Paul sez:
>Chip wrote:
>
>>Credentials, however, are not capabilities. A credential represents a claim
>>about a particular entity, and this claim cannot be made to apply to a
>>different entity, just as in the college diploma example cited above. Moreover,
>>I need to be able to present a credential to others in order for it to be of
>>any use to me, and this would make no sense if by the process of presenting a
>>credential to someone else they also acquired use of it. Presenting a
>>credential thus must be a procedure more like a public-key signature
>>verification than like a pointer pass. In presenting a credential I do not
>>transfer a power but merely prove some property about me to the entity I am
>>communicating with.
>
>This sounds to me like proof-carrying code.
>
>Any thoughts as to the costs/benefits/semantics of combining capabilities with
>proof-carrying code?
If I understand correctly what proof-carrying code is, it deals with the case where I give you some code to execute that carries with it some promise about what it will or won't do. This is a useful thing and is certainly a part of the computational world I would like to see us have. However, what I was talking about was the case where you and I are interacting only by message passing and you are trying to decide whether or not you want to pass me a pointer to some special power that you possess.