From: Ben Laurie <>
Date: Thu, 05 Dec 2002 18:05:52 +0000
Subject: Re: [e-lang] "Capability Myths Demolished" (was: Software security workshop)

Jonathan S. Shapiro wrote:
> A C-list isn't a capability. It is a collection of capabilities. One of
> the key differences in various capability system designs is whether
> C-lists are sets or maps. In the "C-list as set" approach, possession of
> a capability is required (demonstrated by membership in the C-list), but
> operations do not explicitly designate the particular capability they
> are using. In some cases they may designate the C-list. This lends
> itself to a variety of bugs in code and some interesting ambiguities if
> multiple candidate authorities are present in the same C-list:
>   1. Which one should be used, or do we understand this
>      to mean the authority that is the union of the presently
>      held capabilities?

Surely this isn't a possible scenario for the kinds of capabilities EROS 
or E have? markm shap 




"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

e-lang mailing list