> I was struck by the similarity of capabilities and the
> on-the-wire format for RPC calls (where there is an
> OID, and method ID, and arguments). Is this similarity
> purely superficial, or could an RPC-call be though of
> as invoking a capability?
Since a capability can be thought of as an object reference bundled with access rights, then certainly an RPC call can be thought of similarly. To give a concrete example, a URI can be, and in fact often is, an RPC invocation of a software object: a CGI script, a Java Servlet... a good example of the latter can be found in Waterken, Inc.'s Cistern product. See <http://www.waterken.com> and try out the "Beach Sex" demo, in which URLs are indeed capabilities, albeit without confinement.
> Obviously, the intent of the two is quite different...
It is? I'm not sure I understand how: the intent of both is to provide access to computational services. The only significant difference that I see is that with traditional RPC, security is an "external" consideration, whereas with capabilities there's an "intrinsic" security model (although as always, it's worth pointing out that in the capability model, if you have a capability, you have it, and that's that. The crucial question is: how did you come by that capability?)
> but it seems like capabilities could add a lot to
> RPC and distributed object systems in general.
I think it's fair to say that a distributed capability system *is* a distributed object system. Certainly the E platform (<http://www.erights.org>) is. Mark Miller's paper for the Financial Cryptography conference (FC '00) does an excellent job of framing a number of concepts--Object Programming, Capabilities, Public Key Infrastructure, Multi-Player Games, and Digital Financial Instruments--in terms of a single (and simple!) visual construct called the Fundamental Diagram, which, interestingly enough, apparently derives from the world of sociology. I urge you to read Mark's paper if you haven't already, then play with the Beach Sex demo at <http://www.waterken.com>, then download and play with the current release of E at <http://www.erights.org>. I think that doing these things will help to reinforce your already-right-on-the-money intuitions, and then suggest ways in which to expand those intuitions--a process that I'm going through myself at the moment.
It's all very exciting, isn't it?
-- Please reply to <mailto:email@example.com> using PGP. My public key can be found at <http://pgpkeys.mit.edu:11371>. PGP can be found at <http://web.mit.edu/network/pgp.html>. Beginning 11/1/1999, unenciphered e-mail will be immediately deleted unread. Thank you.