From: Tyler Close <>
Replying To: Karp, Alan <>
Date: Wed, 4 Dec 2002 19:49:35 -0400
Subject: Re: [e-lang] "Capability Myths Demolished" (was: Software securi ty workshop)

On Wednesday 04 December 2002 18:51, Karp, Alan wrote:
> Tyler Close wrote:
> > Given this mechanism, you can implement all the functionality of
> > the Granovetter diagram.  How can you draw a line between the
> > Dennis and Van Horn system and E?
> As described in Dennis and van Horn, a capability contains an identifier
> for a segment (resource) and a set of rights.  A c-list is a set of handles
> to these capabilities.  The permissions are explicitly listed in the
> capability and are interpreted on access to the resource.

I'll have to re-read, but I believe these permissions are for
memory segments, not for protected procedures.  In the case of
memory segments, you can think of these permissions as equivalent
to the method names available on a memory segment object. alan_karp

In the case of protected procedure capabilities, the capabilities
are remarkably similar to E capabilities,  right down to the use of
a vtable-like structure for entry point selection. alan_karp

> My understanding
> of an E-capability is that it is an identifier to a facet of a resource,
> identical to an object handle.  The permissions are implicit in the facet
> being identified.  No interpetation of rights is needed; either the facet
> has the method, or it doesn't.  That's why in my paper I list
> E-capabilities as different from what I call traditional capabilities.

This is the same for protected procedure capabilities in the
Dennis & Van Horn system.  E-capabilities should not be listed as
different. They are not different, and listing a difference can
only create more false impressions. alan_karp



Thank you *very* much for the URL for the Dennis & Van Horn paper. 
I wish all this stuff was easy to get at. Maybe there would be
less confusion. alan_karp
e-lang mailing list