From: Tyler Close <>
Replying To: Mark Miller <>
Date: Wed, 4 Dec 2002 14:22:53 -0400
Subject: Re: [e-lang] "Capability Myths Demolished" (was: Software security workshop)

On Wednesday 04 December 2002 14:19, Mark Miller wrote:
> At 08:14 AM 12/4/2002 Wednesday, Jonathan S. Shapiro wrote:
> >One of
> >the key differences in various capability system designs is whether
> >C-lists are sets or maps. [...]
> >Either C-list model falls under the general heading of "capability
> >systems" in the existing literature.
> This seems like a good excuse for a distinction. A C-lists-as-set system is
> necessarily vulnerable to confused deputy. Lambda calculus demands
> C-lists-as-maps. If the paradigm "capability" includes C-lists-as-sets,
> then we do in fact need a new term, because the paradigm we're working in
> doesn't. So this distinction would support "lambda-capabilities" as a term.

What are the names of these "C-lists-as-sets" systems? Were any of
them in existence before Lampson's 1971 "Protection" paper? shap 

I've only seen "C-list" as indexed list. I assume you are calling
this a "C-list-as-maps". shap 

e-lang mailing list