From: "Jonathan S. Shapiro" <>
Replying To: Tyler Close <>
Date: 04 Dec 2002 15:58:50 -0500
Subject: Re: [e-lang] "Capability Myths Demolished" (was: Software security workshop)

On Wed, 2002-12-04 at 13:22, Tyler Close wrote:
> What are the names of these "C-lists-as-sets" systems? Were any of
> them in existence before Lampson's 1971 "Protection" paper?

The very earliest capability systems were segment-like systems. All
required selectors.  C-lists as sets was a mathematical modeling
simplification used by Lampson; it's not clear that he ever meant these
to really be used. The EROS confinement verification, for example,
similarly treats nodes as sets because treating them as maps complicated
the verification. markm

The POSIX capabilties API is definitely set based, as are Netscape's
"Java Capabilities". I'm not clear about split capabilities.  I don't
have time at the moment to search my files on other systems. markm

> I've only seen "C-list" as indexed list. I assume you are calling
> this a "C-list-as-maps".


e-lang mailing list