|
|
Re: [ANNOUNCE] Introducing Codezero: msg#00026l4-hurd-gnu
On Wed, Jul 29, 2009 at 6:30 AM, Sam Mason <sam@xxxxxxxxxxxxx> wrote:
What Sam is saying here -- but didn't actually state -- is that your definition of "object based" doesn't agree with the rest of the field. There is nothing wrong with the concept you are describing, but you should find a more appropriate name for it.
> But getting back to capabilities, in my understanding a capability is
> just a structure that describes a resource as well as the security > permissions on it and its owner. No, a capability is *only* an unforgeable reference to an object. A capability is a *protected* structure that designates (names) a resource and specifies a signature of operations (methods) on that resource that may be invoked through that capability. It is common for the storage of that method signature to be implemented by permission bits, and in the early literature capabilities were characterized as "designation plus permissions". The definition I'm giving is more consistent with modern semantic theory.
But the protected part is important. In order to be a capability it must be non-forgeable. In order to achieve some of the behavioral properties that we often associate with capability systems, it must not merely be encrypted bits. The reason is that we want to be able to constrain the propagation of capabilities, and if they are just bits then we really can't do that.
shap
|
|
||||||||||||||||||||||||
| News | Mail Home | sitemap | FAQ | advertise |