From: David Wagner <>
Date: Tue, 3 Dec 2002 14:49:12 -0800 (PST)
Subject: [e-lang] "Capability Myths Demolished" (was: Software security workshop)

Tyler Close  wrote:
>The main point of confusion is the belief that Lampson's access
>matrix models both the ACL and capability systems. This is plainly
>false to anyone who understands capabilities and how a C-list is
>used. In the "Protection" paper, Lampson clearly demonstrates a
>misunderstanding of the C-list mechanism.

Is it a misunderstanding?  Or is this just a disagreement over the
definitions of the words? tyler 

There are two kinds of mechanisms that might have claim to the name
  Lampson-style capabilities: What you call a C-list.
  E-style capabilities: Things that combine both authorization
    and designation. tyler

I suspect you would like to reserve the term "capabilities" for E-style
capabilities only.   I, however, was taught that the word "capabilities"
encompasses both styles (or that it refers to Lampson's notion).  I think
this is also the way the term is used in the majority of the computer
security community. tyler shap

One could have a battle royale over who gets to choose the definition of
the word "capability".  However, I'm not sure that this is productive. 
I suspect it's too late to change what most people think of when they
think of the word "capabilities". tyler

Therefore, my conclusion is that it would be more effective to pick a new
term for E-style capabilities,  and then focus on arguing the advantages
of E-style capabilities. ping tyler

(Yes, I know it probably pains you to give up the word "capabilities". 
It also pains me that the word "hackers" has come to refer to criminals,
not to clever folks who thought out of the box.  Nonetheless, that battle
has already been lost, and I just have to live with it and move on.) tyler
e-lang mailing list