My apologies for getting into this thread so late. The SOSP deadline has been
driving me very hard.
I have two thoughts to add. Perhaps they may not be helpful.
First, after a while working on formal stuff around capabilities, I have
(name, access rights)
or
(name, operation)
pair is not the best description. I have not yet found good words to describe
what I want, but here is a description.
A capability is a pair of the form
(name to thing of type X, some thinning of the signature of type X)
Alternatively, if you wish to consider it in lambda calculus terms, it is the
result of evaluating
(apply (lambda object (lambda method (lambda args ((apply method x)
args)))) some-object)
To really get that right I would need typed lambda calculus, but I hope
>> I guess in a distributed scheme, you could look at every lambda as an
>> anonymous capability?
>
>Assuming that the lambda expression somehow expressed access rights as well
>as functionality, yes.
All lambda expressions capture access rights, in the sense that they close over a set of operations performed by their bodies. The notion of "anonymous capability" doesn't work, though. You need a lambda expression that has bound its first argument (the object).
My second thought concerns the statement:
> if you have a capability, you have it, and that's that.
This is accurate, but sometimes misleading, because it suggests that you
actually have access to the object that the capability names. In some
> if you have a capability, you have what it ALLEGES, and that's that.
Jonathan S. Shapiro, Ph. D.
IBM T.J. Watson Research Center
Email: shapj@us.ibm.com
Phone: +1 914 784 7085 (Tieline: 863)
Fax: +1 914 784 7595