 2009 at 2:15 PM, Charles Landau <clandau at macslab.com> wrote:
> Mark Seaborn wrote:
>> Are you only considering pure capability systems?  Unix file
>> descriptors, and in particular Unix domain sockets could go on the
>> list.  The comparison would be useful, considering that sockets are
>> connection-based (unlike EROS/CapROS/Coyotos and typical
>> language-based objects) and often not message-based.
> I don't see the distinction. EROS/CapROS/Coyotos capabilities can be to
> objects that represent a session or connection.
> Rob Meijer wrote:
>> In my view UNIX domain sockets when used for IPC have all the properties
>> needed to be considered object capabilities.  IMHO to turn a multi process
>> application using UNIX domain sockets for IPC into an object capability
>> system, all what is needed is to take away everything that could be
>> considered to be ambient authority.
> AFAIK it's not possible to send a socket through a pipe. That would
> either disqualify them, or call for another taxon: whether capabilities
> can be sent in messages.

If a capability cannot be sent in a message, then the system isn't an
object-capability system. That's why I drew such attention to the
Granovetter diagram.

Text by me above is hereby placed in the public domain


More information about the cap-talk mailing list