Has Oz Come Up in This Forum?
Mark S. Miller
Fri, 21 Jan 2000 15:22:05 -0800
At 01:13 PM 1/19/00 , Paul Snively wrote:
>Has anyone here looked at Oz? <http://www.mozart-oz.org>
> >From their introduction:
>"In a distributed environment Oz provides language security. That is, all
>language entities are created and passed explicitly. An application cannot
>forge references nor access references that have not been explicitly given
>to it. The underlying representation of the language entities is
>inaccessible to the programmer. This is a consequence of having an abstract
>store and lexical scoping. Along with first-class procedures, these
>concepts are essential to implement a capability-based security policy,
>which is important in open distributed computing."
>This sure sounds like Trusty Scheme or E to me.
Oz does indeed look very interesting. It seems to share these properties
with E by virtue of common ancestry. Oz is at least closely related to Flat
Concurrent Prolog, and probably derived from it. As shown on
http://www.erights.org/history/index.html , Concurrent Prolog, Actors, and
KeyKOS all have capability nature, and together begat Joule. Most of the
important formal properties of E, especially capability security, are
inherited directly from Joule.
The paper "Language Design and Open Systems" by Ken Kahn and myself (in The
Ecology of Computation, 1988) explain why Concurrent Prolog & Actors have
capability-nature. Curiously, Concurrent Prolog was not conceived with
security in mind, but as with the purer lambda languages, capability nature
was a fortuitous consequence of the formalism. Vulcan is Joule's unshown
ancestor. It first brought together Concurrent Prolog & Actors. ("Vulcan
== Logical Actors". Get it?) Vulcan, Joule, and Trusty Scheme were the
first languages explicitly designed to satisfy the requirements set out in
In any case, I skimmed their web site and couldn't find the introduction you
quote above, or anything else on capability security. Although they do
distributed programming, I didn't see anything to indicate they are doing
cryptographically-based distributed capabilities. If not, then their above
paragraph would not hold between mutually suspicious machines.
>Anyone know more about the Mozart environment and/or the Oz language?
Well, I know someone who knows more...
Ken, could you clarify? Also, please feel free to forward to the Mozart
folks you know. Thanks.