Has Oz Come Up in This Forum?

Mark S. Miller markm@caplet.com
Fri, 21 Jan 2000 15:22:05 -0800 

At 01:13 PM 1/19/00 , Paul Snively wrote:
>Folks,
>
>Has anyone here looked at Oz? <http://www.mozart-oz.org>
>
> >From their introduction:
>
>"In a distributed environment Oz provides language security. That is, all 
>language entities are created and passed explicitly. An application cannot 
>forge references nor access references that have not been explicitly given 
>to it. The underlying representation of the language entities is 
>inaccessible to the programmer. This is a consequence of having an abstract 
>store and lexical scoping. Along with first-class procedures, these 
>concepts are essential to implement a capability-based security policy, 
>which is important in open distributed computing."
>
>This sure sounds like Trusty Scheme or E to me.

Oz does indeed look very interesting.  It seems to share these properties 
with E by virtue of common ancestry.  Oz is at least closely related to Flat 
Concurrent Prolog, and probably derived from it.  As shown on 
http://www.erights.org/history/index.html , Concurrent Prolog, Actors, and 
KeyKOS all have capability nature, and together begat Joule.  Most of the 
important formal properties of E, especially capability security, are 
inherited directly from Joule.

The paper "Language Design and Open Systems" by Ken Kahn and myself (in The 
Ecology of Computation, 1988) explain why Concurrent Prolog & Actors have 
capability-nature.  Curiously, Concurrent Prolog was not conceived with 
security in mind, but as with the purer lambda languages, capability nature 
was a fortuitous consequence of the formalism.  Vulcan is Joule's unshown 
ancestor.  It first brought together Concurrent Prolog & Actors.  ("Vulcan 
== Logical Actors".  Get it?)  Vulcan, Joule, and Trusty Scheme were the 
first languages explicitly designed to satisfy the requirements set out in 
that paper.

In any case, I skimmed their web site and couldn't find the introduction you 
quote above, or anything else on capability security.  Although they do 
distributed programming, I didn't see anything to indicate they are doing 
cryptographically-based distributed capabilities.  If not, then their above 
paragraph would not hold between mutually suspicious machines.

>Anyone know more about the Mozart environment and/or the Oz language?

Well, I know someone who knows more...

Ken, could you clarify?  Also, please feel free to forward to the Mozart 
folks you know.  Thanks.


         Cheers,
         --MarkM