Domino capabilities are sometimes used for permission transfer. It is common to insert into a piece of mail an object reference (which is in fact one of these URLized capability thingies) to send a reference to a particular object to someone else. Just FYI, "thingies" is a technical term :-)
I think that the purist position in this list is resulting in some revisionism. There have been many many systems that have used hybrid protection mechanisms, wherein authority required both posession of a capability and *also* authorization via some other mechanism such as ACLs. That is, designs in which posession of a capability was necessary but not sufficient. In such systems, the descriptor held by the process is properly referred to as a capability; this has been the convention in the literature for the last 30 years. The system as a whole, however, is generally not considered a capability system.
Thus, the Domino URLs are in fact capabilities, whether or not Domino also uses an ACL system.
I never claimed that Domino was a capability system. I said that the encoding of capabilities in URLs in the style that Droplets encodes capabilities had been done before in Domino. Whether Domino uses ACLs or accomplished authority transfer using these capabilities is not germaine to whether they ARE capabilities.
The fact that the encoding has been done before doesn't detract any from Droplets. It merely falsifies the minor claim that Droplets is the first system to encode capabilities this way.
Actually, the association with Domino may be a good thing for Droplets. Not every aspect of Domino is beloved by its users, but the object encoding seems to work reliably.
Jonathan S. Shapiro, Ph. D.
Research Staff Member
IBM T.J. Watson Research Center
Email: shapj@us.ibm.com
Phone: +1 914 784 7085 (Tieline: 863)
Fax: +1 914 784 7595