Re: comment on distributed capabilities from Jonathan Rees on 2010-02-16 (www-tag@w3.org from February 2010)

From: Jonathan Rees <jar@creativecommons.org>
Date: Tue, 16 Feb 2010 14:59:51 -0500
To: "Mark S. Miller" <erights@google.com>
Cc: noah_mendelsohn@us.ibm.com, www-tag@w3.org
Message-ID: <760bcb2a1002161159o74e500b7of6f39bd6a0b9492e@mail.gmail.com>

On Fri, Feb 12, 2010 at 10:08 PM, Mark S. Miller <erights@google.com> wrote:
> When it comes to matters of terminology and history, a certain amount of
> pedantry is called for. Please excuse any excess pedantry in the following
> clarifications.
> On Fri, Feb 12, 2010 at 7:14 AM, Jonathan Rees <jar@creativecommons.org>
> wrote:
>>
>> I wanted to recognize and address a point you raised on the call
>> yesterday, which is that "distributed capabilities" in the web-key
>> sense are not the same as "distributed capabilities" in the sense used
>> in some capability systems from the 1970s and 1980s. This is true. I
>> think you were referring to systems in which each node in the network
>> has a trusted capability kernel that all other nodes can trust.
>
> Hold on, what systems are we talking about? The first distributed cap system
> I am aware of, Jed Donnelley's DCCS from 1976
> <http://tools.ietf.org/html/rfc712>. DCCS, as well as Jed's 1979
> <http://www.webstart.com/jed/papers/Components/>, ...

Eden [1,2], 1981. If I understand correctly (you should know by now
how often I don't!), capabilities were 80 bits, and the same 80 bits
globally, but as in Lisp, just knowing the bits was not sufficient for
exercising the capability, the kernel also had to believe that you
"had" it (implemented by checking a capability list). Therefore all
the kernels had to trust one another to enforce this (sort of a
Granovetter property, yes?) - perhaps in part because of guessability,
in part because of confinement, and in part to enable garbage
collection. It's possible, given the year, that there was neither
authorization nor authentication at the kernel-to-kernel level - mere
connectivity may have been adequate. But not sure about that. Will try
to find out if you care...

You are right, 1981 was not in the 1970's; I stand corrected.

It sounds like we're all agreed to not apply the C-word to mere
unguessable strings. Glad we got that straightened out!

Jonathan

[1] behind paywall http://portal.acm.org/citation.cfm?id=1067627.806603
[2] behind paywall
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1701897&isnumber=35868

Received on Tuesday, 16 February 2010 20:00:25 UTC