On 8/11/07, <b class="gmail_sendername">Mark Miller</b> <<a href="mailto:erights@gmail.com">erights@gmail.com</a>> wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Suggestion: Would anyone like to start a capability history page at<br>wikipedia, or at least <<a href="http://wiki.erights.org">http://wiki.erights.org</a>>? Then we'd have a<br>place to accumulate refinements like the observations below.
</blockquote><div><br>Wikipedia would be a much better place. I'll start one when I'm back at my computer tomorrow if it's not already up.<br><br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
> I think that the FCP system (Flat Concurrent Prolog, by Udi Shapiro and the<br>> Weizmann Institute) was a capability-based system.<br><br>As a programming language, FCP is indeed an ocap system. But the Logix ...
<br>...did realize and utilize the ocap nature of FCP. But I'm not sure. I<br>don't remember the name of the company.</blockquote><div><br>Ubiq. <br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
> Janus and other<br>> concurrent constraint systems by Vijay Saraswat in the FCP tradition were<br>> also capability systems.<br><br>> 1986: Vulcan Project - Ken Kahn (and MarkM and me and others) @ Xerox PARC
<br>> An actor language layered on FCP.<br><br>Janus, Vulcan, and all the other variants that emerged from the Vulcan<br>project were true ocap systems.<br><br>> Joule started in 1988 or early 1989.<br><br>That's about right, but I don't know precisely when Joule started.
</blockquote><div><br>I'll dig up my notes. Since it inspired the Xanadu promise system, it was before that :) <br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
> ToonTalk, by Ken Kahn, is actually a capability system, in spite of being a<br>> programming environment for children. I think it started around 1994.<br><br>Again, I don't know precisely when it started, but that seems right.
<br>Everything else you say is correct.<br></blockquote><div><br>Is Ken on the list? Ken? <br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
> 1994: Corbamite - Agorics/SunLabs<br>> This was a C++ system vaguely related to Corba, but using capabilities. The<br>> actual network security enforcement was never implemented, but the<br>> components were all designed following that approach. It was the second
<br>> attempt to apply Joule insights to a sequential programming system (Promises<br>> in Xanadu was the first), and contributed a lot to later E designs.<br><br>This went by several names, of which Corbamite was one of the shortest
<br>lived. When I refer back to this project, I say "WebMart", by which I</blockquote><div><br>Interesting. I think of them as separate projects :). I think that's because the name, technology, and applications changed at the same time, even though the approach was roughly the same.
<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">include both the C++/Tclio incarnation and the later Java-based<br>incarnation. Only the earlier incarnation did local language caps
<br>(Tclio was sorta a capability taming of Tcl). The latter's Java was<br>coded as if we had something like Joe-E, which we never did, so really<br>it was only a distributed cap system. Except...</blockquote><div><br>
The additional Joe-E rules help wiht additional security and reliability issues, but the design of all the underlying abstractions (e.g., for bidding, money, etc.) followed ocap principles and had ocap advantages because it adhered to those rules (
e.g., a cheating program could not steal money from a component that followed the rules). There was also some ocap work to enable secure cooperation among independent applets.<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
All of the above projects created a captp-like layer which would have<br>given distributed cap security *if* it were layered on a vattp-like<br>link encryption layer. The first system in this family to actually do<br>the hard and crucial work to integrate the crypto was Original-E at
<br>Electric Communities, thanks to the heroic crypto work of Bill Frantz.<br>Because of export controls, the distributed security of open source E<br>was separately due to the heroic work of Tyler Close (living on<br>Anguilla at the time).
</blockquote><div><br>All that sounds right. For the point of view of listing ocap projects and systems, however, I think it qualifies. These systems were consciously designed following and developing new ocap patterns, and layered on systems such that the security assumptions and gaps were reasonably well understood. The network enforcement used admonition (you will be fired if you cheat) but that too has its place.
<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">> 1995: GuardOS - Agorics<br>> This is/was a KeyKOS derivative for Sparc and eventually other platforms.
<br>> It got to the point of emulating enough Solaris to host Java and let us<br>> experiment with running Agorics' Java applications on it.<br><br>You and others on this list know much more about this one than I do.
<br><br>As we've seen from earlier discussions on cap-talk, persistence was<br>also a frequent blind spot of ocap efforts. WebMart, Toontalk, and<br>GuardOS had it. I'm not sure which of the others above did.</blockquote>
<div><br></div></div>That doesn't make them not ocap efforts. Joule was working towards persistence when Java blindsided it :).<br><br>Oh. Is Waterken on the list? <br>