From: "Jonathan S. Shapiro" <>
Replying To: Tyler Close <>
Date: 11 Dec 2002 10:57:43 -0500
Subject: Re: [e-lang] Naming Capability Systems

On Sun, 2002-12-08 at 20:11, Tyler Close wrote:
> Maybe it would help me undertand this if I could get a point of
> reference.  Is there a list of systems that you would classify as
> "ambient authority capability", where the authors claimed to be
> implementing "capability"?

Two come to mind. Neither is a capability system in the sense that the
literature has used the term.  In the context of this technical
discussion I will use the term "undesignated capabilities".

One is the netscape/java capability model.  This provides undesignated
capabilities based on the binary identity (determined by cryptographic
hash). While the usages of this to date have been relatively course,
they could in principle be made finer.

The second is POSIX Capabilities or VMS Privileges (i.e. via SETPRIV). 
Both implement what amount to mode bits that selectively enable broad
classes of operation. While both are exceptionally coarse grain, both
can be seen as a capability bolt-on in which capabilities are not

Neither of these systems fits the lampson model, the SW model, the
Dennis and van Horn definitions,  or the generally accepted sense of
capability systems established by the Chigago Magic Number machine or
the Cambridge CAP machine.

> I asked Jonathan this same question in different wording a few
> days ago. At that point it was decided that there are none worth
> considering. If that is still the case, then there is no
> "corruption" and you are not making a distinction, you are
> renaming.



e-lang mailing list