From Objects To Capabilities
Brian Rice
water@tscnet.com
Fri, 23 Mar 2001 08:19:58 -0800
--============_-1226758096==_ma============
Content-Type: text/plain; charset="iso-8859-1" ; format="flowed"
Content-Transfer-Encoding: quoted-printable
> > Phil Nicola=EF wrote:
>>
>> Capability-based
>> Financial Instruments
>> http://www.erights.org/elib/capability/ode/index.html
>
>I would suggest looking at the EROS site for Shapiro's paper about
>capabilities in EROS which includes his proof that the EROS
>capability model supports "containment".
>http://www.eros-os.org/devel/00Devel.html
>
>Norman Hardy also has a (slightly disorganized) site about capabilities:
>http://www.cap-lore.com/CapTheory/index.html
>
>For distributed capabilities, the classic reference is Andrew S Tannenbaum'=
s
>"Using Sparse Capabilities in a Distributed Object System".
>http://citeseer.nj.nec.com/tanenbaum86using.html
>
>I really like capabilities. I use them for a distributed IPC system
>on Unix that I am working on. (albeit slowly)
>
>/ Johan@tiq.com
Not to downplay the significance of capabilities, I should mention
that Tunes is taking a different route (see
http://tunes.org/HLL/semantics.html under "Access Rights") for a very
important reason: Tunes is about semantics and higher-order reasoning
rather than strict enumeration or some such. There's a terrible state
of knowledge about this kind of thing in normal OS design because
normal OSes aren't written in languages that you can prove anything
remotely usable in. See the Secure Language (No-)Kernel documentation
(http://www.cs.cornell.edu/slk/), which is unfortunately based on
Java.
Basically playing Fare's role for him,
~
--============_-1226758096==_ma============
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!doctype html public "-//W3C//DTD W3 HTML//EN">
<html><head><style type=3D"text/css"><!--
blockquote, dl, ul, ol, li { margin-top: 0 ; margin-bottom: 0 }
--></style><title>Re: From Objects To
Capabilities</title></head><body>
<blockquote type=3D"cite" cite>> Phil Nicola=EF wrote:<br>
><br>
> Capability-based<br>
> Financial Instruments<br>
> http://www.erights.org/elib/capability/ode/index.html<br>
<br>
I would suggest looking at the EROS site for Shapiro's paper about<br>
capabilities in EROS which includes his proof that the EROS<br>
capability model supports "containment".<br>
http://www.eros-os.org/devel/00Devel.html<br>
<br>
Norman Hardy also has a (slightly disorganized) site about
capabilities:<br>
http://www.cap-lore.com/CapTheory/index.html<br>
<br>
=46or distributed capabilities, the classic reference is Andrew S
Tannenbaum's<br>
"Using Sparse Capabilities in a Distributed Object
System".<br>
http://citeseer.nj.nec.com/tanenbaum86using.html<br>
<br>
I really like capabilities. I use them for a distributed IPC
system<br>
on Unix that I am working on. (albeit slowly)<br>
</blockquote>
<blockquote type=3D"cite" cite>/ Johan@tiq.com</blockquote>
<div><br></div>
<div>Not to downplay the significance of capabilities, I should
mention that Tunes is taking a different route (see
http://tunes.org/HLL/semantics.html under "Access Rights")
for a very important reason: Tunes is about semantics and higher-order
reasoning rather than strict enumeration or some such. There's a
terrible state of knowledge about this kind of thing in normal OS
design because normal OSes aren't written in languages that you can
prove anything remotely usable in. See the Secure Language (No-)Kernel
documentation (<font
face=3D"Monaco">http://www.cs.cornell.edu/slk/</font>), which is
unfortunately based on Java.</div>
<div><br></div>
<div>Basically playing Fare's role for him,</div>
<div>~</div>
<div><br></div>
</body>
</html>
--============_-1226758096==_ma============--